Smile FAQ Support Center

Contact Us
  1. Support
  2. Legal
  3. Smile's GDPR regulation policy

Smile's GDPR regulation policy

Our EU GDPR regulation policy

 

We recognise that as a Smile Network subscriber signing up to our services you entrust us with some of your personal information and it’s always been a priority for us at Smile Network to protect your data and to provide you with choices about controlling it.

 

Following the release of new EU GDPR regulations as of 25th May 2018

 

We at Smile Network have taken steps to provide complete transparency about how we use and protect your data.

 

We’ve put this webpage together as a guide to answer some of the most common questions you might have.

 

We at Smile Network have implicated some technical and physical

 

controls to prevent unauthorised access to your personal data.

 

We restrict access to personal data only to our employees who need to know this information in order to operate, process, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they do not meet these obligations.

 

Data retention

 

Smile Network collects and retains various elements of your data during your relationship with us. In general we retain this data for a maximum period of 90 days after we close your account.

 

EU General Data Protection Regulation (GDPR)

 

What is GDPR?

 

The General Data Protection Regulation (GDPR) is a new privacy legislation that replaces the EU Data Protection Directive (Directive 95/46/EC) within the European Union. The GDPR regulates the collection,use, transfer, and sharing of personal data with the key purpose of protecting it.

 

Why is GDPR important?

 

GDPR adds some new requirements regarding how companies should protect individuals' data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breaches. We are following the developments about GDPR and are taking the necessary steps to become compliant.

 

What constitutes personal data?

 

Personal data includes any information related to a living resident or citizen of the EU that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, medical information, or even an IP address or cookie.

 

Who does the GDPR affect?

 

The GDPR affects companies processing the personal data of individuals residing in the European Union, regardless of a company’s location. It applies not only to organisations located within the EU, but also to organisations located outside of the EU if they offer goods or services to or monitor the behavior of EU residents and/or citizens.

 

What happens when the UK leaves the EU?

 

The UK is hoping for a unique status under GDPR and are working towards it. For the time being the UK has declared it will be GDPR compliant and its new data protection bill is in line with GDPR.

 

How will the GDPR affect businesses?

 

The GDPR requires organisations to be transparent on how personal data is collected, used, and stored. This requires transparency from organisations on what personal data is collected, purposes for which it is collected, and who it is shared with. It also requires companies to enable individuals whose personal data is being processed to exercise their rights in relation to their data. The GDPR also requires companies to ensure appropriate protections when EU personal data is transferred outside the EU (including transfers to the US).

 

What new user rights does GDPR regulate?

 

Right to Access

 

EU residents and citizens (or “Data Subjects,” as they are called in the regulation) have the right to obtain confirmation from the organisation that has collected their data as to whether their personal data is being processed, where, and for what purpose. They also currently have (and will continue to have under the GDPR) the right to receive a copy of this personal data.

 

Right to Be Forgotten (or Data Erasure)

 

Data Subjects can demand that the organisations erase their personal data and cease further dissemination of the data. Data Portability. Data Subjects can receive the personal data concerning them (which they have previously provided) in a machine-readable format and have the right to transmit that data to another organisation.

 

How do we process your information?

 

Your IP Address & Cookies

 

The first time that you visit our website we store a record of your IP address on file and use cookies to track any subsequent visits and personalise your experience. If you wish to obtain a transcript of any data we hold for you we can supply this information on request, providing that we are able to identify you by your IP address in our database. We will store your IP address for 24 months, following which the data is permanently deleted. If you wish for us to permanently delete your data prior to the end of this retention period, please just let us know.

 

Email Address

 

Prior to becoming a customer, you may choose to provide us with your email address, ask a question, or download content from our website or our blog. We will store your email address, and any other information you provide to us and use that data to contact you about our services and products. This data will be retained for 24 months, following which it is permanently deleted (unless you become a customer in that period). You can unsubscribe from our emails at any time.

 

Payment card details

 

Your payment card details are not stored on our own systems.

 

They are collected either via our Merchant Gateway , or Desktop or Android app,

 

or via our admin website. The information is passed directly to authorize.net or worldpay

 

(our payment processor)

 

Who are our sub-processors?

 

We share certain information with companies that may be considered our "sub-processors" under GDPR. This information is limited to the following:

 

Chargebee

For billing, we process your name, billing address and subscription details.

 

Authorize.net & WorldPay

For payments, we process your name & billing address.

Your payment card details are passed directly to our merchant gateway providers -

they do not pass through our systems.

 

Hubspot

For customer marketing and new customer onboarding. We process your name, email address and subscription details (excluding payment details).

 

Chatport

 

Provide the chat/help system. Name, email, last activity dates, phone model, browser version, desktop OS version.

 

** Note collection and retention information for sub-processors above was correct at the time of publishing (23/05/2018).

 

What has SmileNetwork done to comply with GDPR?

 

We have implemented and are implementing changes

 

Our I.T & information security team is working to prepare SmileNetwork for GDPR.

 

We have already fully reviewed our data processing activities, and we are making any changes that are needed to comply with the new regulations of GDPR.

 

We only process data that is necessary

 

We only store and process data that is necessary to fulfill our contract with our customers. For any data that falls outside of this, we will seek and record your consent to do so.