If you have any questions or concerns about our use of your personal data, please contact us at the contact details in the “How to contact us” section below.
- CCPA Compliance
If you are a resident of California, we may process your “Personal Information” (as defined below) because we receive it from one of our customers, for whom we act as a “Service Provider” (as defined under CCPA).
Under the CCPA, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household and includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:
- identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers;
- any categories of personal information described in subdivision (e) of Section 1798.80 of the CCPA;
- characteristics of protected classifications under California or federal law;
- commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- biometric information;
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement;
- geolocation data;
- audio, electronic, visual, thermal, olfactory, or similar information;
- professional or employment-related information;
- education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99); and
- inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.
We act as a Service Provider to a business that provides us with your Personal Information, because we perform a specific service for them, pursuant to a written contract. We do not Sell (as defined under the CCPA) your Personal Information to any third party.
- Entity responsible for processing your personal data
- Collection and use of personal data
Broadly speaking, personal data means any information that can identity an individual.
In the context of your relationship with Smart Communications, we may collect and process different types of personal data about you through your relationship or interactions with our personnel or when you engage with us to provide services. This personal data may include:
- Identity Data such as your title, job title, company name, usernames, passwords;
- Contact Data such as your email, phone numbers, address;
- Finance Data such as your bank account and payment card details;
- Support Data such as information you provide to us as part of specific support cases such as log files, screen shots, sample data and CMS packages;
- Marketing and Communications Data such as your preferences in receiving marketing from us and our third parties and your communication preferences;
- Sales Data such as information relating to your sales history with us;
- Biometric Data such as your voice and physical appearance obtained from recorded material collected via video conference or close circuit television (CCTV) that may identify you;
- Health Data such as your temperature and whether you have experienced any COVID-19 symptoms; and
- Other information you choose to provide to us, for example the purpose of your visit if you visit one of our site locations.
Where we need to collect personal data under the terms of a contract with you or in accordance with applicable law and you fail to provide that personal data when requested, we may not be able to perform the contract we have (or are trying to enter into) with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We may collect and use the above personal data about you for the following purposes:
- General business relationship management within Smart Communications and for contractual purposes, including auditing the use of our services;
- To manage our daily business activities, such as executing payments;
- To manage any queries, complaints or claims relating to the services you provide to Smart Communications or that Smart Communications provides to you;
- For direct marketing, advertising and public relations purposes, in connection with Smart Communications’ business activities, products and services (including to make recommendations about our services, product updates, surveys, referral programmes, special offers, incentives, promotions, events and webinars), and to inform you about important developments within Smart Communications. We may will also send you marketing material about our third-party business partners where their services are used in conjunction with our products, for example, SMARTCOMM for Salesforce;
- For product development purposes, to allow us to improve our products and services or develop new products and services;
- Where necessary to comply with laws and regulations, under judicial authorisation, or to exercise or defend the legal rights of the Smart Communications global group companies;
- To help us conduct our business more effectively and efficiently or check and improve the quality of our products and/or services;
- To carry out research and development with various Smart Communications partners;
- To investigate violations of law or breaches of other Smart Communications policies, (specifically in relation to CCTV this will include enabling Smart Communications to comply with the Authorised Economic Operator (AEO) standards established by the EU for the prevention and detection of crime and for protecting the safety of staff and other third parties).
To order to comply with Smart Communications’ legal or regulatory obligations and requirements relating to health and safety, manage business continuity and ensure the well-being of any attendee to a Smart Communications’ location.
We will only use your personal data for the purposes for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose for which it is collected. If we need to use your personal data for an unrelated purpose, we will notify you to explain the lawful basis which allows us to do so.
We may also collect personal data from you when you use our websites. For further information about how we use personal data that we collect when you visit our websites, please see our Website and Cookies Privacy Notice.
- How your personal data is collected
We use different methods to collect personal data including:
- Direct Interactions. We collect information about you in our direct interactions with you. This may include when you:
- Use our services and we receive information generated through your use of the services either entered by you or others who use the services with you;
- Create an account with us that may be required for receipt and use of the services;
- Apply for our products and services;
- Request marketing and communications material;
- Give us feedback or contact us;
- Attend a meeting or video conference, event, webinar or similar, that Smart Communications hosts, co-hosts or attends;and
- Submit a COVID-19 Pre-Screening Questionnaire.
- Third Parties. We may receive information about you from other sources including publicly available websites, databases or third parties from whom we have purchased data only where we have checked that these third parties have a lawful basis to disclose your personal data to us. We may combine this data with information we already have about you. We may also receive information from Smart Communications group companies. This helps us to update, expand and analyse our records, identify new prospects for marketing and provide products and services that may be of interest to you.
