Privacy Policy

Edited 1 May 2026

1. Introduction

This Privacy Policy explains how GIV A SMART LTD (“we,” “us,” or “our”) collects, uses, and protects your personal data when you visit https://roimonks.com/ (“the Website”) or interact with our marketing services. We are committed to safeguarding your privacy and complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Bulgarian Personal Data Protection Act.

By using our Website or services, you agree to the terms of this Privacy Policy.

2. Data Controller

3. Information We Collect

4. How We Use Your Data

1. To provide and improve our digital marketing services
2. To respond to your inquiries and communicate with you
3. To send marketing or promotional communications (only with your consent)
4. To analyze website traffic and user behavior
5. To measure the performance of advertising campaigns
6. To comply with legal obligations

5. Legal Basis for Processing

We process personal data on one or more of the following legal bases:

• Performance of a contract: When processing is necessary to provide our services.
• Consent: When you have explicitly given us permission (e.g., email marketing or cookies).
• Legitimate interest: To improve our website, services, and marketing effectiveness.
• Legal obligation: When processing is required by law.

6. Data Retention

We retain your personal data only as long as necessary for the purposes described in this Policy, or as required by applicable law. When data is no longer needed, it will be securely deleted or anonymized.

7. Sharing and Disclosure of Data

We do not sell your personal data. We may share your data only with:

• Service providers and sub-processors assisting us with hosting, analytics, advertising, or communication, who act on our behalf;
• Business partners or subcontractors involved in project execution, bound by confidentiality obligations;
• Authorities or regulators, where required by law.

Our service providers, sub-processors and business partners are bound by confidentiality and data-protection obligations and may process your personal data only on our instructions. Where we are legally required to disclose data to authorities or regulators, such disclosure is made only to the extent required by applicable law.

In particular, we rely on the following sub-processor:

- Google Cloud EMEA Limited (Google Cloud Platform) provides the cloud infrastructure on which our internal infrastructure and services run, including application hosting (Cloud Run), a managed database and knowledge base (Cloud SQL for PostgreSQL), usage and audit logging (BigQuery, retained for 12 months), AI processing of queries and content (Google's Gemini Enterprise Agent Platform, formerly Vertex AI, including Gemini and embedding models), asynchronous task processing (Cloud Tasks), operational logging (Cloud Logging), and encrypted credential storage (Secret Manager). Personal data processed may include your identity (e.g. account email and, where applicable, messaging username), the queries you submit, summaries of AI-generated responses, knowledge-base entries you create or approve, and — where you connect a Meta (Facebook) account for Ad Library features — your Meta access token and app-scoped Facebook user ID. All such personal data is processed and stored within the European Union, in the europe-west1 (Belgium) region. Meta access tokens expire approximately 60 days after issuance and are retained only until they expire or you request deletion (including via Meta's Data   Deletion Request callback).

8. International Data Transfers

Some of our service providers (e.g., Google, Meta, LinkedIn) may transfer data outside the European Economic Area (EEA). In such cases, transfers are made under GDPR-approved mechanisms, such as the EU Standard Contractual Clauses (SCCs).

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to access – to obtain a copy of your data.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) – to request deletion of your data.
• Right to restrict processing – to limit how your data is used.
• Right to data portability – to receive your data in a structured, machine-readable format.
• Right to object – to object to processing for marketing or legitimate interest.
• Right to withdraw consent – at any time, without affecting the lawfulness of prior processing.

10. Data Security

We use appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. However, no online system is completely secure, and we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

We use cookies to enhance user experience, analyze website traffic, and deliver targeted ads. For detailed information on how we use cookies, please refer to our separate Cookie Policy.

12. Links to Third-Party Websites

Our Website may contain links to external sites. We are not responsible for the privacy practices or content of those websites. We encourage you to review their respective privacy policies.

13. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be published on this page with an updated “Effective Date.” Significant changes may be communicated via email or on our Website.

14. Contact Information