Last Updated: 19 October 2018
For the purpose of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (“GDPR”) or any subsequent amendment or replacement or supplementary legislation (together “Data Protection Law”), the data controller is SmileBack LLC of 427 N Tatnall St #64120, Wilmington, DE 19801-2230, USA.
Legal Basis for Processing
We collect and use the Personal Information described below in order to provide you with access to our Site and Service in a reliable and secure manner. We also collect and use Personal Information:
- For our legitimate business needs.
- To fulfil our contractual obligations to you.
- To comply with our legal obligations.
To the extent we process your Personal Information for any other purposes, we ask for your consent in advance or require that our partners obtain such consent.
Information We Collect
- We collect Personal Information, Customer Data, and Aggregated Information in the following ways:
- When you voluntarily give us information. For example, you may provide us information by filling in forms on our Site or within the Services, by corresponding with us by telephone, email or otherwise. This includes information you provide when you set up an account, register to use our Site, Services or apps, register for our newsletter, search for a product, place an order on our Site, participate in discussion boards or other social media functions on our site, take part in a survey or promotion or report a problem with our Site or Services. We may ask for Personal Information such as your name,email address, phone number, company name, job title, financial, and credit card information. As part of our Services, we also collect reviews and ratings that consumers provide us about our customers’ businesses.
- When you use our Site and/or Services. We automatically collect information about how you interact with our Services and Sites, including:
- Device information, such as your hardware and operating system;
- Log information, or information that our servers automatically generate when you use our Services. Log information includes information like your search queries, your IP address, browser type, hardware settings, browser language, and cookies that uniquely identify your browser, plugins, time zone settings.
- Visit information, such as the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- Location information, which may be derived by our service providers from your IP address, Wi-Fi access point, and/or cell tower.
- Through our service providers.We have contracts with service providers who may, in the course of providing services to us and to the extent you give information to them, supply us information about you like your IP address, location, name, email address, browser type, and hardware. Our service providers who provide information to us include products like Google Analytics and HubSpot which provide information about how users interact with our Sites.
- Through cookies and similar technologies. We and our partners may use various technologies to identify your browser or device to distinguish you from other users of the Site or Services. This helps to provide you with a good experience when you browse our Site or use our Services and allows us to improve our Site and Services.
What are Cookies
Cookies are small data files stored on your hardware that help us remember you and your settings and to collect general, anonymous information about how users use our Services. Cookies can be “persistent” or “session” cookies. We use persistent cookies and session cookies.
A persistent cookie is stored on a user’s device in between browser sessions which allows the preferences or actions of a user across the Site or Services (or in some cases across different websites) to be remembered. We use persistent cookies to save your login information for future logins to the Site or Services.
A session cookie allows the Site to link your actions during a browser session. We use session cookies to enable certain features of the Site or Services, to better understand how you interact with the Site or Services and to monitor aggregate usage by users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site or Service and then close your browser.
Which cookies we use and why
The table below explains the cookies we use and why we use each of them.
We use analytics cookies to tell us whether you have visited the Site previously, and to gather statistics about visits to a page.
When you sign in, we generate cookies that let us know whether you are signed in or not. Our servers use these cookies to work out which account you are signed in with.
We use site performance cookies to remember preferences you may have set on our Sites.
You can set up your browser options, to stop your computer accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use the whole of the Site or all functionality of the Services.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
How We Use Your Information
We respect the confidential nature of your Customer Data. SmileBack will not review, share, distribute, or reference any Customer Data, except as provided in our Terms of Service, DPA, or as may be required by law. In accordance with our Terms of Service, we may access your Customer Data to provide you with the Service, as well as to prevent or address service or technical problems. We may also access your Customer Data to provide you with customer support.
When you provide Personal Information to us, we use your Personal Information to provide you with access to the requested Service, content and/or information. We may also use your Personal Information to help us understand who is visiting this Site and using our Service. We may also use your Personal Information to:
- Carry out our obligations arising from any contracts entered into between you and us.
