Last edited: August 3rd, 2022. Added duration of processing.
Smarp is a web based online content sharing and employee advocacy service owned and operated by Smarp Oy (hereinafter “Smarp”, “we” or “us”) that allows users (hereinafter “you”, “Users” and “User” in singular) to consume and share content created or approved by their employer internally or to their connected social media platforms (hereinafter “Service”). Via the Service, a company (hereinafter ”Company”) purchases and establishes a Smarp account and we provide an online Instance comprising of the authorized Users for the Company (hereinafter ”Company Instance”). Smarp has agreed with your employer additional terms in the agreement we have with your employer (hereinafter ”Corporate Agreement”) that will also apply to your use of the Service and our processing of your personal data.
Under the EU Data Protection Regulation (2016/679) that will apply to Smarp’s processing of your personal data your employer shall be regarded as data controller and Smarp shall be regarded as data processor processing your personal data based on agreement with and instructions from your employer.
Our Privacy Policy is designed to assist you in understanding how we collect, use, and disclose personal information we receive from you through the Service.
If you have any questions relating to our processing of your personal information that are not answered by this privacy policy you should primarily turn to your Company as the data controller. We are obliged to provide your Company with more information according to the Corporate Agreement.
This Privacy Policy may be updated from time to time to reflect changes in the Service, laws and regulations and to reflect descriptions of changes in key functionality for the Services. Your employer will be advised of these updates in accordance with the Corporate Agreement and their approval may be required before such updates take effect on you. We will post any changes via the Service or otherwise provide you with notice of any such changes. You are advised to consult this Privacy Policy regularly for any changes. Unless otherwise defined, capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Use (or Terms).
General Structure
When using the Service, you should know that, as further explained in the Terms of Use, your Company Instance is defined by your company’s or organization’s email domain. Only those in your Company Instance can view other member profiles and feeds on the Company Instance. Smarp’s Administrative tools do allow our employees who have a need to do so, to access your information only to perform our obligations under the Corporate Agreement.
Information collection and storage
Smarp collect non-sensitive personal data including first name and last name, company email address, connected social media network profile picture URL, cookie ID, and IP address. We also collect Service activity dates and usage statistics such as the number of content reads, content shares, and clicks from connected social media networks. In addition to this, you can optionally include your title, department, location, and phone number in your personal profile in which case we will also collect and process those data points. If you choose to post User Content, you should be aware that any personal information you submit through these features can be read, collected, or used by other persons within your Company Instance. Do not include any sensitive personal information in your User Content. The above-mentioned data can be input directly into the platform by the client, or the users, or provided to Smarp by the client.
Smarp is only processing such information as agreed with the Company who is the data controller for the respective User and we are not responsible for monitoring or policing the personal information users choose to disclose on the Company Instance or with the members of the Company Instance.
Site Usage Information
Cookies
The Service uses cookies for i) authenticating/authorizing the User ii) for product analytics iii) for maintaining high availability iv) for identifying correct webapp version to be used v) for checking whether cookie is supported and enabled in browser.
We utilize persistent cookies to save your registration information for future logins to the Service. Second, we utilize session ID cookies to enable certain features of the Service, to better understand how users interact with the Service or user Content, and to monitor aggregate usage by users and web traffic routing on the Service. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Service and then close your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of, or have access to all functionality of the Service.
Web beacons
We also use “web beacons,” “pixel tags,” “clear GIFs” or similar means (individually or collectively “Web Beacons“) in our Service. A Web Beacon is an electronic image, often a single pixel, embedded on web pages. Web Beacons are ordinarily not visible to users. Web Beacons allow us to count the number of Users who have visited certain pages of the Service or interacted with content shared by Users, to brand the Service, and to generate aggregate statistics about how our Service is used.
Log data and behavioral tracking
When you interact with the Service, it automatically records information that your browser sends whenever you visit a website or perform certain actions (“Log Data“). This Log Data may include information such as your computer’s Internet Protocol address, browser type, the webpage that links to the Service that you used to access the Service (such as your Intranet or Smarp website), your actions, and other statistics. We use this information to monitor and analyze use of the Service and for the Service’s technical Administration, to increase our Service’s functionality and user-friendliness, and to better tailor it to our users’ needs.
