Thanks for using Smoolis or visiting one of our websites. When we talk about "Smoolis," "we," "our," or "us" in this policy, we are referring to "Smoolis GmbH", the company which provides the Services. When we talk about the "Services" in this policy, we are referring to our platform.
At Smoolis we pay special attention to security and respect the privacy and confidentiality of the users' personal data. That is why we have invested time and resources to fully comply with the applicable national (Swiss Data Protection Act - DPA), European and international legal framework, and the European Union’s General Data Protection Regulation 679/2016.
2. Data controller
The Personal Data controller is the Swiss Limited Liability Company under the name "Smoolis GmbH", based in Zürich, c/o The Hub Zürich Association, Sihlquai 131, Postcode 8005, in Switzerland and is legally represented, VAT ID: CHE-114.678.574 MWST, email: firstname.lastname@example.org, and is active in development, provision of services, distribution and trading of IT and data processing solutions and distribution of products in the fields of design, engineering and communication.
3. Personal Data
The term "personal data" means any information related to an identified or identifiable natural person. The identifiable natural person is a person whose identity can be identified directly or indirectly, in particular by reference to an identifier such as name, address, location data, or an online identity identifier such as an Internet Protocol (IP) address.
Personal information does not include any information that, by itself, cannot recognize you as a particular person or entity (e.g., anonymized information) or data collected for statistical purposes.
The personal data you may enter anywhere on our platform are subject to processing and are stored in a file under the responsibility of the controller mentioned above, only for reasons relating to:
a. the development, execution, implementation and dissemination of the Smoolis platform,
b. your account management and processing of your requests,
c. the provision, with your consent, of information regarding the Smoolis platform. Such a provision of information includes email messages, and
d. in general, the improvement of the services we provide. Your personal data are not allowed to be used by any third party, except as provided by the law and this Policy.
We collect and process information that is considered purely personal data, as well as other information that is not considered as such. Information that cannot identify you as a specific person can be used without restrictions.
Our platform does not collect or process sensitive personal data, namely, data related to a user's health, sex life, sexual orientation, genetic or biometric data, or data revealing one's racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in a trade union.
When you create an account and sign up on our platform, we collect the information you provide us, including your first name, your last name, a valid email address (username), a password and a Smoolis subdomain name for using the Services (e.g. subdomainname.smoolis.com). After completing our registration form, you will receive a welcome email describing your new Smoolis account and how to access that account. You're able to opt-out from this trial notification-process by closing your trial account. The notification process will be stopped automatically after the trial phase of fourteen (14) days.
If you choose to continue our Service with a paid account, we will acquire the following personally identifiable information from you: credit card number, credit card expiration date, cardholder name and security code (CVV/CVV2/CVC2). This information is used to verify credit card authenticity, and process payments as per your applicable service agreement. If we are unable to process your subscription for a given month, this information, along with your account information, may be used to contact you.
When you send us emails or other communications, such as customer support inquiries, we maintain those communications and their contents so that we can resolve your inquiries or otherwise assist you.
User Content. When you use our Services, we store, process and transmit your User Content (such as your photos) and information related to your User Content. We process and store such files and information in order to provide our Services, as described in our Terms of Service.
Location Information. Your devices (depending on your settings) may transmit location information to our third-party service providers. We only store and process information related to your country.
If not required by law, we will not obtain your consent before collecting your personal data from third parties. Instead, it will be deemed that you have previously given such consent to any third party from whom our platform receives such information.
Third Party Account Information. If you use Third Party Services, such as social media or photo-sharing services, you may provide us with your Third Party Services account information, such as your username (note that we don’t store any passwords you use to access Third Party Services). We transmit, and may store, such account information, only as needed to provide our Services, and only in accordance with the terms and policies of the Third Party Services.
If you wish so, we may use the personal data you provide when signing up and using our platform to inform you by email about services that may be of interest, new product features, promotional communications, newsletters and other announcements.
Administrative access to your Smoolis website. Please be aware that Smoolis team members are also authorized in specific situations to access the administrative section of your Smoolis website when fulfilling customer service requests and tracking errors. This necessarily grants them the possibility to view all parts of your Smoolis website, including all password-protected areas. All members of our team are regularly trained in privacy and data protection sensibility and confidentiality.
We may provide personal data to other persons in cases where:
a. you have provided your explicit consent by clicking on the checkbox "I accept";
b. this is required by law, court order or at the request of any other competent governmental, judicial, police, administrative or regulatory authority, upon legal request and in accordance with the relevant laws,
c. this is necessary to protect our rights,
d. the platform is used in a manner that violates the Terms of Service or for purposes other than those for which it was intended specifically or
Third Parties You Authorize: You can give third parties access to your and your End Users' information on the Services. The third party's use of this information will be governed by the terms and privacy policies of the third party.
