Our Software-as-a-Service (SaaS) application helps to automate and optimize ad campaigns in online advertising platforms such as Facebook, Instagram, Snapchat and Pinterest. We also provide advertising related professional services and creative services. If you use or otherwise are involved in the delivery of our services (e.g. provide creative briefs), we collect the following personal data directly from you or the customer you represent:
If you are a user of our platform services, we also process:
This personal data is used to authenticate users to allow access the Smartly.io application, identify users when providing customer support, and store events and log information regarding a customer’s use of the Smartly.io application for purposes of audit in case of a security or other incident to have a trail of actions performed by us and our users, to maintain support records, and for purposes of services improvement and service level analysis. The data is removed upon request, except for data (such as user name) stored in application logs and audit trails, which are deleted according to our standard data management cycle.
After a user has connected or otherwise authorized our platform to access their ad account or assets on certain online advertising platform(s), we process (where granted with access):
Such personal data is used to identify each user and verify their access rights, permit users to access and use the service (i.e. to identify and connect the assets and campaigns and manage these assets and campaigns on online advertising platform via Smartly.io platform, to synchronize campaign entities and metrics between our services and online advertising platform ), and to provide support service. We will process such ad account and campaign related personal data until our access to such data is revoked (including invalidated by using an online advertising platform’s tools), except for the following exceptions:
The user data and other service related personal data described above are also used to resolve technical issues and for troubleshooting (e.g. to verify taken actions (logs) in order to determine suspected misuse or to investigate and remedy errors in the services or billing), for quality control, product development and to improve usability, to analyze trends/feature use by pulling aggregated metrics, for market research and analysis, as well as to investigate, and confirm potential misuse of our services and/or breaches of laws, contracts, terms or policies.
All processing under this section is based on our legitimate interests in maintaining, evaluating and improving our services, including to provide customers with agreed services, ensuring security and availability of the services, to help us understand how our services are used and how campaigns perform, for resource management, and to gain insights which help us dedicate our resources and efforts better.
The personal data may be shared, as necessary to perform the services as agreed, to other users and the online advertising platform partners, as well as our suppliers participating in service production, development and quality control.
To the extent needed to produce the services, including to allocate our support resources, your data are transferred outside the European Union and the European Economic Area (“EU/EEA”), including but not limited to, the United States of America, Brazil, Australia, Japan, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers outside the EU/EEA are performed subject to Standard Data Protection Clauses adopted or otherwise approved by the EU Commission. The applicable Standard Data Protection Clauses are made available for review upon request.
Please note that online advertising platforms and our customers (your employer) may also transfer and share the same data as data controllers in accordance with their respective privacy policies.
We make use of YouTube API Services and Google Ad Accounts when providing our clients with YouTube and Google Ads based services, which involves processing of Google User Data and certain other data, part of which also can be used to identify a data subject directly or indirectly (personal data).
We process the Google User IDs shared by the relevant customer to authenticate each user’s right to access the customer’s Google Ad Account and Google Display & Video 360 and Campaign Manager, as applicable, and to provide and maintain authorised access. We store the Google User ID as long as the user has access to our customer’s account, and for a reasonable time thereafter as required to maintain and demonstrate diligence of our business and data security, including to investigate any potential misuse where necessary. We process the related personal data on the basis of legitimate interests related to the data security, customer and business relationships between us and the affected data subjects.
We also process YouTube channel ID and title (i.e. Authorized Data) in order to enable the authorized users to pick the channel when they upload a video to YouTube, based on the right the user has granted us to access YouTube API Services, and until such access right is revoked. The users can easily revoke our access to their data from our service, or via the Google security settings page at https://security.google.com/settings/security/permissions. Should there be personal data included in the Authorized Data, processing is based on our legitimate interests described above.
For clarity, we do not collect any personal data from the users’ devices.
We process the relevant customer’s “Google Ads” data through Google Ads API, for purposes of reporting to provide insights and understand of the performance of Google Ads campaigns and individual ads, to maintain the customer relation and for administrative purposes, such as invoicing. If applicable, we also process relevant customer's Google DV360 and Campaign Manager data through Google API for the same purposes. However, all aforementioned such data is aggregated and should not include any personal data.
Personal data is shared on as needed basis with our data processors (for purposes controlled by us).
Personal data may be transferred outside the European Union and the European Economic Area, including but not limited to, the United States of America, Brazil, Australia, Japan, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers are performed subject to standard data protection clauses adopted by the European Commission in accordance with the GDPR, which are made available to the data subject upon request.
If you use Smartly.io Academy or any of our other learning resources, we’ll process the personal data derived from you in that connection, including for example:
The personal data is used to provide you with the training resources, track your progress and qualifications, develop our training resources, and to enable you to demonstrate your skills to others.
The personal data may be shared, as necessary to provide the learning resources, to other users and our suppliers providing the learning resources or participating in their production. Achievements recognized through the Smartly.io Certification programme are shared with our digital credential provider (currently Credly) to enable each participant to demonstrate their level of skills and knowledge. Making such validation publicly available from the credential provider’s platform is under your full control. Disclosing the information to the credential provider is based on our, our customers’ and users’ joint legitimate interests to have a set of common standards for the knowledge required to use Smartly.io effectively and to have available reliable tools to verify such knowledge where necessary. We’ve assessed there’s no risk for rights and freedoms of data subjects to automatically disclose such information to the service provider, as compared to ad hoc manual data transfers and validations such integrated solution especially helps the learners to have their credentials available, in verified and standardized manner, when needed, e.g. when seeking new job opportunities or networking.
