Privacy Policy

Data privacy is a core aspect for the company and is why we focus on implementing all the necessary measures to ensure the protection and privacy of the same.

The data gathered is only used for the sole purpose of providing the best service to our customers, and will never be sold to third parties. The data gathered is deleted after providing the service and as defined with the customer on the service agreement.

Our Commitment

Gaining the trust of our customers and users for whom we handle data is a big part of how we provide our service. We want our customers and users to take into account at all times why and what personal data will be used.

 

It is necessary to take into account that the European guidelines consist of following the most ethical way to collect, process, disclose, store and delete personal data.

 

Smowltech, as a European company, is committed to complying with the GDPR.

 

Furthermore, as our company is financed with the support of the European Community, within the  H2020  program, we are bound by strict ethical standards to maintain data privacy.

 

We work with AWS (Amazon) in order to be able to allocate our servers in the regions needed by our customers in order to comply with any data protection regulation. In the case of Europe, our servers are located in the EU and we do not carry out any data transfer to any country outside the EU, which allows us to adequately comply with the GDPR.

 

Smowltech may also gather information during the interaction with technical support or sales teams. All the information will be stored and treated under the GDPR terms. All the users will have the right to access, correct, export, delete, withdraw consent, object to the processing of, or suspend the processing of their personal information.

What data is gathered?

The data that will be gathered will depend on the type of service that the customer requires. Smowltech has defined a modular service which enables to gather the minimum data to fulfil the customer needs, meaning that Smowltech always works on being proportional in relation to the client’s requirements and the data to be collected. Therefore, we will never ask for any additional data to the users than the previously agreed by contract with the customer.

 

To obtain the minimum possible data and always maintain the privacy and anonymity of the user, we link the data gathered of users to an idUser code they have on the platform, instead of using names, surnames, mails, etc.

What is the GDPR?

  • The General Data Protection Regulation
    Is a legal framework that sets guidelines for the collection and processing of personal information. It is the core of Europe’s digital privacy legislation.
  • For Who?
    It applies to organizations in all member-states and has implications for businesses and individuals across Europe, and beyond.
  • Objective
    It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
  • Accessibility
    It demands information of how to contact the DPO and other relevant staffers. These must be accessible so that users may exercise their EU data rights.

How does Smowltech comply with the GDPR?

We have developed our SMOWL system thinking about the importance of the privacy of its users and complying with all the guarantees required by European regulations on the matter protection of personal data.

 

REGISTRATION OF TREATMENT ACTIVITIES: We have a record of treatment activities according to the personal data protection regulations, determining the purpose for which the data is processed, type, time of conservation of the same, etc.

 

IMPACT ASSESSMENT ON DATA PROTECTION (DPIA): In order to analyze, evaluate and manage the risks associated with the processing of personal data from your SMOWL system, which allows you to regularly improve everything related to the security and privacy of personal data of its users. In addition, a template is available to make it easier for new clients to develop their DPIAs.

 

PROACTIVE RESPONSIBILITY AND SECURITY: We comply with the principles established in the regulations and with special emphasis on privacy in the design and by default in all the technological development that it carries out and on proactive responsibility establishing the highest security standards for all the data it deals with in its systems. You will not have access at any time to the identity the student or any personal data, the images will be assigned exclusively to a code granted by the training center for each student. In addition to this, it is always sought to obtain and process the minimum possible user data to respond to the intended purpose, thus complying with the principle of data minimization.

 

Finally, with the aim of always improving in the field of security, annual audits are carried out. Likewise, it has all the necessary documents and contracts in compliance with European and Spanish regulations on data protection and the development of privacy policies in accordance with European regulations. Finally,we confirm that Smowltech processes and stores all data within the European Union.

 

USER RIGHTS: It has developed adequate procedures to respond to the rights of users (right of access, rectification, portability, forgetting, limitation of treatment, opposition and deletion of personal data), as well as the system to notify gaps security in the event that they could proceed.

 

DATA PROTECTION DELEGATE: In addition to all this, a Data Protection Delegate has been appointed within the organization in charge of ensuring compliance with the regulations. Do not hesitate to get in touch via email dpo@smowltech.com.

Which are our Privacy Principles?

  • Gather only the necessaire personal information, which would not be excessive or kept for longer than needed for providing the service. 
  • Guarantee that the information is processed fairly and lawfully.
  • Provide transparency with the information collected only for specific and lawful purposes.
  • Constantly work on making safer the products and services.
  • Provide communication channels to easily contact us.
  • Anonymize data before making secondary use in statistics.
  • Ensure that the information will be kept secure and inaccessible to those who don’t have the right to access it.
  • We will never keep, export or sell personal information for any other purpose.

Information from Children

  • Parental consent is required for use of our services under the age of 16. We do not knowingly collect, maintain, or use personally identifiable information from children under the age of 16.
  • We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Information on our Services without their permission.
  • If we discover that a child under 16 years of age has provided us Personal Information, we will take steps to delete such information.

FAQs

For clients: WHAT DO I HAVE TO DO TO COMPLY WITH THE GDPR IN MY ORGANIZATION?

  • Between your organization and Smowltech, a treatment manager contract will be signed where the obligations and responsibilities in personal data protection are established. 
  • Carry out a privacy impact assessment in order to analyze, evaluate and manage both the risks associated with the processing of personal data and determine the proportionality and need for the system.
  • Include Smowltech system within the records of treatment activities that the organization has in order to determine the type of data that is processed.
  • Determine the necessary legitimacy and establish the systems to have the consent (if applicable) so that its users, students, etc. can use SMOWL in accordance with data protection regulations. 
  • Develop the appropriate procedures to respond to the rights that users are entitled to (right of access, rectification, portability, forgetfulness, limitation of treatment, opposition and deletion of personal data), as well as the system to notify breaches security in the event that they could proceed. 
  • Appoint a Data Protection Officer in case you do not have one.

Who is responsible for the requested personal data?

The entity responsible for the collection and processing of your personal data is the company Smiley Owl Tech, S.L. (hereinafter Smowltech) with CIF B75073452 and registered office at c / Arturo Campion 22, 20018 Donostia – San Sebastián (Spain).

 

Smowltech respects and is committed to protecting the privacy of anyone who provides us with personal information. To this end, Smowltech has adapted this website to the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which Directive 95/46 / CE (GDPR) is repealed.

How is my information kept confidential?

We recognize and take very seriously our responsibility to protect the information entrusted to us. Therefore, at Smowltech we have adopted the necessary measures to prevent the alteration, loss, treatment or unauthorized access of personal data. With regard to the confidentiality of the processing, Smowltech will ensure that any person who is authorized to process the personal data, will be under the corresponding obligation of confidentiality (either a contractual or legal duty).

 

Please note that while Smowltech makes all reasonable efforts to protect your personal information and prevent any unauthorized access, Internet security measures are not infallible. In any event, in the event of a security incident, Smowltech will notify you without undue delay and provide you with timely information related to such incident, as known or when reasonably requested.

Will you notify me if there are any changes to your privacy policy?

Smowltech reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as to industry practices. In such cases, the changes introduced will be announced on this page with reasonable anticipation of their implementation. This policy was updated on November 3rd. 2020.

Changes to this policy

Smowltech reserves the right to change this Policy from time to time by posting an updated policy to this site and the “last updated date” will be updated. We may also provide you additional notice, such as adding a statement to the home screen or sending you an email notification. Please review this Policy periodically, and especially before you provide any Personal Information. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy.

Contact us

If you have any concerns or questions about our Privacy Policy and the treatment of the data we gather, feel free to reach out to us. (dpo@smowltech.com)