Use of smarp.com websites
To learn more about the cookies that this website uses, click here.
Use and Disclosure
We use your Personal Information to perform our obligations under the Corporate Agreement.
Third-Party Websites
When you are within the Service you may have the opportunity to visit, or link to, other websites, including other websites operated by Smarp or by unaffiliated third parties. These third-party websites may collect Personal Information about you, and because this Privacy Policy does not address the information practices of those other websites, you should review the privacy policies of such other websites to see how they treat your Personal Information.
Subcontractors
We use subcontractors approved by your Employer to help operate the Service and to analyze how the Service is used. These third parties may have access to Personal Information and other information collected as set forth above only to perform these tasks on our behalf and are obligated not to disclose any Personal Information or to use it for any other purpose.
Amazon Web Services (AWS), Ireland (Europe)
Smarp use AWS for hosting Smarp’s core services and database in datacenters and for processing and storing Client data solely within the EU (Ireland). AWS datacenters are state of the art facilities utilizing innovative architectural and engineering approaches.
Google Cloud Platform (GCP), Belgium (Europe)
Smarp use GCP for hosting Smarp supporting services in datacenters and processing Client data solely within the EU (Belgium). Google’s cloud services are designed to deliver better security than many traditional on-premises solutions. Google places extreme focus on security and protection of data is among their primary design criteria. Security drives Google’s organizational structure, training priorities and hiring processes. It shapes the data centers and the technology they house. It’s central to Google’s everyday operations and disaster planning, including how they address threats. It’s prioritized in the way Google handles customer data and it’s the cornerstone of their account controls, compliance audits, and the certifications they offer to their customers.
Mandrill by Mailchimp (The Rocket Science Group), USA
Smarp use Mandrill for processing and sending emails.
Sendgrid (Twilio), USA
Smarp use Sendgrid for processing and sending emails.
Mixpanel, USA
Mixpanel is used for hosting Smarp’s supporting services, for analyzing how Users use the Service, and for occasionally sending emails.
Zendesk, USA
Zendesk is used for providing customer support by Smarp’s in-house Customer Support personnel.
Business Transfer
We may need to disclose or transfer your Personal Information, in connection with a merger, acquisition, reorganization or sale of our assets or part thereof or of Smarp. Your Company will be advised of these changes in accordance with the Corporate Agreement and their approval may be required before such disclosure is made.
Feedback, Surveys
We may occasionally ask users of our Service to complete online surveys and polls about their activities, attitudes, and interests. These surveys help us better serve you and improve the usefulness of the Service. You have no obligation to participate in such surveys and polls and your Company may have set rules for you that you need to follow.
Security
Smarp is ISO 27001 certified. Smarp uses commercially reasonable and industry standard safeguards (which may be set forth in the Corporate Agreement) to preserve the integrity and security of your Personal Information. We restrict access to personal information to those employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to confidentiality obligations.
While Smarp endeavors to protect the security and integrity of Personal Information provided to the Service, we cannot guarantee to you that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be fully safe from intrusion by others, such as hackers. The Corporate Agreement may contain additional provisions regarding security requirements and processes.
International Transfer
Your information may be transferred to, and maintained on, computers located outside of your country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction, however, any such transfers shall comply with the Corporate Agreement. In doing so we will comply with the applicable data protection laws.
Our Policy Towards Children
This Service is not directed to children. We do not knowingly collect Personally Information from children. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, please contact us. If we become aware that a child has registered for the Service and has provided us with Personal Information, we will delete such information from our files.
Duration of Processing
Personal Data will be processed by the Supplier for the duration of the Service Agreement unless a longer or shorter period is agreed between the Parties in the Service Agreement or elsewhere in writing.
Deletion of data
You may request the deletion of your data at any point in time. Therefore, please contact us at the address at the bottom of the policy.
Contact Us
Please Contact us at support@smarp.com with any questions regarding this Privacy Policy. You can also contact us at the following address:
Smarp Oy
Kalevankatu 20
00100 Helsinki
Finland
You can also contact your Employer for assistance in Data Protection related matters.