We process the training and learning related personal data on the basis of legitimate interests in providing our users and customers with resources supporting the use of our services, and tools to follow and certify their competency.
The personal data is retained based on the criteria of validity of the training. Once the training related information has no value in practice (e.g. the is updated and old completions don’t demonstrate practical skills) or the one year has passed from deactivation of the user, whichever occurs first, the personal data shall be erased or anonymised.
If you decide to contact us through our website (or any other channels, we’re always happy to hear from you), we’ll use the contact details and other given information to reply and process your request, for example to contact you to provide more information and to arrange a demo if you wish to learn more about our services. The processing is based on its necessity to reply to you and take measures deemed by your request.
Personal data derived from the website and contract requests are deleted upon request of the contact, if the data is recognized out-dated, if the contact is no longer deemed suitable candidate to our service or has been inactive for over a year.
Such data is not regularly shared or transferred outside the EU, unless you reside outside the EU, in which case the personal data may be transferred to the Smartly.io office in your area. Such transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.
If you subscribe to our newsletter or for other materials (such as eBooks available on our website), we’ll process the given contact information to send the newsletter or provide the materials. Such processing is based on it’s necessity to fulfill our legitimate interests to provide the subscribed material(s). The contact information is retained and possibly shared as described below.
We use following information to communicate on and promote our services (as compatible with the original purposes, if data is collected in another occasion):
The personal data above is used to generate leads, target marketing activities to the contacts representing potential and current customers (for example to help our sales teams to target their efforts to contacts with potential interest in our services) and other stakeholders (including our suppliers and partners), and to retarget and customize our marketing. Naturally, the data is used to provide product and service updates, announce new eBooks and other materials, invite to our events, and otherwise market our products and services and provide related information in different channels, such as emails, phone calls, on social platforms and over display. For example, we may retarget relevant contacts by serving new retail content on LinkedIn based on previous engagement with retail content on Smartly.io. In addition, personal data is used, as applicable, for market and customer analysis, reporting and statistical purposes, and to better understand how people interact with Smartly.io, including our websites and services.
Personal data stored for marketing purposes are deleted upon request of the contact, if the data is recognized out-dated, if the contact is no longer deemed suitable candidate to our service or has been inactive for over a year.
Personal data may be transferred outside the European Union and the European Economic Area, including but not limited to, the United States of America, Australia, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business or our service providers locate. Such transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.
If you wish to join our seminar, webinar or other business event, we will need to process your personal data. Such data includes the information given by you upon the registration and during the event. The information is used to arrange the event and to pursue our interests in organizing such events. The processing is based on your legitimate interests to participate in our event, and our legitimate interests in arranging your participation in the event and organizing such an event, such as networking, marketing or facilitating discussion on certain topics.
If you provide us with sensitive information related to dietary restrictions or disabilities, we’ll need your consent to process such information. We kindly ask you not to disclose such information unnecessarily.
If you’ve attended a Smartly.io event, we will likely contact you for feedback regarding the improvement of the event, our services relating to the event, or to hear your wishes for the following events. This contact is based on our legitimate interest to stay in touch with our contacts and receive meaningful feedback on our events, communications, and services.
Personal data is stored for the purpose of events as long as required to organize the event and take related measures, such as processing feedback, maintaining records for security and invoicing.
The information on participants are shared with the cooperation partners of the event, if any. If the event is held or event cooperation partners are outside the EU, we’ll transfer the personal data to their respective locations. Such transfers are subject to the adequacy decision of the European Commission or standard data protection clauses adopted by the European Commission in accordance with the GDPR, which are made available to the data subject upon request.
If you serve as the representative or other contact of our customer, supplier, partner or other entity we do (or wish to do) business with we’ll need to process the following information:
You’re the main source of information, but the personal data may also be collected from your employee, your colleagues, and our (other) customers, suppliers and partners.
The personal data is used to discuss business opportunities, send notifications related to our services and otherwise communicate with you, contracting, invoicing and making payments. The processing is based on our legitimate interests pertaining to agreements we have (or have had), maintaining relationships, and pursuing our business. In addition, the invoicing related personal data will be used in accounting and reporting, which processing shall be based on our obligations under the law.
The personal data are erased from or anonymized in our systems upon request of the data subject or the party they represent, or if the data is detected irrelevant in our automated or manual system maintenance, or after three years of our latest contact to the data subject, whichever occurs first, with exception of personal data that must be retained for period required in the law, in which case the data shall be retained as long as needed to comply with such requirement.
If we store or use your data for purposes described above, you can always request from us:
Where the processing is based on consent, you can withdraw such consent at any time. Please note that the withdrawal will not affect processing performed prior to the withdrawal.
If you believe your rights under the data protection laws are being infringed, you may lodge a complaint with the supervisory authority of your residence in the EU (e.g. in Finland the Finnish Data Protection Ombudsman).
We will not discriminate against you for exercising any of your rights under the CCPA, unless permitted by the CCPA. Specifically, we will not: