Our Software-as-a-Service (SaaS) applications help to automate and optimize ad campaigns and ad creatives in online advertising platforms such as Facebook, Instagram, Snapchat, Pinterest, Tik Tok and Google. We also provide advertising related professional services and creative services. If you use or otherwise are involved in the delivery of our services (e.g. provide creative briefs), we collect the following personal data directly from you or the customer you represent:
If you are a user of our platform services, we also process:
This personal data is used to authenticate users to allow access to the Smartly.io Group’s application(s), identify users when providing customer support, and store events and log information regarding a customer’s use of the Smartly.io Group’s application(s) for purposes of audit in case of a security or other incident to have a trail of actions performed by us and our users, to maintain support records, and for purposes of services improvement and service level analysis. The data is removed upon request, except for data (such as user name) stored in application logs and audit trails, which are deleted according to our standard data management cycle.
After a user has connected or otherwise authorized our platform to access their ad account or assets on certain online advertising platform(s), we process (where granted with access and to the extent applicable to the services in question):
Such personal data is used to identify each user and verify their access rights, permit users to access and use the service (i.e. to identify and connect the assets and campaigns and manage these assets and campaigns on online advertising platform via Smartly.io Group’s platform, to synchronize campaign entities and metrics between our services and online advertising platform), and to provide support service. We will process such ad account and campaign related personal data until our access to such data is revoked (including invalidated by using an online advertising platform’s tools), except for the following exceptions:
If you are an external contact invited by a Smartly.io Group’s customer to access certain content in our application (such as the creative preview page) or to receive notifications from our application, we process your contact information (such as your name and email address) to deliver the invite and, based on the scope of access, to allow you to access and interact with our application or parts thereof. A user (acting on behalf of a Smartly.io Group’s customer) may invite external contacts by adding their contact information in our application or through a dedicated link, and said user remains responsible for ensuring that they have the necessary permissions and authorizations to do so. If you are granted access in our application as an external contact, we process your contact information, input in the application (such as comments), and action logs to allow you to use the functions made available to you by the user. We may also analyze the actions you have taken in the application. In connection with the creative preview page, we will delete your personal information after three (3) months from the last interaction with the preview page(s) you have accessed and in other cases as per our standard data management cycle. You may receive notifications about actions taken in the application (e.g. if there is activity in the creative preview page you have access to) or if a user has specifically added you to receive notifications from the application.
All processing under this section is based on our legitimate interests in maintaining, evaluating and improving our services, including to provide customers with agreed services, ensuring security and availability of the services, to help us understand how our services are used and how campaigns perform, for resource management, and to gain insights which help us dedicate our resources and efforts better.
The personal data may be shared, as necessary to perform the services as agreed, to other users and the online advertising platform partners, as well as our suppliers participating in service production, development and quality control.
To the extent needed to produce the services, including to allocate our support resources, your data are transferred outside the European Union and the European Economic Area (“EU/EEA”), including but not limited to, the United States of America, Brazil, Australia, Japan, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers outside the EU/EEA are performed subject to Standard Data Protection Clauses adopted or otherwise approved by the EU Commission. The applicable Standard Data Protection Clauses are made available for review upon request.
Please note that online advertising platforms and our customers (your employer) may also transfer and share the same data as data controllers in accordance with their respective privacy policies.
We make use of YouTube API Services and Google Ad Accounts when providing our clients with YouTube and Google Ads based services, which involves processing of Google User Data and certain other data, part of which also can be used to identify a data subject directly or indirectly (personal data).
We process the Google User IDs shared by the relevant customer to authenticate each user’s right to access the customer’s Google Ad Account, Google Display & Video 360, YouTube, and Campaign Manager 360, as applicable, and to provide and maintain authorized access. 0Auth integration is currently available from Ad-Lib’s application for Google Ads, Google Display & Video 360 and YouTube. We store the Google User ID as long as the user has access to our customer’s account, and for a reasonable time thereafter as required to maintain and demonstrate diligence of our business and data security, including to investigate any potential misuse where necessary. We process the related personal data on the basis of legitimate interests related to the data security, customer and business relationships between us and the affected data subjects. We also process Google Service Account IDs and tokens to authenticate each user’s right to access Campaign Manager 360 from Ad-Lib’s application but such data cannot be used to identify any individual user and should not contain any personal data.