3.4. PurposesThe personal information we collect will be only used for the defined, explicit, and legitimate purposes explained to you and will not be further processed in a manner incompatible with those purposes. Moreover, we limit the collection to only those information that is appropriate, relevant and necessary for the purposes explained to you.
3.5. Period of maintenance
We keep personal data and other information until the termination of the user's account or as long as it is necessary to answer any questions and solve problems arising from your relation therewith, with the exception of payment data. Due to tax regulations we are obliged to save billing information for a period of ten (10) years.
When we no longer require your personal information, we will destroy, delete or anonymize the information without prior notice to you.
We can delete information and content of your account without sending notice to you. The same holds true, when your account is terminated.
4. End User information
End user payment information. Your end users' payment information may be processed via third party e-commerce payment processors which you integrate into your account, in accordance with such e-commerce payment processors' terms and policies. We transmit your end users' complete payment information when they initially provide, only so that we can pass it along to the e-commerce payment processors you agree to use. We don't collect or store your end users' payment information.
Our platform addresses the issue of protecting your anonymity and personal information very seriously. We protect your personal data and, in general, the information we receive about you, and we guarantee their confidentiality, integrity and availability using appropriate security measures, according to the most up-to-date and advanced technological methods. These measures include technical and procedural steps to protect your data from misuse, unauthorized access or disclosure, loss, alteration or destruction.
To prevent unauthorized access and transmissions, promote data security, and encourage appropriate use of information, we and our service providers use a variety of tools (encryption technologies, passwords, physical and electronic security, procedural safeguards) to assist in the protection of your information. However, "perfect security" does not exist on the internet or through data transmissions, so we make no guarantees. Third parties may unlawfully intercept or access transmissions or private communications and you should not expect that your personal information will remain private.
For the HTTPS encryption (TLS) of our website and your Smoolis website we use the free service (Let's Encrypt). Via the integration of encryption certificates Smoolis can provide a so-called transport encryption that protects the communication to a Smoolis site from unwarranted access of unauthorized third parties.
Our platform supports security protocols (SSLs) and encryption mechanisms (HTTPS protocol) that allow secure data transmission to the network. It also uses mechanisms for access control, SQL injection, Cross-site scripting (XSS) vulnerabilities, and session hijacking security mechanisms to effectively protect data and minimize risks. We employ security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities. Payment information is transmitted using HTTPS encryption, and we maintain a PCI DSS Compliance.
Your personal data is stored on an encrypted server (Amazon S3) and can only be accessed by the employees authorized by the company "Smoolis GmbH", and only when this is necessary, e.g. to handle your requests. We manage access to AWS services and resources securely with AWS Identity and Access Management (IAM).
For your own safety, you should also treat all information provided on our platform as confidential and private and not disclose it to third parties. Where you have selected an access code that allows you to access some options of our platform, you are solely responsible for keeping this access code. If the access code is stolen or misused, it is your sole responsibility to notify us immediately. Additionally, it is your responsibility to limit access to your computer and browser by signing off after you have finished accessing your account.
What are cookies? Cookies are pieces of information in the form of very short alphanumeric text, stored on your computer with your own approval, and they help the more efficient operation of our platform. Cookies in no way cause harm to the user's computers or the files kept on them.
What cookies do we use and why?
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
- Some cookies are necessary to improve and customize our Services and your experience; to allow you to access and use the Services without re-entering your username or password; to understand usage of our Services. The use of these cookies is essential for the website to work, and we do not use these cookies to collect personal information about you.
- We also use functional cookies to remember choices you've made on information you've provided, such as your language. This allows us to tailor your website experience specifically to your preferences.
- We use performance cookies to collect information about how you interact with our website. These cookies only gather information for statistical purposes and do not gather any information that can personally identify you. However, because these cookies are not strictly necessary for the use of our website, we require your consent to use them. The performance cookies we use include:
- First party analytics cookies to estimate the number of unique visitors and to improve our website.
- For statistical purposes we use Google Analytics cookies to help us understand how visitors arrive at and browse our website to identify areas for improvement such as navigation, user experience, and marketing campaigns. The data collected is processed in a nonpersonally-identifying form (anonymizeIp - IP Anonymization). Google Inc. discloses this information only to third parties to the extent required by law. To opt-out of Google Analytics visit Google Analytics Opt-out Browser Add-on.
Stores a flag when there is currently a user logged in
How can you opt-out?
- More information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.
For safe browsing on our platform, Smoolis complies with the European Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector, as amended by Directive 2009/136/EC.
We can receive personal information about you from various sources or by different methods. The way of consent may vary depending on each source or method.
