Privacy Policy

SerifTrust AI / MarLocker S.L. operates as a service provider and, in doing so, processes personal data to deliver its services.

SerifTrust AI / MarLocker S.L. (hereinafter referred to as the "Data Controller" or "We") processes the personal data of individuals who request quotes or express interest (hereinafter collectively referred to as "Data Subjects" or "You") through the seriftrust.uk website (hereinafter referred to as the "Website").

1. Data Controller Contact Details

Name: SerifTrust AI / MarLocker S.L. Registered Office and Correspondence Address: C/Honda 1. 04450 Canjáyar, Almería, Andalusia, Spain Representative Name and Phone Number: Tímea Pokol +44 7721774264 Email Address: seriftrust.ai@marlocker.store

2. Scope of Personal Data Processed

To access various services, we request different categories of personal data from users, adhering to the principle of data minimisation. This Privacy Policy exclusively covers the processing of personal data of natural persons visiting our Website, as personal data can only relate to natural persons.

Anonymous information collected by the Data Controller that cannot be linked to an identifiable natural person, as well as demographic data collected without being linked to the personal data of identifiable individuals (thereby preventing any connection to a natural person), are not considered personal data.

The categories of data processed are as follows:

2.1 For Quote Requests:

• Name

• Email address

• Phone number

2.2 For Enquiries:

• Name

• Email address

• Phone number

2.3 Children's Data: Our products and services are not intended for individuals under the age of 16. We request that individuals under the age of 16 do not provide Personal Data to the Data Controller. If we become aware that we have collected personal data from a child under 16, we will take all reasonable steps to delete that information as soon as possible.

3. Cookie Management Policy (Anonymous User Identifier)

The Data Controller places anonymous user identifiers (cookies) on the Data Subject's computer. These cookies cannot, by themselves, identify the Data Subject in any way. They are solely capable of recognising the Data Subject's device and do not store IP addresses or transmit IP addresses as personal data to the Data Controller. The cookies used are simple, short, small text files. No personal data or information needs to be provided, as the user does not transmit personal data to the Data Controller when this solution is used; data exchange occurs solely between devices.

Essential Cookies for Website Operation: The operation of the Website requires the placement of certain essential cookies on the Data Subject's computer. These cookies help to speed up website loading, allow your browser to store certain information from the website, and assist the Data Subject in ensuring that website modules function properly.

• S_LANG (Session):

  • Function: Stores the visitor's preferred language code to ensure error pages (e.g., 404) load in the preferred language and do not revert to the default language if different.

• barrier-free (7 days):

  • Function: Controls whether an accessible version of the page is displayed. Values: 1 - yes, 0 - no.

• b-lvt (1 hour):

  • Function: Determines the display type of the Blog list view.

• COOKIE-CONSENT (1 year):

  • Function: Prevents the cookie bar from reappearing after acceptance. If the Data Subject selects "OK", their choice is saved, and we will not request further consent for 1 year.

• KRID (Session):

  • Function: Relevant for registration and shopping cart functionalities. It ensures that if a user leaves their cart and continues Browse, products remain in the cart, and if they log into a registered area, the system does not log them out while Browse the site.

Analytical Cookies: To obtain website traffic data and other web analytics data, the Data Controller uses the services of independent analytics providers. These service providers can provide detailed information to the Data Subject regarding the processing of measurement data.

For Google Analytics, the Data Controller has implemented settings within the website code to ensure that Google Analytics anonymises the Data Subject's IP address. This means the IP address is no longer identifiable and is not transferred to the Data Controller. You can find more information about this technology here: https://support.google.com/analytics/answer/2763052?hl=hu

The purpose of using the anonymised information provided by the above software is to analyse website traffic and functional usage to improve user experience (e.g., providing optimised navigation, determining the order of information placement on specific sub-pages).

These measurements do not store data that could identify users, such as IP addresses or personal data.

Cookies Used for Advertising: The Data Controller may utilise modern online marketing solutions, specifically Google Ads and Facebook (Meta) advertisements. These advertising solutions use cookies during their operation. These cookies help the system ensure that Data Subjects are shown relevant advertisements that align with their current interests, rather than irrelevant ones. On the Website, the Data Controller uses remarketing codes provided by Google Ads and Facebook (Meta). Remarketing codes also use cookies.

The installed cookie does not transmit personal data to the Data Controller but merely helps to display advertisements related to the Data Controller's products and services on other websites belonging to the Google Display Network, and on Facebook (Meta), subsequently visited by the Website visitor.

