— GDPR COMPLIANCE —
ARN Smart by Abdulrahman Nahhas (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and personal data of all our users. This GDPR Compliance page outlines how we comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 for individuals located in the European Economic Area (EEA), including the United Kingdom and Switzerland.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation that strengthens and unifies data protection laws for individuals within the EEA. It grants individuals greater control over their personal data and imposes strict obligations on organizations that collect, process, or store such data.
2. Our Role as Data Controller
For the purposes of GDPR, ARN Smart acts as the Data Controller for the personal data we collect from you when you:
Visit our website (arnsmart.com)
Create an account
Purchase a license for Cardix, Ticketix, WebP, or Linkix via Paddle
Contact customer support
Subscribe to our communications
We determine the purposes and means of processing your personal data and are responsible for ensuring that your data is handled in compliance with GDPR.
Paddle (our Merchant of Record) acts as an independent Data Controller for payment processing. Please review Paddle’s privacy policy for details on how they handle your payment information.
3. Legal Basis for Processing
Under GDPR, we must have a legal basis to process your personal data. We rely on the following legal bases:
| Legal Basis | Explanation |
|---|---|
| Contractual Necessity | Processing is necessary to fulfill our contract with you, including providing access to our Products, delivering license keys, and offering customer support. |
| Legitimate Interests | Processing is necessary for our legitimate business interests, such as improving our Products, preventing fraud, and sending administrative communications, provided such interests are not overridden by your data protection rights. |
| Legal Obligation | Processing is necessary to comply with legal obligations, such as tax reporting, record-keeping, and responding to lawful requests from authorities. |
| Consent | For certain activities, such as marketing communications or non-essential cookies, we will obtain your explicit consent, which you may withdraw at any time. |
4. Your Rights Under GDPR
If you are located in the EEA, you have the following rights regarding your personal data:
4.1 Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your verified request.
4.2 Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to request correction or completion.
4.3 Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data when:
The data is no longer necessary for the purposes for which it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Erasure is required to comply with a legal obligation
We may retain certain data if required for legal, tax, or fraud prevention purposes.
4.4 Right to Restrict Processing
You have the right to restrict processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or object to processing.
4.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where processing is based on consent or contract and carried out by automated means.
4.6 Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
4.7 Right to Withdraw Consent
If we rely on your consent for processing (e.g., marketing emails, non-essential cookies), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
4.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority in your member state if you believe our processing of your personal data violates GDPR.
5. How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us using the information in Section 12. To protect your privacy, we may require verification of your identity before processing your request. We will respond to all legitimate requests within 30 days.
6. Data We Collect
As detailed in our Privacy Policy, we collect the following categories of personal data:
| Category | Examples |
|---|---|
| Identity Data | Full name, username, account credentials |
| Contact Data | Email address, billing address, phone number |
| Transaction Data | Purchase history, license keys, order details (processed via Paddle) |
| Technical Data | IP address, browser type, operating system, device information |
| Usage Data | Pages visited, time spent, feature usage within our Products |
| Product-Specific Data | Linkix: click analytics, referral sources, geo-tracking data; WebP: image processing metadata; Cardix: invitation recipient data, RSVPs; Ticketix: support ticket content |
7. Data Transfers Outside the EEA
Your personal data may be transferred to and processed in countries outside the European Economic Area, including Turkey (where our company is located) and other countries where our service providers (such as Paddle) operate.
When transferring data outside the EEA, we ensure that appropriate safeguards are in place, such as:
Standard Contractual Clauses (SCCs) approved by the European Commission
Compliance with the EU-U.S. Data Privacy Framework (where applicable)
Binding Corporate Rules (where applicable)
By using our Services, you acknowledge that your data may be transferred to countries that may have different data protection standards than your country of residence.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
For the duration of your active license or account
To comply with legal, tax, and accounting obligations (typically 7 years for tax records)
To resolve disputes and enforce our agreements
When data is no longer required, we securely delete or anonymize it.
9. Cookies and Tracking Technologies
Our use of cookies and similar technologies is governed by our Cookie Policy. For users in the EEA, we:
Obtain explicit consent before placing non-essential cookies (e.g., analytics, marketing)
Provide a cookie consent banner upon your first visit
Allow you to manage your cookie preferences at any time
Essential cookies (required for website functionality, security, and payment processing via Paddle) do not require consent.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include:
Encryption of data in transit (SSL/TLS) and at rest
Access controls and authentication mechanisms
Regular security assessments
Staff training on data protection
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.
11. Third-Party Processors
We use trusted third-party processors to help us deliver our Services. Each processor is contractually obligated to handle your data in compliance with GDPR. Our primary processors include:
| Processor | Purpose | Location | GDPR Compliance |
|---|---|---|---|
| Paddle | Payment processing, merchant of record, fraud prevention | UK / Global | GDPR compliant; Data Processing Agreement available |
| Web Hosting Provider | Website and server infrastructure | [Insert Location] | GDPR compliant |
| Analytics Provider | Website usage analytics | [Insert Location] | GDPR compliant with appropriate safeguards |
We maintain a full list of sub-processors. Please contact us to request this information.
12. Contact Us
If you have any questions about this GDPR Compliance page, wish to exercise your rights, or need to report a data protection concern, please contact us:
ARN Smart by Abdulrahman Nahhas
Data Protection Contact: Abdulrahman Nahhas – CEO
Address: Fulya Mah. Kozacık Sok. No:2 D:12 Şişli İstanbul Türkiye
Phone: +90 552 290 00 10 / +90 552 290 00 20
Email: policy@arnsmart.com
13. Changes to This GDPR Compliance Page
We may update this page from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any updates will be posted on this page with an updated “Last Updated” date. We encourage you to review this page periodically.
This GDPR Compliance page is effective as of March 27, 2026. For users in the European Economic Area, this document supplements our Privacy Policy and outlines your specific rights under EU data protection law.