We may also use your personal data for other purposes that are not incompatible with the purposes we have disclosed to you if and where this is permitted by applicable data protection laws.
- Sharing of Personal data
We may disclose your personal data to the following categories of recipients:
- Smart Communications group companies. As a global company we share your personal data between our group companies located in the UK, USA and Australia to deliver high quality services and to share administrative and operational resources for the efficient running of the Smart Communications business. Please see section 6 for the transfer mechanism outside the European Economic Area (“EEA”) for these lawful disclosures.
- Professional advisors including lawyers, auditors, insurers and professional bodies;
- IT and website service providers including Google Analytics, cloud service providers and data analysis service providers;
- Marketing and CRM service providers, event organisers and PR agencies.
3. To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person
5. To any other person if we have lawful ground to permit the disclosure (e.g. your consent).
Specifically in relation to CCTV, Smart Communications may disclose recorded materials collected via CCTV, as permitted under law, to: law enforcement and government agencies where images recorded would assist in a criminal enquiry and/or the prevention of terrorism and disorder; prosecution agencies; relevant legal representatives; the media where the assistance of the general public is required in the identification of a victim of crime or the identification of a perpetrator of a crime; people whose images have been recorded and retained unless disclosure to the individual would prejudice criminal enquiries or criminal proceedings; and/or emergency services in connection with the investigation of an accident.
6. Lawful basis for using your personal data
Our lawfulbasis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
We will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you (i.e. to deliver our services or manage our business relationship with you), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
If we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make it clear to you at the relevant time what those legitimate interests are.
In some cases, we may need to process your personal data where required to comply with applicable laws. In such cases, the use of your personal data is necessary for us to comply with a statutory or contractual requirement. Without your personal data, we cannot manage our relationship with you, nor comply with applicable laws. In some very limited cases, we may also need your personal data to protect your vital interests or those of another person.
Special Category Data
Where we collect any Special Category Data (as defined under GDPR) the lawful basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
Video Conferencing Recording
We will ask you to give your prior consent before using your biometric data obtained via video conference recording.
Where you attend a Smart Communications location, ahead of attendance, we will collect your health data through submission of the COVID-19 Pre-Screening Questionnaire and associated temperature check. We collect such data for (i) contractual necessity as processing of personal data relating to COVID-19 is necessary for Smart Communications performance of its obligations to our personnel; (ii) legal and regulatory obligations and requirements regarding health and safety relating to Smart Communications personnel and visitors to its premises; and (iii) Smart Communications legitimate interests in managing business continuity and the well-being of our personnel and visitors.
Direct Marketing Communications – We will only send direct marketing communications to you where we have your consent to do so or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. Smart Communications has a legitimate interest to market its products and services to existing customers to promote brand awareness and increase sales. The processing of personal data is an integral part of direct marketing, without processing of such personal data, direct marketing would not be possible. Smart Communications have assessed the purpose and necessity of such direct marketing communications and have concluded that considering the data retention and data minimisation principles Smart Communications adheres to, and the value of the direct marketing material to the recipient, your interests do not override the legitimate interest of Smart Communications for the types of direct external communications Smart Communications undertakes. Smart Communications has concluded that it is reasonable for business personnel within the industry sectors in which it operates to expect that their business contact details be processed in this way. In the case of direct marketing, you have the right to request us not to use your personal data for these marketing purposes by opting out of receiving electronic communications by clicking on the unsubscribe link at the bottom of any such electronic communication.
CCTV – Legitimate interest is relied upon for CCTV recording. This includes enabling Smart Communications to comply with the Authorised Economic Operator (AEO) standards established by the EU for the prevention and detection of crime and for protecting the safety of staff and other third parties.
Where we process your Personal Information (as defined under CCPA) for any direct marketing activities we do so in compliance with the CCPA, noting that we adhere to any marketing preferences chosen by you (as described above).
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please use the contact details under the “How to contact us” provided below.
Smart Communications maintains appropriate administrative, technical and physical safeguards designed to help maintain the confidentiality and integrity of your personal data and to protect it against accidental or unlawful destruction, accidental loss, unauthorised alteration, disclosure or access, misuse, and any other unlawful form of use of your personal data that Smart Communications has in its possession. In adherence with data protection laws and internal policies, Smart Communications addresses security at all appropriate technology infrastructure points.
Smart Communications follows generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received, however no security measure is perfect. To the extent that a password is required in relation to the services, you must safeguard your password, as it is one of the easiest ways you can manage the security of your own account – if you lose control over your password, you may lose control over your personal data.
Smart Communications has put in place a Security Incident and Breach Response Procedure that deals with any suspected personal data breach and we will notify you and any applicable regulator of a breach where we are legally required to do so.
- International Data Transfers
Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Smart Communications and our third-party service providers and partners operate around the world. This means that when we collect your personal data it may be processed in any of these countries.
Where we transfer your personal data to Smart Communications group companies located outside the EEA, the transfer shall be in accordance with Smart Communication’s intra group data transfer agreement which applies the standard of the Standard Contractual Clauses approved by the European Commission.
Where we transfer your personal data to third parties outside the EEA, we shall only do so if one of the following conditions apply. Such conditions are compliant with the transfer mechanisms approved by the European Commission under Article 46 of the General Data Protection Regulation (“GDPR”):
- The transfer is to a country which the European Commission sees as providing adequate protection for your personal data
- There are standard contractual clauses approved by the European Commission in place between Smart Communications and its group companies and/or the third party outside the EEA;
- There is another legal basis on which Smart Communications is entitled to make the transfer; or
- You have expressly consented to the transfer of personal data outside the EEA.
Smart Communications is committed to processing and handling your personal data in accordance with applicable law, and we continue to monitor the European Data Protection Board guidance regarding appropriate safeguards for transfers of personal data to outside the EEA. Where personal data is transferred to Smart Communications group companies located outside the EEA or to third parties outside the EEA, we have undertaken an assessment of such transfers to ensure that we have robust mechanisms in place to protect your personal data.
- Retention of Personal data
We keep your personal data only as long as necessary for the purposes for which it was collected, to provide you with services, in accordance with our contract with you and where required or permitted under law. Generally, this means your personal data will be retained until the end of your contractual relationship with us and as long we have an ongoing legitimate business need to do so.
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.
In relation to direct marketing, we will retain personal data (only to the extent necessary) in order to ensure we respect you direct marketing opt out preferences.
- Your Data Privacy Rights
Where Smart Communications acts as a data controller, you may have the following rights (subject to certain exceptions):
- Access, correct, delete, update, rectify or restrict your personal data, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under the “How to contact us” heading below.
- If we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent
Due to the nature of our services, we may also process personal data relating to individuals with whom we do not have a direct relationship. The transfer of personal data from our customers (acting as data controller) to Smart Communications (acting as data processor) is GDPR compliant. If you are an end user of one of our customers or in any other way connected to our customers’ use of the Smart Communication services, please contact the relevant customer directly who will then liaise with Smart Communications if legally required under GDPR.
Smart Communications will respond to your request within a reasonable time. Please note that we may ask you for further information in order to prove your identity before disclosing any personal data to you. This is a security measure to ensure that any personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask for further information in relation to your request.
If you are unhappy with the way that Smart Communications has handled your personal data, you have the right to make a compliant to the authority responsible for data protection in the country that you are based. Contact details should be available online or you may alternatively ask us for assistance.
- How to contact us
Attention: Data Protection Officer
Telephone: 020 8238 7400
Address: Catalyst House, 720 Centennial Court, Centennial Park, Elstree, Hertfordshire, WD6 3SY, UK
Updated September 2020
Group companies responsible for the processing of personal data
SmartComms Pty Limited – any export of personal data from the EEA to Australia (where this group company is located) is subject to the terms of the Smart Communications Intra-group data transfer agreement which incorporates the EU standard contractual clauses.
SmartComms LLC – any export of personal data from the EEA to the United States of America (where this group company is located) is subject to the terms of the Smart Communications Intra-group data transfer agreement which incorporates the EU standard contractual clauses.
SmartComms SC Limited – SmartComms SC Limited is registered with the UK Commissioner’s Office under registration number Z9698640.
Intelledox Pty Limited – any export of personal data from the EEA to Australia (where this group company is located) is subject to the terms of the Smart Communications Intra-group data transfer agreement which incorporates the EU standard contractual clauses.
Intelledox Inc – any export of personal data from the EEA to the United States of America (where this group company is located) is subject to the terms of the Smart Communications Intra-group data transfer agreement which incorporates the EU standard contractual clauses
Intelledox Asia PTE Limited – any export of personal data from the EEA to Singapore (where this group company is located) is subject to the terms of the Smart Communications Intra-group data transfer agreement which incorporates the EU standard contractual clauses.
Intelledox Limited – located in Ireland