Privacy Policy

secretomio Limited is the publisher and operator (referred to as the "Company", "we", "our" or "us") of the secretomio website(s), secretomio.com (referred to as the "Website"). The Company is committed to protecting your privacy and handling your personal data in an open and transparent manner. The personal data that we collect and process will vary depending on how you use the Website.

This privacy policy:

• provides an overview of how the Company collects and processes your personal data and tells you about your rights under the EU General Data Protection Regulation ("GDPR");
• is directed to natural persons who are: (a) visitors of the Website (referred to in this privacy policy as "Browsers"). Browsers must be aged eighteen (18) years and over or must have attained the age of majority in their respective jurisdiction. All persons who do not meet these criteria are strictly forbidden from accessing or viewing the contents of the Website. We do not knowingly seek or collect any personal information from persons who have not attained the age of eighteen (18).

For the purposes of this privacy policy:

• when we refer to "personal data" or "personal information" we mean data which identifies or may identify you and which may include, for instance, your email or IP address;
• when we refer to "processing" we mean the handling of your personal data by us, including collecting, protecting and storing your personal data; and
• when we refer to "sensitive data" we mean personal data which may reveal information about racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, genetic or biometric data.

Secreto Mio Limited is a limited liability company, registered in Colombia. If you have any questions, comments and/or requests regarding this privacy policy or wish to obtain more details in relation to the personal data we process about you, please contact us by sending an email to [email protected].

We obtain your personal data mainly through any information you provide directly to us through our Website. Below is a list of ways we collect your personal data:

• when you visit and/or use our Website;
• when you take part in surveys or report a problem with our Website; or
• when you contact with us via email, post or other ways of communication.

Where we need to collect and process your personal data in order to provide you with our services and you fail to provide that data when requested, we may not be able to provide you with access to our Website and/or the services we offer. In this case, we may have to suspend your access to the Website.

We will collect different categories of personal data from you depending on your level of interaction with our Website. We will limit the collection and processing of information to information necessary to achieve one or more of our legitimate purposes as identified in this privacy policy.

4.1. Website Data

4.2. User Data

4.3. Aggregated Data

We may also collect, use and share aggregated data such as statistical or demographic data for the purpose of customizing our marketing efforts or the use of our Website. Aggregated data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For instance, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature, to generate statistics about our users, to calculate ad impressions served or clicked on, or to publish visitor demographics. If we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which shall be used in accordance with this privacy policy.

As you navigate through and interact with our Website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect these data by using cookies and other similar technologies, Please see our cookie policy for further details on cookies policy.

We will only use and share your personal information where it is necessary for us to provide you with our lawful services in accordance with this privacy policy. We would like to ensure that you fully understand why your information may be used.

We will most commonly use your personal data in the following circumstances:

1. 6.1 Performance of our services to you

   where we need to perform our services to you, as necessary in accordance with our Website's Terms of Service;

   6.1.1 Provision of services

   We may collect and process your personal data where it is necessary in order to present our Website and its contents to you, including any interactive features on our Website and to provide you with information or services that you request from us.

   6.1.2 Customer management

   We may collect and process your personal data where it is necessary in order to provide customer support and notices about subscription, including expiration and renewal notices, and notices about changes to our Website or any services we offer or provide through it.

2. 6.2 Legitimate interests

   where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

   6.2.1 Analytics

   We may collect and process your personal data where it is necessary in order to determine whether users of the Website are unique, or whether the same user is using the Website on multiple occasions, and to monitor aggregate metrics such as total number of visitors, pages viewed and demographic patterns.

   6.2.2 Functionality and Security

   We may collect and process your personal data where it is necessary in order to diagnose or fix technology problems, and to detect, prevent and respond to actual or potential fraud, illegal activities, or intellectual property infringement.

