Social Media Rocks website by CosmicAsh Enterprises OÜ
(Registered number 14663000 ), whose registered office is at London, understands that how information about you is used and shared. We appreciate your trust in us to follow that carefully.
This policy explains how we may collect Personal Data about you. It also explains some of the security measures we take to protect your Personal Data and tells you certain things we will do and not do.
Some cookies are required to enjoy and use the full functionality of this website.
Sponsored links, affiliate tracking & commissions
Our website may contain adverts, sponsored and affiliate links on some pages. These are typically served through our advertising partners; Google AdSense, eBay Partner Network, Amazon Affiliates, or are self-served through our own means. We only use trusted advertising partners who each have high standards of user privacy and security. However we do not control the actual adverts seen / displayed by our advertising partners.
Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies on this website above. Your actions are usually recorded as a referral from our website by this cookie. We use advertising partners in these ways to help generate an income from the website, which allows us to continue our work and provide you with the valued services
If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.
Social Media Rocks GDPR COMPLIANCE STATEMENT
This statement represent the procedures Social Media Rocks undertakes to ensure GDPR compliance is observed to the greatest extent.
-What is GDPR?
From 25th May 2018, the GDPR brings all EU member states under a common regulatory framework.
Social Media Rocks takes GDPR compliance seriously, and we have extensively reviewed how and where we store any personal information and that any 3rd party software provider that we partner with is fully GDPR compliant.
This extensive review enables us to assure clients that GDPR best practices are strictly observed wherever possible, at all times.
a) Social Media Rocks relationship with you
Social Media Rocks is a service provider when you engage our services, we work for you, and if and when we create data, we create data exclusively for you.
To put this in the language of GDPR and the ICO:
You are the data controller – data belongs to you and is not shared with any other client, company or third party. No messaging is sent without your oversight.
We are the data processor – we work for you.
Does your marketing activity qualify?
Social Media Rocks services are designed and offered solely to help businesses promote to other businesses and their target audience via social media channels. I.e. B2B and B2C marketing.
b) Social profile URLs.
All social profile usernames and passwords can be connected directly by the client to our GDPR compliant Social media portal and where Social Media Rocks does require access directly to a client’s social accounts the information is either stored using encrypted software or it is securely stored on secure cloud servers. We ask for written consent (does the client fully understand why we require some personal information and what we will use it for?) at set-up.
c) Legitimate Interests
GDPR sets out a number of permissible circumstances (or categories) under which PII can be stored and processed, the most appropriate category in the case of Social Media Rocks is Legitimate Interests.
This link explains the Legitimate Interests basis for storing and processing PII:
d) LIA Failures
If Social Media Rocks determines that your planned social media activity does not meet the criteria for Legitimate Interests within the scope of GDPR then we cannot support the activity within any regions subject to GDPR.
e) Rights of Individuals
– Opting Out & Exclusion Lists
All recipients are able to opt out easily to prevent further email communication being received. – Subject Access Requests
All individuals have the right to request a copy of all data you hold on them. To support this you can email any SAR requests to email@example.com and we will return this data within 72 hours.
– Right to be Forgotten
All individuals have the right to have their data removed (to be ‘forgotten’) which is a request that can be carried out easily by your Social Media Rocks account manager. Your data belongs to you and you can choose to delete some or all of it at any time.
– PECR and sending of B2B messages
Whilst GDPR controls the storage and processing of personal data in the UK, sending messages is regulated under the Privacy and Electronic Communications Regulations (PECR). https://ico.org.uk/for-organisations/guide-to-pecr/electronic-and-telephone-marketing/electronic-mail-marketing/
f) Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
g) Non-UK regulations
Social Media Rocks website brought to you by CosmicAsh Enterprises OÜ (registered number 14663000)is a Estonian based company and operates under European law. Where the service is used to target countries outside of the EU we are unable to provide guidance or take responsibility for any additional or differing laws that may be in place.
h) Client responsibility
Whilst Social Media Rocks continues to take extensive measures to ensure best practice with respect to GDPR and PECR across all client activity, clients should take note that responsibility for compliance vests (in different forms) with all parties. Social Media Rocks cannot be abreast of the constantly evolving regulatory frameworks in all countries at all times, as such, it is important that you, as the client, have knowledge of your local regulatory climate and ensure your business operates within the relevant regulatory frameworks.
You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your personal information) if we intend to use your personal information for such purposes or if we intend to disclose your personal information to any third party for such purposes.
You can exercise your right to prevent such processing where applicable by checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that such websites have their own privacy policies and that we do not accept any responsibility or liability for such policies. Please check such policies before you submit any personal information to such websites.
Access to information:
The Data Protection Act 2018 gives you the right to access personal information held by us about you. Your right of access can be exercised in accordance with the Data Protection Act 2018. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the personal information we hold about you. You may also be asked to provide suitable evidence to prove your identity.