Manual Override, Intervention, and Adjustment Options for Advertising Preferences: Users can disable cookies and personalise advertisements at any time via Google or Facebook's (Meta's) advertising settings interfaces.

Google user account privacy settings can be managed by the Data Subject here: https://myaccount.google.com/privacy

Facebook (Meta) user account privacy settings are available under the "Settings" menu, specifically under the "Privacy" and "Ads" settings tabs: https://www.facebook.com/ads/preferences

Stopping or Disabling Cookie Usage:

Modifying Browser Settings: The "Help" function in the menu bar of most browsers provides information on how to:

• Disable cookies,

• Accept new cookies, or

• Instruct your browser to set a new cookie, or

• Disable other cookies.

Browser Blocking Extensions: If the Data Subject does not wish for Google Analytics to measure the above data in the manner and for the purpose described, they can install a blocking browser add-on.

Using External Solutions for Cookie Management: Data Subjects can manage which service providers are allowed to conduct advertising cookie activities on their computer with the help of external websites. One such solution is AdChoices, available in various languages.

4. Social Media Plugins

Plugins on the Website are disabled by default. These plugins also use cookies. The plugins are only enabled if the Data Subject clicks the respective button (e.g., liking an article, pinning an image, or starting to follow the Data Controller's Facebook page using the "Like" button on the page). By enabling the plugin, i.e., pressing the "Like" button, the Data Subject establishes a connection with the social media site, thereby explicitly consenting to the transfer of their data to Facebook/Twitter/LinkedIn/Pinterest/Instagram (Meta).

If the Data Subject is logged into Facebook/Twitter/LinkedIn/Pinterest/Instagram (Meta), the respective social network may associate their visit with the Data Subject's social media account.

If the Data Subject clicks on one of the aforementioned social media buttons, their browser will transmit the relevant information directly to the respective social network, where it will be stored.

Information regarding the scope and purpose of data collection, further processing and use of your data by Facebook/Twitter/LinkedIn/Pinterest/Instagram (Meta), your rights concerning the protection of your personal data, and settings options can be found in the privacy policy of the respective social media platform.

By using the Website's services, the user acknowledges and consents to the processing of their data by Google as described.

5. Technical Data – Log Files

To enable the use of our services, the system automatically logs the following data:

• The dynamic IP address of the user's computer.

• The type of browser and operating system used by the user, depending on the user's computer settings.

• The user's activity related to the website.

The use of this data serves, on the one hand, technical purposes – such as analysing the secure operation of servers and subsequent auditing. This is an automatic IT security process recorded by the system in server logs without the Data Subject's declaration

These data are not suitable for identifying the user, and the Data Controller does not link them with other personal data. Logging data is stored by the system for 6 months from the date of visit.

6. Lawful Basis and Purpose of Data Processing

6.1 For Quote Requests and Enquiries: The processing of data is necessary for steps prior to entering into a contract (Article 6(1)(b) UK GDPR). The purpose of data processing is to provide personalised services to Data Subjects and to send price quotes at the Data Subjects' request, which may serve as the basis for a subsequent contract or order.

7. Data Retention Period

7.1 For Quote Requests and Enquiries: If a contract is concluded, data will be processed for the duration of the contract and for 5 years following the year of performance, in accordance with accounting laws. If no contract is concluded, meaning the purpose was not realised, the Data Controller will process the data until March 1st of the year following the expiry of the offer.

8. Scope of Data Access, Data Transfer, Data Processors

Personal data collected from Data Subjects may be accessed by the Data Controller's internal staff; they are not published. Data will only be transferred to a third party for data processing purposes at the Data Subject's request and to the recipient specified by the Data Subject. For the purpose of carrying out tasks arising from its activities (accounting, issuing electronic invoices, sending newsletters), the Data Controller may use data processors.

9. Data Subject Rights and Remedies

9.1 The Data Subject may request from the Data Controller: a) Information regarding the processing of their personal data; b) Rectification of their personal data; c) Erasure or restriction of processing of their personal data (except where processing is mandatory); d) Portability of their personal data to another data controller.

9.2 Upon the Data Subject's request, the Data Controller shall provide written information within 30 days of receiving the request about the data processed concerning the Data Subject (or processed by a data processor acting on their behalf), its source, the purpose, lawful basis, and duration of processing, the name, address, and activities related to data processing of the data processor, and – in case of personal data transfer – the legal basis and recipient of the data transfer.