We process YouTube channel ID and title (i.e. Authorized Data) in order to enable the authorized users to pick the channel when they upload a video to YouTube, based on the right the user has granted us to access YouTube API Services, and until such access right is revoked. The users can easily revoke our access to their data from our service, or via the Google security settings page. If personal data is included in the Authorized Data, processing is based on our legitimate interests described above.
For clarity, we do not collect any personal data from the users’ devices.
We process the relevant customer’s “Google Ads” data through Google Ads API, for purposes of reporting to provide insights and understand of the performance of Google Ads campaigns and individual ads, to maintain the customer relation and for administrative purposes, such as invoicing. If applicable, we also process relevant customer's Google DV360 and Campaign Manager data through Google API for the same purposes. However, all aforementioned data is aggregated and should not include any personal data.
Personal data is shared on as needed basis with our data processors (for purposes controlled by us).
Personal data may be transferred outside the European Union and the European Economic Area, including but not limited to, the United States of America, Brazil, Australia, Japan, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers are performed subject to standard data protection clauses adopted by the European Commission in accordance with the GDPR, which are made available to the data subject upon request.
If you use Smartly.io Academy or any of our other learning resources, we will process the personal data derived from you in that connection, including for example:
The personal data is used to provide you with the training resources, track your progress and qualifications, develop our training resources, and to enable you to demonstrate your skills to others.
The personal data may be shared, as necessary to provide the learning resources, to other users and our suppliers providing the learning resources or participating in their production. Achievements recognized through the Smartly.io Certification programme are shared with our digital credential provider (currently Credly) to enable each participant to demonstrate their level of skills and knowledge. Making such validation publicly available from the credential provider’s platform is under your full control. Disclosing the information to the credential provider is based on our, our customers’ and users’ joint legitimate interests to have a set of common standards for the knowledge required to use Smartly.io effectively and to have available reliable tools to verify such knowledge where necessary. We have assessed that there is no risk for rights and freedoms of data subjects to automatically disclose such information to the service provider, as compared to ad hoc manual data transfers and validations such integrated solution especially helps the learners to have their credentials available, in verified and standardized manner, when needed, e.g. when seeking new job opportunities or networking.
We process the training and learning related personal data on the basis of legitimate interests in providing our users and customers with resources supporting the use of our services, and tools to follow and certify their competency.
The personal data is retained based on the criteria of validity of the training. Once the training related information has no value in practice (e.g. the is updated and old completions don’t demonstrate practical skills) or the one year has passed from deactivation of the user, whichever occurs first, the personal data shall be erased or anonymised.
If you use the Smartly.io Community site (“Community”) we will process the personal data derived from or submitted by you in connection with your access to and use of the Community, including for example:
The personal data is used to give you access to the Community, allow you to post and view comments and content in the Community and Smartly.io may also analyze and moderate (in Smartly.io’s discretion) the use of the Community.
We process the Community related personal data in order to perform our contractual obligations between Smartly.io and the users of the Community.
We retain your Community account data until you have removed your account or we have done the same as per your request. We retain the log information for 12 months after your account has been removed. Note that your posts and content will remain available in the Community even after your account has been removed but appear as coming from “Anonymous”.
Our websites deploy cookies, which are necessary for the sites to function (e.g. to enable page navigation, access to secure areas of the site, filling in forms, and setting your privacy preferences), and, subject to your consent, also uses other cookies for: content personalization, marketing, provision of media features and analysis of site traffic. Please see our cookie policies for detailed description of the used cookies, their purposes and to learn how to revoke “cookie-consents” and otherwise manage your preferences:
If you decide to contact us through our website (or any other channels, we’re always happy to hear from you), we will use the contact details and other given information to reply and process your request, for example to contact you to provide more information and to arrange a demo if you wish to learn more about our services. The processing is based on its necessity to reply to you and take measures deemed by your request.
Personal data derived from the websites and contract requests are deleted upon request of the contact, if the data is recognized out-dated, if the contact is no longer deemed suitable candidate to our service or has been inactive for over a year.
Such data is not regularly shared or transferred outside the EU, unless you reside outside the EU, in which case the personal data may be transferred to the Smartly.io Group’s office in your area. Such transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.
If you subscribe to our newsletter or for other materials (such as eBooks available on our websites), we will process the given contact information to send the newsletter or provide the materials. Such processing is based on its necessity to fulfill our legitimate interests to provide the subscribed material(s). The contact information is retained and possibly shared as described below.