   6.2.3 Other Legitimate Interests

   In addition to the above, we may process your data, to the extent required for our business needs in order to:

   • develop new services on our Website as well as analyze and target new markets;
   • protect our legal rights and interests (including legal claims and preparing our defense in litigation);
   • monitor, maintain and improve internal business processes, information and data, technology and communication solutions and services;
   • ensure network information security, including monitoring Browsers' and Users' access to our information technology for the purpose of preventing cyber-attacks, unauthorized use of Website and prevention or detection of crime;
   • send you relevant marketing information (including details of other services provided by us which we believe may be of interest to you);
   • monitor the performance and effectiveness of our services and the Website; and
   • assess the quality of our customer services.

3. 6.3 Legal obligations

   where we need to comply with a legal obligation; and/or

   When you visit and/or use and/or register in our Website (and throughout your relationship with us), we are required to comply with certain legal and regulatory obligations which may involve the processing of your personal data. This may include processing to:

   1. perform checks and comply with laws relating to fraud;
   2. identify other infringements of our Terms of Use; and
   3. manage contentious regulatory matters, investigations and litigation.

4. 6.4 Consent

   where you have given us your consent.

   We will only ask for your consent when we wish to provide marketing information to you in relation to our services which we believe may be of interest and of benefit to you.

   You have the right to revoke your consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.

It is our policy not to use or share personal data about you in ways unrelated to those described in this privacy policy without also providing you with an opportunity to opt out or otherwise object to such unrelated uses. However, we may disclose personal data about you, or information regarding your use of the services or the Website to third parties for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations. When we disclose your personal data to service providers, we will ensure that they are bound by a contract requiring them to comply with their GDPR obligations. Under the circumstances referred to above, recipients of personal data may be, for example:

1. members of our corporate group which operate partner websites to the extent this is necessary for the purposes set out in this privacy policy and to enable you to have access to certain features;
2. service providers;
3. governmental and regulatory bodies, including law enforcement authorities, in connection with enquiries, proceedings or investigations by such parties or in order to enable the Company to comply with its legal and regulatory requirements. We specifically reserve the right to disclose any and all information to law enforcement in the event that a crime is committed or suspected or if we are compelled to do so by lawful criminal, civil or administrative process, discovery requests, subpoenas, court orders or writs;
4. buyers or other legal successors in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us about our Website Members and Browsers is among the assets transferred. Should such a sale or transfer occur, we will use reasonable efforts to ensure that the entity to which we transfer your personal data uses it in an manner that is consistent with this privacy policy; and/or
5. legal or other professional consultants.

We may also disclose aggregated information about our users, and information that does not identify any individual, without restriction. We also may share aggregated information with third-parties for conducting general business analysis. This information does not contain any personal data and may be used to develop content and services that we hope you and other users will find of interest.

Please note that we have never sold and will never sell your personal data to third parties.

Browsers should be aware that all information provided on the Website when they visit has a possibility of identification by others. Accordingly, Browsers should understand that they are in control of all of the information they make available on the Website or to the Company and are fully responsible for any consequences arising out of such information.

We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your personal data from unauthorized access and disclosure. For instance, only authorized employees are permitted to access personal data, and they may do so only for permitted business functions. In addition, we use encryption in the transmission of your personal data between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your personal data. However, please be advised that we cannot fully eliminate security risks associated with the storage and transmission of personal data as we cannot guarantee that our security measures will prevent third-party hackers from illegally obtaining this information.

You are responsible for maintaining the secrecy of your information at all times. We are not responsible for circumventions of any privacy settings or security measures contained on the Website.

Some of our external third parties are based outside the European Economic Area ("EEA") so the processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
2. Where we use service providers outside the EEA, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the European Union.
3. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the European Union and the US.

We may additionally, in rare occasions, transfer your personal data to a party outside the EEA where we have your prior explicit consent to do so or where such transfer is necessary for the provision of our services to you.

We may process your personal data so as to inform you about existing and/or future services that may be of interest to you by sending you periodic announcements with details on existing and/or new services and/or programs.

You have the right to object at any time to the processing of your personal data for marketing purposes, by clicking at the opt-out link at the bottom of any marketing emails we send you.

We can only use your personal data to promote our services to you if we have your explicit consent to do so, if we consider that it is in our legitimate interest to do so. You may also occasionally receive marketing communications from our affiliates, but only provided you have given your explicit consent in receiving such communications.

Even if you inform us that you no longer wish to receive marketing material, you will still receive from us system notices and other information from time to time.

We will only keep your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. For specific details about our data retention periods and practices, please refer to our Terms of Service, Section 11 (Data Collection).

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We want to make sure you are aware of your rights in relation to the personal data we process about you. We have described those rights and the circumstances in which they apply further below.

13.1. Access

This enables you to get access or receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.

13.2. Correction

If you believe that any of the information that we hold about you is inaccurate or incomplete, you have a right to request that we correct the inaccurate personal information.

13.3. Erasure

You may request that we delete your personal information if you believe that:

13.3.1. No longer necessary

we no longer need to process your information for the purposes for which it was provided;

13.3.2. Withdrawal of consent

we have requested your permission to process your personal information and you wish to withdraw your consent; or

13.3.3. Unlawful processing

we are not using your information in a lawful manner.

13.4. Right to object

You have the right to object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedom or for the establishment, exercise and defense of legal claims.

13.5. Right to withdraw consent

If we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we carried out prior to you withdrawing your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

13.6. Right to data portability

You have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller without hindrance from us. This right only applies where the processing is based on your consent or the performance of a contract and the processing is carried out by automated means.

13.7. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes applicable data protection laws. You can do this in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

13.8. Right to restriction of processing

You have the right to request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data if:

1. it is not accurate; or
2. it has been used unlawfully but you do not want us to delete it; or
3. it is not relevant any more, but you want us to keep it for use in possible legal claims; or
4. you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If we ask for your consent to use your personal data, you can withdraw your consent at any time. Please note that in case of a withdrawal of your consent you may no longer be able to use several functionalities of our Website and our services.

Please note that some requests to delete certain personal data will require use of certain personal data (e.g. your email address). Also note that it is possible that we require additional information from you in order to verify your authorization to make the request and to honor your request.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us electronically by sending us an email at [email protected].

We endeavor to address all your requests promptly.

13.9. Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible.

We remain dedicated to the protection of your personal data and we want to be clear about the type of information collected, helping you make choices about your privacy. You may:

1. block cookies, including cookies associated with our services, by activating or deactivating the related cookies on your browser. Please note, however, that if you choose to disable all cookies (including essential cookies) you may not be able to access all or part of our Website;
2. access/modify/control the information provided during contact - [email protected]
3. access/modify/control the sites and/or third-parties that you provided/used - directly with the site/third-party

If you have any questions about this privacy policy or our information-handling practices, please contact us electronically at [email protected].

16.1 Right to Lodge Complaints

You have the right to lodge a complaint about our data processing activities with the relevant supervisory authority if you believe that our processing of your personal data violates applicable data protection laws.

16.2 How to Lodge a Complaint

To lodge a complaint with us, please contact our Data Protection Officer at:

• Email: [email protected]
• Subject line: "Data Protection Complaint"

16.3 Complaint Handling Process

When you submit a complaint, we will:

• 16.3.1 Acknowledge receipt of your complaint within 5 business days;
• 16.3.2 Investigate the matter thoroughly;
• 16.3.3 Provide you with a written response within 30 days of receipt;
• 16.3.4 If we cannot resolve the complaint within 30 days, we will inform you of the reason for the delay and provide a new timeframe.

16.4 Right to Contact Supervisory Authority

If you are not satisfied with our response or believe your data protection rights have been violated, you have the right to contact the relevant supervisory authority in your jurisdiction. For users in the European Union, this would be your local Data Protection Authority (DPA).

16.5 No Fee for Complaints

We will not charge you any fee for the submission or handling of your complaint unless your request is manifestly unfounded or excessive.