- Provide technical administration and customer support.
- Respond to your inquiries.
- Send important notices, such as communications about purchases and changes to our terms, conditions, and policies.
- Process payment for purchases you make.
- Deliver products and services you purchase or request.
- Provide you with the information, products and services that you request from us.
- Provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
- Make it easier for you to log back into this Site and the Service.
- Contact you about our specials and new services or specials and new services from our affiliated companies or other third parties, we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this by ticking the relevant box situated on the form on which we collect your data.
- Verify your eligibility and deliver prizes in connection with contests and sweepstakes.
- Notify you about changes to our Site or Services.
- Ensure that content from our Site or Services is presented in the most effective manner for you and for your computer.
Use of Information we collect from you
We may use your Personal Information to:
- Administer our Site and Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- Inform you about scheduled Service downtimes and new features.
- Improve our Site and Services to ensure that content is presented in the most effective manner for you and your computer.
- Allow you to participate in interactive features of our Services or Site when you choose to do so.
- Part of our efforts to keep our Services and Site safe and secure.
- Make suggestions and recommendations to you and other users of our Site or Services about our goods or services that may interest you or them.
- Enforce our Terms of Service.
- Protect against or identify fraudulent transactions.
Information we receive from other sources
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We collect, analyze and use Aggregated Data to help us provide you with a better user experience. For example, we keep track of the domains from which users visit this Site and we also measure visitor activity on this Site. When we use Aggregated Information, we do so in a way that keeps your Personal Information anonymous. You hereby acknowledge and agree that SmileBack may make Aggregated Information publicly available, provided that such information does not incorporate any Customer Data and/or identify you or your Confidential Information. By way of example, we use Aggregated Information to:
- Analyze our audience size and usage patterns.
- Develop, deliver, and improve our Services.
- Develop and display content and advertising tailored to your interests.
- Process payment for purchases you make.
Disclosure of Your Information
SmileBack is not in the business of sharing or selling your Customer Data or Personal Information. We consider this information to be a vital part of our relationship with you. However, in addition to specific requests by you, there are certain circumstances in which we may share your Customer Data and/or Personal Information with third parties without further notice to you, as set forth below:
- Business Transfers. As we develop our business, we may buy, sell or reorganize businesses or assets. In the event of such sale, merger, reorganization, dissolution or similar event, Personal Information may be part of the transferred assets.
- Agents, Consultants and Service Providers. SmileBack, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function, and we only allow them to process that information for the purposes the information was collected.
- Customers. SmileBack collects feedback, reviews, and ratings from consumers and businesses on behalf of subscribers to the SmileBack service. The information provided to these subscribers includes a rating of the subscriber’s business and, if supplied by the consumer or business, qualitative feedback in the form of a note or message to the subscriber’s business.
- Credit Card Processing. We use a third-party service providers to manage subscription billing and credit card processing. These service providers are not permitted to use billing information except for the sole purpose of processing subscription billing and credit card transactions on SmileBack’s behalf.
- Site Optimization. We use analytics and search engine providers to assist us in the improvement and optimization of our Site and provide information to providers such as Google for these purposes.
- Legal Requirements. SmileBack may disclose your Personal Information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation; (ii) enforce, protect or defend the rights or property of SmileBack our customers, or others; (iii) act in urgent circumstances to protect the personal safety of users of this Site or the public; or (iv) protect against legal liability; (v) to enforce or apply our Terms of Service or any other agreements; (vi) for fraud prevention; or (vii) credit risk reduction.
From time to time, SmileBack may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from us, SmileBack may share information collected in connection with your purchase or expression of interest with our joint promotion partner(s). SmileBack does not control our business partners’ use of the information we share with them, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, your sole remedy is to opt not to purchase or specifically express interest in a jointly-offered product or service.
EU-US and Swiss-US Privacy Shield Frameworks
- Access. You have the right to access your Personal Information to the extent that the burden or expense of providing access would not be disproportionate to the risk of violation of your or someone else’s privacy.
