Any personal information provided or acquired by us is controlled by Smaily. For some parts of our Service, we use Subprocessors, which you can find here.
Smaily undertakes to process the personal information of the Customers, Customer’s email list data and our public Website’s users in accordance with the provisions of the General Data Protecition Regulation (GDPR) 2016/679 and all of Estonian and European local laws and regulations on the protection of individuals with regard to the processing of personal data.
When you use our Services, we receive and may collect the following information:
- Service use Information and cookies.
- Personal information you knowingly choose to disclose, which is collected on individual basis.
- Email addresses in the email lists you upload to our Services.
- All other information in the email lists you upload to our Services.
- Statistics information (which may include IP-addresses, browser information etc) gathered through tracking the dispatch of emails to the email lists.
When you click on links somewhere on our Website or inside the templates created in our Services, you may leave our Services. We are not responsible for the privacy practices of third parties, and we encourage you to study their privacy statements.
Privacy note about children
Our Services are not directed at children under the age of 16. We do not knowingly solicit or collect personal information from children under the age of 16.
Customer data processing
Smaily collects personal information from Customers who visit our Website and use our Services. Smaily is the data controller with respect to the Customer’s personal data. When the Customer creates an account or uses our Services, we require from you:
- Email address.
- Social media account ID, used to log into the Services.
- First and last name.
- Billing information such as company name, address, email address, company registration and tax ID numbers.
We may also ask Customers to provide additional personal information, on individual basis. We use the Customer’s registration information to authenticate users and provide access to the Services. We also use the email addresses used in the registration information to communicate with our Customers. From time to time, Smaily may contact you via email to notify you of changes or new features to its Services, scheduled maintenance information and other kind of Customer communication. The Customer is obliged to update the data provided in the registration form as soon as any change in these data has occurred. We will retain your information for as long as needed to provide you the Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
To help protect us against misuse of our Services or help Customers better use our Services, we have some safeguards in place where we may monitor the email lists and campaigns our Customers work with, for example:
- In some cases we may proactively contact new Customers to inquiry about the source of their email lists, if they have email addresses which trigger our warning systems.
- We might do automatic and / or manual reviews of the campaigns our Customers send out, to help them detect mistakes and / or stop campaigns that do not adhere to our Terms of service.
Provision of personal data in connection with your use of the Services is voluntary. Note, however, that the refusal to provide certain data may make it impossible for you to use all or part of the Services functionalities.
Smaily does not knowingly solicit or collect, and Customers should not provide any information regarding an email lists Subscriber’s medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive data.
Smaily takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. You can manage all of your account and profile settings in your Preferences page. However, if you want to contact Smaily directly about accessing, changing or deleting your personal information, or altering your data or marketing preferences, please contact us.
You also have rights for:
- Restriction: you can ask us to restrict processing your personal information.
- Objection: you can object to further processing your personal information.
- Withdrawal of consent: Where we rely on your consent to process your personal information, you have the right to decline consent and / or if provided, to withdraw it at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent.
- Portability: you can ask us to provide your information in a structured, commonly used and machine-readable form.
If you would like to exercise the above rights, please contact us and we will consider your request in accordance with GDPR or other data protection laws. We may ask you to verify your identity in order to help us respond to your request.
You also have the right to raise questions or complaints with your data protection authority at any time.
Please note that if we are processing your personal information on behalf of our Customers as a data processor, then you should direct any data rights requests directly to our Customer. We will not be able to respond to such requests and will refer any such requests to the relevant Customer.
Outsourcing of email lists subscribers personal data processing
Smaily recognizes the importance of respecting the privacy of Subscribers who decided to entrust their sensitive information with you. We make every effort to safeguard their security. Smaily will never use the information about the email lists Subscribers you collect within our Services to send any information other than expressly provided by you, nor will we share it with or sell it to anyone else for such use.
Your email lists Subscribers personal data processing may be outsourced to Smaily only where the Customer is the data controller (as specified by GDPR).
Smaily may process email lists Subscribers data within its capacity of data processor as specified in GDPR.
Further passing of the job of data processing may take place only within the limits, and for the purpose of proper provision of the Services. As for the countries from outside of the European Economic Area, Smaily shall cooperate only with entities from countries which ensure an adequate level of personal data protection and not use them to subprocess Subscribers personal information.
Smaily declares that it provides security measures protecting the databases, and meets the necessary technical and organizational requirements.
Smaily also ensures the implementation of legal notices in accordance with the relevant regulations.
Erasure of processed data
After removal of the Customer’s Account from the Services, Smaily shall delete information related to the Customer and the email lists Subscribers, as well as any statistical data without undue delay. The processing of personal data by Smaily after the removal may only involve processing of accounting information, as mandated by laws.
Sharing information regarding the Customers and email lists Subscribers
We reserve the right to disclose the Customer’s and email lists Subscriber’s personal information as required by law and when we believe that disclosure is necessary to protect our rights and / or comply with a judicial proceeding, Court order, or legal process served on Smaily.