This information is provided free of charge if the Data Subject has not submitted a request for information concerning the same area within the current year. Otherwise, the Data Controller may impose a reasonable fee, provided that any fee already paid must be reimbursed if the data has been processed unlawfully or if the request for information leads to rectification.

For the purpose of verifying the lawfulness of data transfers and informing the Data Subject, the Data Controller maintains a record of data transfers, which includes the date of personal data transfer, the legal basis and recipient of the data transfer, the scope of the personal data transferred, and other data specified by the data protection legislation.

For the purpose of monitoring measures related to data breaches and informing Data Subjects, the Data Controller maintains a data breach register, which includes the scope of personal data involved, the number and categories of Data Subjects affected, the date, circumstances, effects of the data breach, and the measures taken to address it, as well as other data specified by data protection legislation.

9.3 The Data Subject is entitled at any time to request the rectification of inaccurately recorded data or their erasure. Such requests must be submitted in writing via postal mail or email. The Data Controller will delete the data within 3 working days of receiving the request, in which case the data cannot be restored. Deletion does not apply to data processing required by law (e.g., accounting regulations), which will be retained by the Service Provider for the necessary period.

9.4 The Data Subject may also request the restriction of processing of their data and the portability of their data to another data controller. The Data Controller will restrict the processing of personal data if the Data Subject requests it, or if, based on available information, it can be presumed that deletion would violate the Data Subject's legitimate interests. Personal data thus restricted can only be processed as long as the processing purpose that precluded the deletion of the personal data exists.

The Data Subject, and all those to whom the data was previously communicated for processing purposes, must be notified of the rectification, restriction, and erasure. Notification may be omitted if, considering the purpose of data processing, it does not harm the Data Subject's legitimate interests. If the Data Controller does not comply with the Data Subject's request for rectification, restriction, or erasure, they shall inform the Data Subject in writing of the factual and legal reasons for the refusal within 30 days of receiving the request.

Furthermore, the Data Subject may submit the following to the Data Controller via one of the contact addresses specified in point 9.5:

• Request the transfer of their data to another data controller, provided that the data processing is based on a contract or consent and is processed by the Data Controller through automated means.

• Withdraw their previously given consent for data processing.

The Data Subject may object to the processing of their personal data. The Data Controller shall examine the objection as soon as possible, but no later than 15 days from the submission of the request, decide on its merits, and inform the Data Subject in writing of its decision. In case of refusal of a request for rectification, erasure, or restriction, the Data Controller shall inform the Data Subject of the possibility of judicial remedy and recourse to the supervisory authority.

Information on Data Security Measures: The Data Controller ensures data protection by design and by default. To this end, the Data Controller implements appropriate technical and organisational measures to:

• Precisely regulate access to data;

• Only allow access to individuals who need the data to perform their tasks, and even then, only to the minimum data necessary for the task;

• Carefully select data processors commissioned by them and ensure data security through appropriate data processing agreements;

• Ensure the integrity (data integrity), authenticity, and protection of processed data.

The Data Controller implements reasonable physical, technical, and organisational security measures to protect Data Subject data, particularly against accidental, unauthorised, unlawful destruction, loss, alteration, transfer, use, access, or processing. The Data Controller will promptly notify the Data Subject in case of known unauthorised access to personal data or its use that poses a high risk to the Data Subject.

Where the transfer of Data Subject data is necessary, the Data Controller ensures appropriate protection of the transferred data, for example, by encrypting the data file. The Data Controller bears full responsibility for the processing of Data Subject data carried out by third parties.

The Data Controller also ensures that Data Subject data is protected against destruction or loss through appropriate and regular backups.

9.5 The Data Subject may exercise their rights using the following contact details: Correspondence Address: SerifTrust AI / MarLocker S.L. C/Honda 1. 04450 Canjáyar, Almería, Andalusia, Spain Email Address: seriftrust.ai@marlocker.store The Data Subject may contact the Data Controller's staff with any questions or comments regarding data processing via the contact details in point 9.5.

9.6 The Data Subject may, based on the UK GDPR and relevant UK legislation:

• Lodge a complaint with the Information Commissioner's Office (ICO) (Contact details can be found at www.ico.org.uk) or

• Seek legal remedy before a court.

9.7 If the Data Subject has provided third-party data when using the service, during registration, or newsletter subscription, or has caused any damage during the use of the Website, the Data Controller is entitled to claim damages against the Data Subject. In such cases, the Data Controller will provide all possible assistance to the authorities involved in identifying the infringing person.

For our Website Visitors