Data privacy is a core aspect of the company. That is why we focus on implementing all the necessary measures to ensure the protection and privacy of the user’s data.
The data gathered is only used to provide the best service to our customers and will never be sold to third parties. According to the Service Agreement, all the collected data is deleted after providing the service.
Gaining the trust of our customers and users for whom we handle data is a big part of how we provide our service. We want our customers and users to consider why and what personal data will be used.
It is necessary to consider that the European guidelines follow the most ethical way to collect, process, disclose, store and delete personal data.
Smowltech, as a European company, is committed to complying with the GDPR.
Furthermore, as our company is financed with the support of the European Community within the H2020 program, we are bound by strict ethical standards to maintain data privacy.
We work with AWS (Amazon) to allocate our servers in the regions needed by our customers to comply with any data protection regulation. Our servers are located in the EU. We do not carry out any data transfer to any country outside the EU, allowing us to comply adequately with the GDPR.
Smowltech may also gather information during the interaction with technical support or sales teams. All the information will be stored and treated under the GDPR terms. All the users will have the right to access, correct, export, delete, withdraw consent, object to processing, or suspend their personal information.
What data is gathered?
The data gathered will depend on the type of service that the customer requires. Smowltech has defined a modular service that collects the minimum data to fulfil the customer needs. Smowltech always works on being proportional concerning the client’s requirements and the data to be ordered. Therefore, we will never ask for any additional data from the users than the previously agreed contract with the customer.
To obtain the minimum possible data and always maintain the privacy and anonymity of the user, we link the data gathered from users to an idUser code they have on the platform, instead of using names, surnames, mails, etc.
What is the GDPR?
- The General Data Protection Regulation
It is a legal framework that sets guidelines for collecting and processing personal information. It is the core of Europe’s digital privacy legislation.
- For Who?
It applies to organisations in all member-states and has implications for businesses and individuals across Europe and beyond.
It aims to simplify the regulatory environment for business so both citizens and companies in the European Union can fully benefit from the digital economy.
It demands information on how to contact the DPO and other relevant staffers. These must be accessible so that users may exercise their EU data rights.
How does Smowltech comply with the GDPR?
We have developed our SMOWL system thinking about the importance of the privacy of its users and complying with all the guarantees required by European regulations on the protection of personal data.
REGISTRATION OF TREATMENT ACTIVITIES:
We have a record of treatment activities according to the personal data protection regulations, determining the purpose for which the data is processed, type, time of conservation of the same, etc.
IMPACT ASSESSMENT ON DATA PROTECTION (DPIA):
To analyse, evaluate and manage the risks associated with the processing of personal data from your SMOWL system, which allows you to regularly improve everything related to the security and privacy of the personal data of its users. In addition, a template is available to make it easier for new clients to develop their DPIAs.
PROACTIVE RESPONSIBILITY AND SECURITY:
We comply with the principles established in the regulations and with particular emphasis on privacy in the design and by default in all the technological development that it carries out and on proactive responsibility in establishing the highest security standards for all the data it deals with in its systems. In addition, it is always sought to obtain and process the minimum possible user data to respond to the intended purpose, thus complying with the principle of data minimization. You will not have access at any time to the identity of the student or any personal data, and the images will be assigned exclusively to a code granted by the training centre for each student.
Finally, annual audits are carried out to improve security continuously. Finally, we confirm that Smowltech processes and stores all data within the European Union. Likewise, it has all the necessary documents and contracts in compliance with European and Spanish regulations on data protection and the development of privacy policies following European rules.
It has developed adequate procedures to respond to the rights of users (right of access, rectification, portability, forgetting, limitation of treatment, opposition and deletion of personal data), as well as the system to notify gaps in security if they could proceed.
DATA PROTECTION DELEGATE:
A Data Protection Delegate has been appointed to ensure compliance. Do not hesitate to get in touch via email at [email protected].
Which are our Privacy Principles?
- Gather only the necessary personal information, which would not be excessive or kept for longer than needed for providing the service.
- Guarantee that the information is processed fairly and lawfully.
- Provide transparency with the information collected only for specific and lawful purposes.
- Constantly work on making safer products and services.
- Provide communication channels to contact us easily.
- Anonymize data before making secondary use in statistics.
- Ensure that the information will be kept secure and inaccessible to those who don’t have the right to access it.
- We will never keep, export or sell personal information for any other purpose.
Information from Children
- Parental consent is required to use our services under the age of 16. We do not knowingly collect, maintain, or use personally identifiable information from children under 16.
- If we discover that a child under 16 years of age has provided us with Personal Information, we will delete such information.
Changes to this Policy
Please review this Policy periodically, especially before you provide any Personal Information. Smowltech reserves the right to change this Policy from time to time by posting an updated policy to this site, and the “last updated date” will be updated. We may also provide you additional notice, such as adding a statement to the home screen or sending you an email notification. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy.
This document was last updated on February 10, 2022.