1. Data Controller

SmartWMS ("we", "us") operates the SmartWMS warehouse management platform at smartwms.one. We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws. Registered address: European Union Email: privacy@smartwms.one

2. Data We Collect

We collect the following categories of personal data: • Account data: name, email address, phone number, company name, job title • Warehouse operations data: inventory movements, order processing, stock levels • IoT telemetry: device readings, sensor data, environmental measurements • Quality control records: inspection results, defect reports, hold records • Labor management data: shift schedules, worker performance metrics • Route and delivery data: delivery addresses, route optimization data • Lot traceability: batch numbers, origin data, expiry dates • Technical data: IP address, browser type, device information, access logs • Payment data: processed securely through third-party payment providers (Stripe)

3. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6): • Contract performance: Processing necessary to provide the SmartWMS service you subscribed to • Legitimate interests: Analytics, security monitoring, service improvement • Legal obligation: Tax records, audit logs, regulatory compliance • Consent: Marketing communications, optional analytics cookies

4. How We Use Your Data

We use your personal data to: • Provide and maintain the SmartWMS warehouse management service • Process orders, inventory movements, and warehouse operations • Generate analytics, reports, and business intelligence • Provide technical support and communicate with you • Ensure platform security and prevent fraud • Comply with legal obligations • Send marketing communications (with your consent only)

5. Data Sharing

We may share your data with: • Cloud infrastructure providers (hosting within the EU) • Payment processors (Stripe) for billing • Analytics services (in anonymized form) • Law enforcement (when legally required) We never sell your personal data to third parties. All sub-processors are bound by data processing agreements ensuring GDPR compliance.

6. Data Security

We implement robust technical and organizational measures: • TLS/SSL encryption for all data in transit • Encryption at rest for sensitive data • Multi-factor authentication support • Role-based access control with tenant isolation • Regular security audits and penetration testing • Automated daily backups with 30-day retention • Employee security training and awareness programs • Sentry error monitoring for rapid incident response

7. Data Retention

We retain your data for the duration of your active subscription. After account closure: • Account data: deleted within 90 days • Operational data: retained for 90 days, then permanently deleted • Audit logs: retained for 12 months for legal compliance • Backup copies: automatically purged within 30 days • Payment records: retained as required by tax law (typically 7 years)

8. Your GDPR Rights

Under GDPR Articles 15-22, you have the following rights: • Right of access (Art. 15): Request a copy of your personal data • Right to rectification (Art. 16): Correct inaccurate personal data • Right to erasure (Art. 17): Request deletion of your data • Right to restriction (Art. 18): Limit how we process your data • Right to data portability (Art. 20): Receive your data in a machine-readable format • Right to object (Art. 21): Object to processing based on legitimate interests To exercise any of these rights, contact us at privacy@smartwms.one. We will respond within 30 days.

9. Cookies

We use cookies to operate the service effectively: • Essential cookies: Required for authentication and core functionality • Functional cookies: Remember your preferences (language, theme) • Analytics cookies: Help us understand service usage (with consent) You can manage cookie preferences through your browser settings or our cookie settings page.

10. International Data Transfers

Your data is primarily stored and processed within the European Union. If any data transfer outside the EU is necessary, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through a notice in the service. Your continued use of SmartWMS after changes constitutes acceptance of the updated policy.

12. Contact Information

For any privacy-related questions or requests: Email: privacy@smartwms.one Data Protection Officer: dpo@smartwms.one You also have the right to lodge a complaint with your local data protection supervisory authority.

Your Rights Under GDPR

Right of access to your data

Right to correct inaccurate data

Right to erasure (right to be forgotten)

Right to restrict processing

Right to data portability

Right to object to processing

Data Protection Officer

For privacy inquiries, data access requests, or to exercise your GDPR rights:

privacy@smartwms.one