16.6 Record Keeping

We maintain records of all complaints received and our responses to them as part of our compliance obligations under data protection laws.

For purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, secretomio.com acts as a data controller for personal data collected through the Site.

We process Your personal data on the following legal bases:

• (a) Contract Performance: Processing necessary for the performance of our contract with You to provide the Site and Services;
• (b) Legitimate Interests: Processing necessary for our legitimate interests, which include improving our Services, preventing fraud, and ensuring network security;
• (c) Legal Compliance: Processing necessary to comply with our legal obligations;
• (d) Consent: Where required by law, we obtain Your explicit consent for specific processing activities, such as marketing communications or processing of sensitive data.

We implement appropriate technical and organizational measures to protect Your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:

• (a) Encryption of personal data in transit and at rest;
• (b) Regular security assessments and penetration testing;
• (c) Access controls and authentication mechanisms;
• (d) Data backup procedures;
• (e) Incident response plan and procedures;
• (f) Regular security training for staff handling personal data.

20.1 Types of Communications

By using Our Site and Services, You may receive various types of communications from Us, including but not limited to:

• 20.1.1 Service announcements and updates;
• 20.1.2 Marketing and promotional communications;
• 20.1.3 Newsletters and content recommendations;
• 20.1.4 Transaction confirmations and receipts;
• 20.1.5 Account notifications and security alerts.

20.2 Managing Your Communication Preferences

You may manage Your communication preferences in the following ways:

• 20.2.1 Account Settings: Log in to Your account, navigate to Your profile settings, and adjust Your notification preferences using the available toggles and options;
• 20.2.2 Email Opt-Out: Every marketing or promotional email We send contains an "unsubscribe" link at the bottom that allows You to opt out of future communications of that type;
• 20.2.3 Direct Request: Contact [email protected] with specific requests regarding Your communication preferences.

20.3 Required Communications

Please note that even if You opt out of marketing communications, We may still send You administrative communications that are necessary to provide You with Our Services or to comply with legal requirements, such as transaction confirmations, security alerts, and policy updates.

20.4 Response Time

While most preference changes take effect immediately, please allow up to ten (10) business days for Your communication preference changes to be fully implemented across all Our systems.

20.5 Third-Party Communications

This opt-out process applies only to communications sent directly by Us. If You receive communications from third parties that were facilitated through Our Site, You will need to follow the opt-out procedures provided by those third parties.

If You are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar data protection laws, You have the following rights regarding Your personal data:

• (a) Right to Access: You may request confirmation of whether we process Your personal data and access to that data;
• (b) Right to Rectification: You may request that we correct inaccurate or incomplete personal data;
• (c) Right to Erasure: You may request the deletion of Your personal data under certain circumstances;
• (d) Right to Restrict Processing: You may request that we restrict the processing of Your personal data under certain circumstances;
• (e) Right to Data Portability: You may request a copy of Your personal data in a structured, commonly used, machine-readable format;
• (f) Right to Object: You may object to our processing of Your personal data under certain circumstances;
• (g) Rights Related to Automated Decision-Making: You may not be subject to decisions based solely on automated processing that produce legal effects concerning You or similarly significantly affect You, except where permitted by law.

We retain Your personal data for the following periods:

• (a) Account information: For the duration of Your account plus 2 years following account closure;
• (b) Transaction records: For 7 years as required by tax and financial regulations;
• (c) Age verification data: For the duration of Your account plus 1 year following account closure;
• (d) Communication data: For 2 years following Your last interaction with us;
• (e) Technical data (logs, IP addresses): For 90 days for security and troubleshooting purposes.

If we transfer Your personal data to countries outside the EEA or UK that do not provide an adequate level of data protection, we implement appropriate safeguards such as:

• (a) Standard Contractual Clauses approved by the European Commission;
• (c) Both the person submitting the report and the content creator will be notified of the decision and its reasoning.

