Social Media Rocks website by CosmicAsh Enterprises OÜ
(Registered number 14663000 ), whose registered office is at London, understands that how information about you is used and shared. We appreciate your trust in us to follow that carefully.

By browsing (‘the Website’) you are accepting and consenting to the practices described in this Privacy Policy. This website is brought to you by CosmicAsh Enterprises OÜ. At, we believe to protect your Personal Data (as defined in the Data Protection Act 1998) and we are committed to giving you a personalised service that meets your needs protecting your privacy.

This policy explains how we may collect Personal Data about you. It also explains some of the security measures we take to protect your Personal Data and tells you certain things we will do and not do.

Internet cookies

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options. Please click the link for more information.

Sponsored links, affiliate tracking & commissions

Our website may contain adverts, sponsored and affiliate links on some pages. These are typically served through our advertising partners; Google AdSense, eBay Partner Network, Amazon Affiliates, or are self-served through our own means. We only use trusted advertising partners who each have high standards of user privacy and security. However we do not control the actual adverts seen / displayed by our advertising partners.

Our ad partners may collect data and use cookies for ad personalisation and measurement. Where ad preferences are requested as ‘non-personalised’ cookies may still be used for frequency capping, aggregated ad reporting and to combat fraud and abuse.

Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies on this website above. Your actions are usually recorded as a referral from our website by this cookie. We use advertising partners in these ways to help generate an income from the website, which allows us to continue our work and provide you with the valued services

If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.

Email marketing messages & subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.

This statement represent the procedures Social Media Rocks undertakes to ensure GDPR compliance is observed to the greatest extent.

-What is GDPR?

From 25th May 2018, the GDPR brings all EU member states under a common regulatory framework.

Social Media Rocks takes GDPR compliance seriously, and we have extensively reviewed how and where we store any personal information and that any 3rd party software provider that we partner with is fully GDPR compliant.

This extensive review enables us to assure clients that GDPR best practices are strictly observed wherever possible, at all times.

a) Social Media Rocks relationship with you

Social Media Rocks is a service provider when you engage our services, we work for you, and if and when we create data, we create data exclusively for you.

To put this in the language of GDPR and the ICO:

You are the data controller – data belongs to you and is not shared with any other client, company or third party. No messaging is sent without your oversight.

We are the data processor – we work for you.

Does your marketing activity qualify?

Social Media Rocks services are designed and offered solely to help businesses promote to other businesses and their target audience via social media channels. I.e. B2B and B2C marketing.

b) Social profile URLs.

All social profile usernames and passwords can be connected directly by the client to our GDPR compliant Social media portal and where Social Media Rocks does require access directly to a client’s social accounts the information is either stored using encrypted software or it is securely stored on secure cloud servers. We ask for written consent (does the client fully understand why we require some personal information and what we will use it for?) at set-up.

c) Legitimate Interests

GDPR sets out a number of permissible circumstances (or categories) under which PII can be stored and processed, the most appropriate category in the case of Social Media Rocks is Legitimate Interests.

This link explains the Legitimate Interests basis for storing and processing PII:

d) LIA Failures

If Social Media Rocks determines that your planned social media activity does not meet the criteria for Legitimate Interests within the scope of GDPR then we cannot support the activity within any regions subject to GDPR.

e) Rights of Individuals

– Opting Out & Exclusion Lists

All recipients are able to opt out easily to prevent further email communication being received. – Subject Access Requests

All individuals have the right to request a copy of all data you hold on them. To support this you can email any SAR requests to and we will return this data within 72 hours.

– Right to be Forgotten

All individuals have the right to have their data removed (to be ‘forgotten’) which is a request that can be carried out easily by your Social Media Rocks account manager. Your data belongs to you and you can choose to delete some or all of it at any time.

– PECR and sending of B2B messages

Whilst GDPR controls the storage and processing of personal data in the UK, sending messages is regulated under the Privacy and Electronic Communications Regulations (PECR).

f) Data security and protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

g) Non-UK regulations

Social Media Rocks website brought to you by CosmicAsh Enterprises OÜ (registered number 14663000)is a Estonian based company and operates under European law. Where the service is used to target countries outside of the EU we are unable to provide guidance or take responsibility for any additional or differing laws that may be in place.

h) Client responsibility

Whilst Social Media Rocks continues to take extensive measures to ensure best practice with respect to GDPR and PECR across all client activity, clients should take note that responsibility for compliance vests (in different forms) with all parties. Social Media Rocks cannot be abreast of the constantly evolving regulatory frameworks in all countries at all times, as such, it is important that you, as the client, have knowledge of your local regulatory climate and ensure your business operates within the relevant regulatory frameworks.

Your Rights:

You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your personal information) if we intend to use your personal information for such purposes or if we intend to disclose your personal information to any third party for such purposes.

You can exercise your right to prevent such processing where applicable by checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that such websites have their own privacy policies and that we do not accept any responsibility or liability for such policies. Please check such policies before you submit any personal information to such websites.

Access to information:

The Data Protection Act 2018 gives you the right to access personal information held by us about you. Your right of access can be exercised in accordance with the Data Protection Act 2018. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the personal information we hold about you. You may also be asked to provide suitable evidence to prove your identity.