About Us: The address of our website is: smert.ai. PRIVACY POLICY PURSUANT TO ART. 13 REG. 2016/679 EU This information, provided pursuant to Art. 13 of the European Regulation 679/2016 of the European Parliament and the Council, complies with the provisions of Legislative Decree 196/2003 of the Italian Republic, as amended by Legislative Decree 101/2018, and the Decision of the Guarantor for the Protection of Personal Data No. 229 of May 8, 2014. This version of the information is effective from the date of publication on the website, namely January 01, 2024.

WHO IS IT FOR? This information is addressed to individuals who will use the services provided by the smert.ai website, namely:

1. individuals browsing the website, even just for consultation;
2. individuals making a purchase from the site;
3. individuals making a purchase from the site, with concurrent registration;
4. individuals subscribing to the newsletter service;
5. individuals contacting smert.ai through the “contact us” form. In this information, they will be referred to as “Data Subjects.”

WHO PROCESSES THE DATA? The data controller for all processing carried out as a result of using the smert.ai website is Zixun China Advisor Limited. In the context of the processing covered by this information, the data controller can be contacted at the following address: hello@smert.ai. The data is physically processed by employees and/or collaborators and partners of the data controller, who have been previously instructed and authorized to process the data. To carry out the processing related to registration and orders placed through the smaert.ai website, the data controller uses the support and assistance of companies providing IT, advertising, commercial, and shipping services, which have been appointed as data processors.

WHAT DATA IS PROCESSED? For the management of services provided through the smert.ai website, the following data is processed:

• IP address, location, activity on the site, for browsing the site, even without registration and/or authentication;
• Name, Surname, Email, to get in touch with smert.ai;
• Name, Surname, Email, for registration in the newsletter service;
• Name, Surname, Tax Code, VAT number, Email, Full address, Phone number, for site registration;
• Name, Surname, Tax Code, VAT number, Email, Full address, Phone number, to make a purchase.

WHERE ARE THE DATA PROCESSED? The data collected through smert.ai will be processed by the data controller in Italy, at its headquarters and at its Italian branches. The data will be processed by the data processors at their offices and branches located in the territory of the European Union. In some cases, the personal data of the data subject might be processed on servers located in the territory of the United States of America, in accordance with the adequacy decision called “EU-U.S. Privacy Shield.”

HOW ARE THE DATA PROCESSED? The data is collected from the data subject by using cookies or by being submitted by the data subject through dedicated online forms for registration and/or order finalization or through the online contact form. Once acquired, the data of the data subject is stored digitally on the information systems of the data controller and/or its data processors. In the case of a purchase, the data may also be processed in analog form at the data controller’s headquarters and/or its data processors’ offices.

Content embedded from other websites: Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves exactly as if the visitor had visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

WHAT COOKIES COLLECT DATA? The smert.ai website uses technical cookies, which can be used without asking the data subject’s consent, as they are strictly necessary for the provision of the service. Additionally, profiling cookies from third parties may be used, and their use is subject to the data subject’s consent directly given to these third parties by accessing their cookie usage information. Profiling cookies can be used by the data controller or the cookie owner to store the choices made by the data subject, provide personalized or optimized features, or store their habits and preferences expressed during browsing. For example, profiling cookies can be used to offer online services, send advertising that takes into account the data subject’s interests, or prevent services from being offered that the data subject has previously refused. The smert.ai website uses the following cookies:

Authorization for the collection and storage of data through cookies can be revoked at any time. The data subject can disable the use of cookies through the specific settings options of different browsers or by changing their preferences directly on the cookie provider’s website.

• Microsoft Explorer
• Google Chrome
• Mozilla Firefox
• Apple Safari

FOR WHAT PURPOSES ARE THE DATA PROCESSED? The data collected by the data controller is used for the following purposes:

• Improve the use of the site and record statistics on its usage, as well as profile data subjects;
• Register and list the data subject on the smert.ai website;
• Fulfill obligations, including legal ones, arising from the contract signed by the data subject on the smert.ai website, as well as inform the data subject about the progress of the order and shipment;
• Send commercial communications regarding the activities and products/services offered by smert.ai;
• The data will also be processed through automated decision-making processes, such as profiling, to propose personalized commercial offers.