We use following information to communicate on and promote our services (as compatible with the original purposes, if data is collected in another occasion):
The information is obtained from you (e.g. in connection with interaction we have with you, the subscription(s) and website forms, event registrations, demo requests or other contact requests and communications (including on third party platforms, such as LinkedIn), or our cooperation partners (for example, our referral partners may disclose us information on potential customers or organizers of events which we sponsor may disclose us information on participants). Subject to your (cookie) consent, the aforementioned data may be combined with information on online activity data in our website domains. Such data is gathered with cookies, please see our cookie policies (linked above) for detailed description of the used cookies.
The personal data above is used to generate leads, target marketing activities to the contacts representing potential and current customers (for example to help our sales teams to target their efforts to contacts with potential interest in our services) and other stakeholders (including our suppliers and partners), and to retarget and customize our marketing. Naturally, the data is used to provide product and service updates, announce new eBooks and other materials, invite to our events, and otherwise market our products and services and provide related information in different channels, such as emails, phone calls, on social platforms and over display. For example, we may retarget relevant contacts by serving new retail content on LinkedIn based on previous engagement with retail content on Smartly.io Group. In addition, personal data is used, as applicable, for market and customer analysis, reporting and statistical purposes, and to better understand how people interact with Smartly.io Group, including our websites and services.
As part of our customer referral program, we process the following personal data of the referee (from our customer database) and the new contact (provided by the referee):
The personal data above is used to source contacts from our current customers and thereafter to approach the contacts to find out if they are interested in our services. No automated treatment of the new contact's email address will be made other than the referral message. The processing is based on its necessity for us to reach to potential customers. If you have been referred to us as a new contact, you have a right to prohibit use of your contact information in the customer referral program at any time by sending us a notice to firstname.lastname@example.org.
Personal data stored for marketing purposes are deleted upon request of the contact, if the data is recognized out-dated, if the contact is no longer deemed suitable candidate to our service or has been inactive for over a year.
Personal data may be transferred outside the European Union and the European Economic Area, including but not limited to, the United States of America, Australia, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business or our service providers locate. Such transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.
If you wish to join our seminar, webinar or other business event, we will need to process your personal data. Such data includes the information given by you upon the registration and during the event. The information is used to arrange the event and to pursue our interests in organizing such events. The processing is based on your legitimate interests to participate in our event, and our legitimate interests in arranging your participation in the event and organizing such an event, such as networking, marketing or facilitating discussion on certain topics.
If you provide us with sensitive information related to dietary restrictions or disabilities, we’ll need your consent to process such information. We kindly ask you not to disclose such information unnecessarily.
If you have attended a Smartly.io Group’s event, we will likely contact you for feedback regarding the improvement of the event, our services relating to the event, or to hear your wishes for the following events. This contact is based on our legitimate interest to stay in touch with our contacts and receive meaningful feedback on our events, communications, and services.
Personal data is stored for the purpose of events as long as required to organize the event and take related measures, such as processing feedback, maintaining records for security and invoicing.
The information on participants are shared with the cooperation partners of the event, if any. If the event is held or event cooperation partners are outside the EU, we’ll transfer the personal data to their respective locations. Such transfers are subject to the adequacy decision of the European Commission or standard data protection clauses adopted by the European Commission in accordance with the GDPR, which are made available to the data subject upon request.
If you serve as the representative or other contact of our customer, supplier, partner or other entity we do (or wish to do) business with we’ll need to process the following information:
You are the main source of information, but the personal data may also be collected from your employees, your colleagues, and our (other) customers, suppliers and partners.
The personal data is used to discuss business opportunities, send notifications related to our services and otherwise communicate with you, contracting, invoicing and making payments. The processing is based on our legitimate interests pertaining to agreements we have (or have had), maintaining relationships, and pursuing our business. In addition, the invoicing related personal data will be used in accounting and reporting, which processing shall be based on our obligations under the law.
The personal data are erased from or anonymized in our systems upon request of the data subject or the party they represent, or if the data is detected irrelevant in our automated or manual system maintenance, or after three years of our latest contact to the data subject, whichever occurs first, with exception of personal data that must be retained for period required in the law, in which case the data shall be retained as long as needed to comply with such requirement.
If we store or use your data for purposes described above, you can always request from us:
Where the processing is based on consent, you can withdraw such consent at any time. Please note that the withdrawal will not affect processing performed prior to the withdrawal.
If you believe your rights under the data protection laws are being infringed, you may lodge a complaint with the supervisory authority of your residence in the EU (e.g. in Finland the Finnish Data Protection Ombudsman).
We will not discriminate against you for exercising any of your rights under the CCPA, unless permitted by the CCPA. Specifically, we will not: