Privacy Policy | Data Protection and GDPR

DATA CONTROLLER IDENTITY

Company And Privacy Contact Details

For account, billing, and legal compliance processing, the data controller is SILVERGAMING LTD (Company Number 14788829), registered office 4 Glencoe Terrace, Millbridge, Liversedge, United Kingdom, WF15 7HT. Privacy and data rights requests can be sent to info@zmirf.com.

ROLE

Controller And Processor Context

Depending on service type, Zmirf acts either as data controller (account, billing, legal compliance) or processor (customer-hosted workloads).

LEGAL BASIS

Why We Process Personal Data

We process personal data under contract necessity, legitimate interests, legal obligations, and consent where required.

TRANSFER

Subprocessors And Third Parties

Key partners may include payment processors, registrars, cloud providers, and support tooling under contractual safeguards.

1. Categories Of Data We Collect

Identity and account details: name, business entity, role, email, phone, authentication metadata.
Billing data: invoices, payment references, tax identifiers, currency preferences, transaction outcomes.
Domain and registry data: registrant contact details and technical records required for registrar workflows.
Support and service data: tickets, attachments, logs, and project communications.

2. Purpose And Legal Basis

Service delivery and account management: contract performance.
Billing, anti-fraud, and legal compliance: legal obligation and legitimate interests.
Security monitoring and abuse handling: legitimate interests and legal obligation.
Marketing communications: consent where required, with opt-out rights.

3. Sharing And International Transfers

Payments may be processed through Stripe or equivalent PCI-compliant processors.
Domain operations may require sharing with registrar partners such as Openprovider and relevant registries.
Where personal data is transferred outside your country, appropriate transfer safeguards are applied.

4. Retention And Security

Data is retained only as long as needed for contractual, legal, tax, security, and dispute-resolution purposes.
We apply access controls, logging, encryption in transit, and least-privilege principles where relevant.
No security method is absolute; customers remain responsible for credential and endpoint security.

YOUR RIGHTS

Data rights and requests

Access, rectification, erasure, restriction, and data portability requests.
Right to object to processing based on legitimate interests in specific circumstances.
Right to withdraw consent where processing is based on consent.
Right to lodge a complaint with your local supervisory authority.

PRIVACY CONTACT

Need a privacy response?

Send privacy requests to your account contact channel and include enough details for identity verification and case handling.

For supplier-side privacy processing, see the dedicated supplier privacy notice.

Submit a Request Supplier Privacy

How privacy controls apply across our services

Privacy controls are applied differently depending on service context. Account and billing data are handled for legal and operational obligations, while hosted customer data is processed according to service scope and documented instructions. We maintain separation between internal administration and customer workload processing.

Where third-party providers are required for payments, registrar functions, or infrastructure services, data handling is covered by contractual safeguards and access restrictions. We also review retention windows to ensure records are not kept longer than justified by legal, tax, security, or contractual requirements.

Role-based access to reduce unnecessary data exposure.
Logging and auditability for sensitive operational actions.
Retention review aligned with legal and business obligations.
Documented response process for verified privacy requests.