ON WHAT LEGAL BASIS ARE THE DATA PROCESSED? The data controller will process the personal data of the data subject only if at least one of the following conditions exists:

• The processing is necessary for the performance of a contract and/or for the performance of pre-contractual measures (purchase on the site);
• The processing is necessary to fulfill legal obligations provided for by Italian and/or European legislation (purchase on the site);
• The processing is based on the explicit consent of the data subject (browsing, site registration, newsletter subscription). In any case, it will always be possible to request the data controller to clarify the concrete legal basis for each processing and, in particular, to specify whether the processing is provided for by the contract, necessary to conclude a contract, or based on legal obligations. If the data subject revokes their consent to the processing, the data controller may continue the processing for obligations arising from the law and/or on the basis of its legitimate interest.

HOW ARE THE DATA PROTECTED? With the aim of ensuring the availability, integrity, and confidentiality of information, smert.ai has adopted specific security measures, both computer and paper, to protect information from the risk of loss or accidental destruction of stored data. In particular, measures for access control, credential management, modification restrictions, incremental backups, and intrusion prevention systems have been provided, both at the physical and computer levels.

IS IT MANDATORY TO PROVIDE THE DATA? Providing data by the data subject is mandatory to fulfill the data subject’s requests, i.e., registration, purchase, or contact request. Refusal to provide the data will make it impossible to provide the requested service, preventing the data subject from registering on the site, subscribing to the newsletter, making a purchase, and/or contacting smert.ai. Providing data collected through technical cookies is mandatory to proceed with site navigation, while it is optional for analytical and profiling cookies.

TO WHOM ARE THE DATA COMMUNICATED? The data collected and processed by the data controller may be communicated to public and private entities, in compliance with current regulations and obligations related to the contract.

HOW LONG ARE THE DATA PROCESSED? The data collected through the smert.ai website is stored and processed only for as long as the purposes for which it was collected persist, namely:

• In case of browsing, data is processed for the duration specified for each cookie;
• In case of registration on the site, until the data subject revokes consent to processing or requests cancellation from the service;
• In case of subscription to the newsletter service, until the data subject revokes consent to processing or requests cancellation from the service;
• In case of purchase, data related to the order will be processed for a period not exceeding 26 months from the date of execution and/or delivery of the order, while data related to billing will be processed for a period not exceeding 10 years from the date of purchase;
• In case of contact request, data will be processed until the request is fully processed, and in any case, for a period not exceeding 12 months. At the end of the period envisaged for each activity, the data will be destroyed or, possibly, anonymized for statistical purposes.

HOW ARE DATA SUBJECTS PROTECTED? The data subject can protect themselves and their personal data by exercising the rights provided by current European legislation by sending a request in a free form to the data controller. The data controller will respond as soon as possible, within one month of receiving the request, or in cases where additional time is needed to process the request, within a maximum of two months; in the latter case, the data controller will inform the data subject of the reasons for the delay. If the data controller considers that it does not need to comply with the request, it will communicate its refusal directly to the data subject within one month of receiving the request. In this case, the data subject can lodge a complaint with the Supervisory Authority of their country or resort to the Judicial Authority of their country. The exercise of the data subject’s rights is free, unless the requests are manifestly unfounded or repetitive: in this case, the data controller may charge a fee or refuse the request. The data subject can exercise their Right of Access, under Article 15 of Regulation 2016/679 EU, by sending a request to the data controller to obtain confirmation of whether there is (or is not) ongoing processing of data concerning them. Using the same methods, they can request to know: what data is processed and for what purposes; how long they are stored; if the data has been or will be communicated to other subjects, and possibly the identity of these subjects and the country where they are located, in addition to the existence of adequate guarantees for the transfer; the existence of the right to request rectification, limitation, or deletion of their data; the existence of the right to object to processing; the existence of the right to lodge a complaint with a Supervisory Authority; the existence of automated decision-making processes, including profiling, and the consequences of such processing. The data subject also has the right to receive a copy of their personal data undergoing processing for free, as long as this does not adversely affect the rights of other subjects; any additional copies requested may be issued upon payment of a fee. The data will be communicated in comma-separated values (.csv) format. If the data subject believes that the processing of their personal data is in violation of European Regulation 2016/679, they have the Right to lodge a complaint with the Supervisory Authority, under Article 77 of Regulation 2016/679 EU, choosing among the Supervisory Authorities of the Member State in which they reside, work, or in which the alleged violation occurred. In any case, the data subject can act to protect their rights by appealing to the Administrative and/or Judicial Authority of their country. The data subject can revoke consent to the processing of their data at any time, using the same methods by which they gave consent or by sending a communication to the data controller. Revoking consent will not affect processed data but will result in the interruption of ongoing processing and the destruction of the data subject’s data.