- Choice. You may opt out of the onward transfer of your Personal Information by sending us an email with your name and a statement that you do not want us to provide your Personal Information to third parties. Please be advised that if you opt out, our Services might not be functional for you.
- Onward Transfer. SmileBack remains responsible for any Personal Information that is shared under the Onward Transfer Principle with third parties processing Personal Information on our behalf. For more information on third parties with whom we might share your information, please see the “Disclosure of Your Information” section above. SmileBack will only disclose Personal Information to third parties that is relevant to the purposes for processing that information and only to the extent compatible with the purposes for which it was collected or subsequently authorized.
- Legal Requests. We might be required to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Enforcement. SmileBack’s compliance with the Privacy Shield Principles is subject to the investigatory and enforcement powers of the US Federal Trade Commission or any other body designated by statute.
- Questions and Disputes. Please feel free to contact us with any questions or concerns relating to our Privacy Shield certification. You have the option to resolve any applicable disputes you have with us in connection with our EU-US and Swiss-US Privacy Shield certification through JAMS, an alternative dispute resolution provider based in the United States. You can file a claim with JAMS here. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles in each of the Privacy Shield Frameworks.
Special Notification for California Residents – Your Privacy Rights
Individuals who are residents of California and have provided their Personal Information to us may request information regarding our disclosures, if any, of their Personal Information to third parties for direct marketing purposes. Such requests must be submitted to our Privacy Officer in writing at firstname.lastname@example.org or:
Attention: Privacy Officer
427 N Tatnall St #64120
Wilmington, DE 19801-2230
Such requests must include the reference “Request for California Privacy Information” in the subject line and in the body of the message and must include the e-mail address or mailing address, as applicable, for us to send our response. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted to us if not submitted pursuant to the terms set forth above.
Special Notification for Individuals Located in the European Union – Your Rights
You have the right under Data Protection Law, free of charge, to request:
- Access to your Personal Information.
- Rectification or deletion of your Personal Information.
- A restriction on the processing of your Personal Information.
- Object to the processing of your Personal Information.
- A transfer of your Personal Information (data portability).
Where we process your Personal Information for marketing purposes, we will inform you and obtain your opt in consent (before collecting your Personal Information if we intend to use your Personal Information for such purposes or if we intend to disclose your information to any third party for such purposes. If you change your mind about being contacted in the future, please opt out by clicking the “unsubscribe” link at the bottom of any email. Once you do this, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
We send push notifications from time to time in order to update you about any service updates, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device.
Storage of Personal Information
Our Services are global and your information (including Personal Information) may be stored and processed in any country where we have operations or where we engage service providers, and we may transfer your information to countries outside of your country of residence, which may have data protection rules that are different from those of your country of residence.
The Personal Information that we collect from you may therefore be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or partners. Such staff or subcontractors maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details or the provision of support services. By submitting your Personal Information, you agree to this transfer, storing or processing outside of the EEA.
Our Site is accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Site from outside the EEA. This means that where you chose to post your data on our Site, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.
Protection of Your Information
All information you provide to us is stored on our secure servers. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will endeavour to protect your Personal Information, we cannot guarantee the security of your data transmitted to our Site or Services. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Links to Other Websites
Our Site or Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We retain Personal Information for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the Site or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed or you cease using the Site for the purposes set out below.
After you have closed your account or ceased using the Site or Services we usually delete Personal Information, however we may retain Personal Information where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our Terms or Services, or fulfil your request to “unsubscribe” from further messages from us.
We will retain de-personalised information after your account has been closed.
Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Site or Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.
Age of Users
This Site and the Services are not intended for and shall not be used by anyone under the age of 18.
427 N Tatnall St #64120
Wilmington, DE 19801-2230
If you have questions, comments or concerns about our use of Personal Information collected from individuals located within the European Union or SmileBack’s compliance with Data Protection Law, please contact SmileBack at:
427 N Tatnall St #64120
Wilmington, DE 19801-2230