1. Introduction

At smartocto, we are committed to ensuring the privacy and protection of your personal data. This AI-Oriented Privacy Policy outlines how we collect, use, and safeguard data in connection with our AI-driven services, in compliance with the European Union's General Data Protection Regulation (GDPR), AI regulations, and the EU's AI Act (Regulation 2024/1689). Our practices are designed to prioritise both privacy and the ethical application of AI technology.

2. Data Collection and Usage

We collect personal data to improve our AI services, ensuring they deliver relevant and efficient experiences. The types of data collected may include, but are not limited to:

  • Personal Identifiers: Email address, IP address, device information.
  • User Behavior Data: Interaction history, content preferences, and usage patterns.
  • AI-Generated Data: Insights, predictions, and recommendations generated by AI models.

No technology providers we use (e.g., AWS, OpenAI) retain user prompts sent to generative AI systems or the results of processing those prompts by generative AI systems.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you explicitly agree to the collection and use of your data for specific purposes, such as AI-driven personalisation.
  • Legitimate Interests: To improve our services, ensure security, and deliver content relevant to your needs.
  • Contractual Necessity: When processing is necessary for the performance of a contract with you.

4. Purpose of AI Data Processing

Our AI technologies analyse and process personal data to:

  • Enhance content recommendations and personalisation.
  • Improve service efficiency and accuracy.
  • Provide insights and analytics for user needs.
  • Ensure compliance with ethical AI practices.

All AI-driven processes undergo regular audits to ensure transparency, fairness, and adherence to GDPR, EU AI regulations, and the AI Act.

5. User Rights

Under GDPR, you have the following rights concerning your data:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Correct any inaccuracies in your data.
  • Right to Erasure: Request the deletion of your data, except where required by law.
  • Right to Restrict Processing: Limit how your data is used.
  • Right to Data Portability: Receive your data in a structured format.
  • Right to Object: Opt-out of certain AI-driven processing activities.

6. Data Security

We implement advanced security measures, including encryption and anonymisation, to protect your data. Regular audits and monitoring ensure that AI models comply with both GDPR, the AI Act, and EU AI regulations.

7. Data Sharing and Transfers

We do not sell or share your data with third parties.

Transfers outside the EU will comply with GDPR requirements, ensuring adequate protection via Standard Contractual Clauses (SCC) and Transfer Impact Assessments (TIAs).

8. AI Transparency and Ethics

We prioritise ethical AI use by:

  • Ensuring non-discriminatory AI processing.
  • Providing transparency on how AI impacts your experience.
  • Regularly reviewing AI models to ensure fairness and accountability.

For more information on our ethical approach to AI, please refer to our blog on AI Ethics in Journalism.

9. Cookies and AI Tracking

Our website uses cookies to enhance AI-driven services. You can manage your cookie preferences through our consent management tool, ensuring compliance with GDPR requirements.

10. Contact Us

If you have any questions or concerns about our AI-Oriented Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer at dpo@smartocto.com.

11. Policy Updates

We may update this policy to reflect changes in AI regulations, GDPR requirements, or the AI Act. Please review this policy periodically for any updates.

Get in touch