We at Smartly.io Solutions Oy (business ID 3145736-1) together with our affiliates (“we” or “us”) believe that protecting our customers’ and business partners’ privacy is crucial to our business and values. In the course of our business operations, we receive, collect, maintain, use and share personal data on customers and business partners. We are committed to protecting the privacy of individuals who use or are subject to our services (data subjects).
We process the Google User IDs shared by the relevant customer to authenticate each user’s right to access the customer’s Google Ad Account, and to provide and maintain authorised access. We store the Google User ID as long as the user has access to our customer’s account, and for a reasonable time thereafter as required to maintain and demonstrate diligence of our business and data security, including to investigate any potential misuse where necessary. We process the related personal data on the basis of legitimate interests related to the data security, customer and business relationships between us and the affected data subjects (Article 6(f) of the GDPR).
We also process YouTube channel ID and title (i.e. Authorised Data) in order to enable the authorised users to pick the channel when they upload a video to YouTube, based on the right the user has granted us to access YouTube API Services, and until such access right is revoked. The users can easily revoke our access to their data from our service, or via the Google security settings page at https://security.google.com/settings/security/permissions. Should there be personal data included in the Authorised Data, processing is based on our legitimate interests described above.
For clarity, we don’t collect any personal data from the users’ devices.
We process the relevant customer’s “Google Ads” data through Google Ads API, for purposes of reporting to provide insights and understand of the performance of Google Ads campaigns and individual ads, to maintain the customer relation and for administrative purposes, such as invoicing. However, such data is aggregated and should not include any personal data.
Personal data is shared on a necessity basis with our data processors (for purposes controlled by us).
Personal data may be transferred outside the European Union and the European Economic Area, including but not limited to, the United States of America, China, Australia, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers are performed subject to appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.
A data subject has a right to request from us:
A data subject may exercise the aforementioned rights by sending a written request to us.
In case a data subject considers that its rights under the data protection laws are infringed, they may lodge a complaint with the supervisory authority of the Data Subject’s residence in the EU (e.g. in Finland the Finnish Data Protection Ombudsman).