You can revoke your consent at any time by sending an email to email@example.com, without prejudice to the legitimacy of the consent-based processing prior to its revocation. Your data is then deleted, or provided that it is necessary for billing and accounting purposes, blocked accordingly.
8. Access to personal data
To modify the personal information you have provided to us, simply log into the Services and update your profile. We may retain certain information as required by law or for necessary business purposes.
You are entitled to receive from us a confirmation of whether or not your personal data is being processed and, if so, you have the right to access your personal data, as well as
a. the purposes of the processing;
b. the relevant categories of personal data, recipients or any types of recipients to whom personal data have been or will be disclosed;
c. where possible, the period during which personal data will be stored;
d. the existence of a right to request us to correct or delete personal data or to restrict the processing of personal data or the right to object to such processing;
e. the right to submit complaint to a supervisory authority;
f. when personal data are not collected by you, any available information about their origin;
g. the existence of automated decision-making, including profile making and important information about the philosophy followed, as well as the importance and predicted consequences of such processing for you.
You can ask us to provide to you a copy of your processed personal data. For additional copies that may be required, a fee of twenty (20) USD is required.
Any request for access to information should be addressed to the person in charge of
processing your personal data at firstname.lastname@example.org.
We will respond within one (1) month.
9. Rights of correction, deletion, limitation, portability and objection
We are committed to ensure that your personal data is kept confidential and to ensure that you exercise your rights of access, correction, deletion, restriction, portability and objection by sending an email to email@example.com. If necessary, we will ask you to provide us with a photocopy of your identity card, passport or other valid documentary evidence.
Right of correction. The user is entitled to require us without undue delay to correct inaccurate personal data. Having regard to the purposes of the processing, the user is entitled to require the completion of incomplete personal data, including among others through a supplementary statement.
Right of deletion. The user is entitled to ask us to delete personal data if:
a. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
b. the user has revoked the consent on which the processing is based and there is no other legal basis for the processing,
c. the user objects to the processing,
d. the personal data have been processed illegally,
e. data must be deleted so that the controller's legal obligation is respected; and
f. personal data has been collected in connection with the provision of services in the information society. Requests for deletion of personal data are processed within one (1) month. In the event that personal data is disclosed, we, taking into account the available technology and implementation costs, shall take reasonable steps, including technical measures, to inform third parties processing such data that the platform's user has requested the deletion of any links to such data or copies or replications of personal data. Please note that there may be latency in deleting your personal information from our servers and backup storage, and we may retain your personal information in order to comply with the law, protect our rights, resolve disputes or enforce our agreements.
You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (EU) 2016/679 (GDPR).
10. Disclaimer on Third-Party Websites
Links to third-party websites. When you visit our site, you may be forwarded to third-party internet pages which are not under our control. These links are set up to make it easier for you to use the internet. Please be aware that we are not responsible for the privacy practices or content of such other sites and expressly disclaim any liability for any loss or damage that may be caused by the use of such links. We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects personally identifiable information.
Social media platforms and widgets. We also maintain presences on social media platforms including Facebook, Twitter, Pinterest, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects personal data.
11. Customer Obligations
The user of our platform guarantees that the provided information is correct and accurate and is committed to disclose any changes or modifications thereof. The user is the sole responsible for any loss or damage caused to our platform or to any third party responsible for the platform as a result of incorrect, inaccurate or incomplete information in the login fields.
We may periodically email you to inform you about changes in our Services, our Services offerings (discounts), and important service-related announcements such as security and fraud notices. We'll also send you emails related to your transactions. These communications are considered part of the Services and you may not opt out of them.
We may also send you at regular intervals marketing or promotional communications. Such messages are sent only if you subscribe to them and for as long as you wish. You can opt out of receiving subsequent marketing or promotional communications by clicking the link marked unsubscribe (or a similar phrasing) that's included in those communications.
13. Additional information
When you post content on our platform or under your Smoolis account, this may include your personal data. You are solely responsible for the information that you:
a. post online,
b. post via our platform or under your account and/or
c. share with another website where you log in from our platform. If you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties or other unwanted and potentially harmful contacts. We warn you to be careful when posting information that is accessible to the public.
Blog. We have a public blog on our Website. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you want it removed, contact us at firstname.lastname@example.org.
We will notify you of such changes by posting the revised policies on its homepage and
a. will notify you through the Smoolis admin area, or
b. send you an email to the address you provided when creating your account.
15. Final provisions
We respect and esteem the users of our platform and their privacy. Therefore, we want to hear from you, if you have any questions, comments or complaints about our privacy practices, or if you want to update, delete, or change any personal information we hold. You can email us at email@example.com or mail us to "Smoolis GmbH, c/o The Hub Zürich Association, Sihlquai 131, 8005 Zürich, Switzerland".