If you have any questions about this privacy policy, or wish to lodge a complaint about how your personal data is used by the Company, you may contact us electronically at the email address [email protected].

Upon receipt of your complaint, we will investigate it and respond to you within a reasonable time.

You also have the right to complain to the data protection supervisory authority of the country in which you reside, provided that such country is a Member State of the European Union or is located within the EEA.

Our Website is not directed to individuals under the age of eighteen (18) or the applicable age of majority in the jurisdiction from which the Website is accessed and we do not knowingly collect personal data from minors. For more detailed information about our age verification policies and procedures, please refer to our Terms of Service Section 3 (Age Verification and Adult Content).

Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements or representations about their accuracy, content or thoroughness. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

We reserve the right to update, revise, amend and/or modify this privacy policy at any time in order to reflect any changes to the way in which we process your personal data or changing legal requirements.

Although we will notify you when major changes are made to this privacy policy, you are expected to periodically review the most up-to-date version found at privacy policy so you are aware of any changes. The date of the latest version of the privacy policy will appear at the top of the webpage hosting the policy.

Referenced in: Terms of Service Section 1.6.1

27.1 California Consumer Privacy Act (CCPA)

If You are a California resident, the CCPA provides You with specific rights regarding Your personal information. This section describes those rights and explains how to exercise them.

27.2 Right to Opt-Out of Sale

If We sell Your personal information, You have the right to opt-out of the sale of Your personal information.

27.3 Right to Non-Discrimination

We will not discriminate against You for exercising any of Your CCPA rights.

27.4 Exercising Your Rights

To exercise the rights described above, please submit a verifiable consumer request to Us via email only by:

Emailing [email protected] with the subject line "CCPA Request".

Your request must provide sufficient information to verify Your identity. We will respond within forty-five (45) days as required by law.

27.5 Authorized Agent

You may designate an authorized agent to submit requests on Your behalf. We may require written proof of authorization (e.g., a notarized letter) and verification of Your identity.

27.6 Limitations

We may deny Your deletion request if retaining the information is necessary for Us or Our service providers to complete the transaction for which We collected the personal information, provide a good or service that You requested, comply with legal obligations, or for other reasons permitted under the CCPA.

28.1 Payment Processing Services

Our Site uses NowPayments and other authorized cryptocurrency processors to facilitate secure payment transactions. When You make a purchase through Our Site, You may be redirected to a secure payment page operated by NowPayments.

28.2 Information Sharing with Payment Processors

When You make a purchase, basic payment-related metadata (such as your crypto wallet address, transaction ID, and purchase amount) may be shared with NowPayments via secure encrypted channels. We do not collect or store any credit card or personally identifiable payment credentials.

28.3 Third-Party Terms and Privacy Policies

Your interactions with these third-party payment processors are governed by their respective terms of service and privacy policies, in addition to this Agreement. We encourage You to review these policies before providing Your information to these third parties:

• 28.3.1 See NowPayments' Terms of Use
• 28.3.2 See NowPayments' Privacy Policy

28.4 PSD2 Compliance for EU

Limited Liability: While We carefully select Our payment processing partners based on their reputation, security practices, and reliability, We cannot and do not guarantee their performance or security. For EU users, our payment processors comply with applicable regulations such as the Revised Payment Services Directive (PSD2), including strong customer authentication requirements. To the fullest extent permitted by law, We disclaim all liability for any issues, disputes, or losses arising from Your interactions with these third-party payment processors.

28.5 Dispute Resolution with Payment Processors

Any disputes regarding payments, charges, refunds, or other financial matters involving these third-party payment processors should be directed first to the relevant processor. If the issue remains unresolved, You may contact Us at [email protected], and We will make reasonable efforts to assist in resolution, though We cannot guarantee any particular outcome.

Our Site may integrate with other third-party services for various functionalities. Your use of such third-party services is subject to their respective terms and privacy policies. We are not responsible for the content or practices of these third-party services.