GDPR Compliance - Easy.one

1. Our Commitment

Smart Apps Limited is committed to protecting the personal data of individuals in the European Economic Area (EEA) and United Kingdom in accordance with the General Data Protection Regulation (GDPR) and the UK GDPR.

2. Data Controller

Smart Apps Limited (Data Controller)

Flat/RM 901, 09/F, Hing Yip Commercial Center

272-284 Des Voeux Road Central

Hong Kong

Email: hello@easy.one

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

Purpose	Lawful Basis
Providing the Service	Performance of a contract (Art. 6(1)(b))
Account management	Performance of a contract (Art. 6(1)(b))
Payment processing	Performance of a contract (Art. 6(1)(b))
Analytics and improvement	Legitimate interest (Art. 6(1)(f))
Marketing communications	Consent (Art. 6(1)(a))
Legal compliance	Legal obligation (Art. 6(1)(c))
Security and fraud prevention	Legitimate interest (Art. 6(1)(f))

4. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of access (Art. 15) - request a copy of your personal data
Right to rectification (Art. 16) - request correction of inaccurate data
Right to erasure (Art. 17) - request deletion of your data ("right to be forgotten")
Right to restrict processing (Art. 18) - request limitation of how we use your data
Right to data portability (Art. 20) - receive your data in a structured, machine-readable format
Right to object (Art. 21) - object to processing based on legitimate interest
Right to withdraw consent (Art. 7(3)) - withdraw consent at any time where processing is based on consent
Right to lodge a complaint - with your local supervisory authority

To exercise any of these rights, contact us at hello@easy.one. We will respond within 30 days.

5. International Data Transfers

As Smart Apps Limited is based in Hong Kong, personal data may be transferred outside the EEA/UK. We ensure appropriate safeguards for such transfers, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Transfers to countries with adequate data protection (as determined by the European Commission)
Other appropriate safeguards as required by applicable law

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymised.

7. Data Processing Agreements

Where we act as a data processor on behalf of our clients (who deploy the platform for their own customers), we enter into Data Processing Agreements (DPAs) that comply with Article 28 of the GDPR. Contact us at hello@easy.one to request a DPA.

8. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

Encryption of data in transit (TLS) and at rest
Isolated client infrastructure - no data sharing between instances
Access controls and authentication
Regular security assessments
Staff training on data protection

9. Data Breach Notification

In the event of a personal data breach, we will:

Notify the relevant supervisory authority within 72 hours where required
Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms
Document all breaches, their effects, and the remedial action taken

10. Contact

For GDPR-related enquiries or to exercise your data rights:

Email: hello@easy.one

Smart Apps Limited

Flat/RM 901, 09/F, Hing Yip Commercial Center

272-284 Des Voeux Road Central, Hong Kong