In certain situations, Smaily may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We use other third parties in a scope necessary to provide the Services, such as a credit card processing company to bill the Customer for goods and services. When you sign up for the Services, we will share your information as necessary for the third party to provide the Service.
These third parties are prohibited from using your personal information for promotional purposes.
Website and Services use information
Our servers automatically collect site use information, each time you visit the Website or our Services.
The use information includes, but is not limited to the following: the domain names, operating system in use (e.g Macintosh, Windows), browser (e.g Mozilla Firefox, Google Chrome) and version, the Website which referred you to us, and other similar information. This information may be aggregated to measure the number of visits, average time spent on the Website, pages viewed, time and date of visits, and other similar information. We may use and disclose site use information, for example, to measure the use of the Website, improve the content, explain the utility of the Website and services we provide, and to extend their functionality.
As is true of most Websites, we gather certain information automatically and store it in log files. This information includes browser type, referring / exit pages, operating system, date / time stamp, and clickstream data.
We use this information, which does not identify individual users, to analyze trends, to administer the Website or the Services, to track users’ movements around the Website or our Services and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personal information.
Similar to other commercial websites, the technology called “cookies” may be used to provide you with tailored information. A cookie is a small piece of data that a website can send to your browser, which may then be stored on your hard drive, so we can recognize you when you return. You may be able to set your browser to notify you when you receive a cookie. Our cookies collect general information that enhances our ability to serve you and measure the utility of the Website or our Services. We do not link the information we store in cookies to any personal information you submit while on the Website or our Services.
Information we collect may be used to enhance your use of the Website, and to provide you with the Services, arrange the Website or our Services in the most customer friendly way, communicate special offers and featured items, and / or respond to your questions and suggestions.
Smaily collects only personal information that you choose to provide voluntarily registering to our Services. Smaily shall advise you which information is mandatory to provide and what you do not have to enclose.
When you send us an email, we use your email address to auto respond and / or reply to your question, and we will store your communication and our reply for any future correspondence. Beyond our initial reply, we will never use your email address to send you any unsolicited message or information, nor will we share it with or sell it to anyone else for such use.
When you accept to receive information about our services, promotions, newsletters, press releases, etc and / or new offers, we use your email address and any other information you give us to provide you with the information or other services, until you ask us to stop (using the “unsubscribe” instructions provided with each email communication).
When you request information or other services from us, we use your email address and any other information you give us to provide you with the information or other services that you requested, until you ask us to stop (using the “unsubscribe” instructions provided with each email, and / or as we otherwise provide), or until the information or service is no longer available.
We will never use your email address or other information to provide you with any unsolicited messages or information (unless that is part of the service you are requesting), nor will we share it with or sell, rent or lease it to any third party for such use.
We believe that keeping personal information secure is one of our most significant responsibilities and therefore software security is very important. We continuously scan our Services for vulnerabilities, using a combination of static source code analysis and dynamic testing. We understand that password reuse is a killer, so we provide only OAuth2 authentication log in methods with on optional two-factor authentication for added protection of your Account. We also:
- Encrypt all your data in transit using TLS.
- Have independent penetration tests conducted on a regular basis.
We restrict access to personal information about you to those employees and others who need to know that information to assist us in our business, or to provide products or services to you. We safeguard personal information, according to the established security standards and procedures, by maintaining physical, electronic, and procedural safeguards to the personal data information.
All of our Customers’ information, not just the sensitive information mentioned above, is restricted to our offices. Only employees who need the information to perform a specific job (e.g our accountant or a customer service representative) are personally granted access to sensitive information.
If you identify a vulnerability in our Website or Services, contact to report it to us.
Server and physical security at our offices
We use data centers around EU from highly rated data center providers to host our Services. They have proper certification and all the physical security protection measures necessary, to prevent unauthorized access and provide data security.
We cannot guarantee the security of your data while it is being transmitted over the Internet and through servers that are out of our control. Any data transmissions you make over the Internet (for example in public Wi-Fi hotspots, using third party proxy servers etc) is done so at your own risk. Once we receive the data transmission, we make our best efforts to ensure its security and privacy on our systems.
Security is the responsibility of everyone who works for us. We train our employees so that they can identify security risks and empower them to take action when necessary.
Business continuity / dowtime recovery
We have redundant, geographically separate data centers so that we can provide consistent services for you. In the event one of our data centers becomes unavailable, we can recover quickly so that you can still use our Services.
Facebook, Gmail or other OAuth2 provider
You log in to the Services using sign-in providers such as Facebook, Gmail or other OAuth2 providers. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form. Services like Facebook give you the option to post information about your activities in our Services to your profile page to share with others within your network, but our authentication does not do that.
Customer testimonials / reviews
We post customer testimonials / reviews on our Website which may contain personal information. We do obtain the customer’s consent via email prior to posting the testimonial / review to post their name along with their testimonial / review. If you wish to update or delete your testimonial, you can contact us.
View, change or remove Information
Upon request, Smaily will provide you with information about whether we hold any of your personal information. You may change or delete your information at any time by going to your Account’s Preferences. Please contact us if you need assistance in updating or reviewing your information.