External Privacy Policy

Introduction

SmartComms SC Limited and its group companies (collectively “Smart Communications”, “we”, “us” and “our”) has issued this policy (hereafter “Privacy Policy“) to describe how we process and use the personal data that we hold about, including but not limited to, existing customers, previous customers, prospective customers, suppliers, vendors, resellers, consultants, professional advisers, business partners, visitors and any other applicable third parties (hereafter also referred to as “you”). We respect the privacy rights of individuals and are committed to processing and using personal data responsibly and in accordance with applicable law. This Privacy Policy explains who we are, how we collect, share, disclose, use and retain personal data about you and how you can exercise your privacy rights in connection with it.

Please click here for Smart Communications’ Notice of Collection and additional privacy rights applicable to residents of specific states in the United States of America

Please click here for Smart Communications’ Notice of Collection and additional privacy rights applicable to Australian residents.

This Privacy Policy is not intended to override any specific commitments we have made to our customers in their contracts with us about the treatment of their data.

If you have any questions or concerns about our use of your personal data, please contact us at the contact details in the “How to contact us” section below.

  1. Entity responsible for processing your personal data

Each Smart Communications group company is responsible for the use of personal data it collects from you. For information relating to the particular data controller of your personal data, please see the list at the end of this Privacy Policy.

  1. What we collect

Broadly speaking, personal data means any information about an identifiable individual.

In the context of your relationship with Smart Communications, we may collect and process different types of personal data about you through your relationship or interactions with our personnel or when you engage with us to provide services. This personal data may include:

  • Identity Data such as your first name, last name, title, job title, company name, usernames, passwords, footage or images captured by CCTV systems (when you visit our offices);
  • Online Identifiers such as IP address;
  • Contact Data such as your corporate email, corporate phone numbers, corporate address;
  • Finance Data such as your corporate bank account and corporate payment card details to the extent you are an existing or prior customer of Smart Communications;
  • Support Data such as information you provide to us in the course of us providing our specific support services to you such as log files, screen shots, sample data and CMS packages to the extent you are an existing or prior customer of Smart Communications;
  • Marketing and Communications Data such as your preferences in receiving marketing from us and our third parties and your channels of communication preferences;
  • Sales Data such as information relating to your sales history with us to the extent you are an existing or prior customer of Smart Communications;
  • Biometric Data to the extent permitted by applicable law, data is obtained with your consent from recorded material collected via video conference; and
  • Other information you choose to provide to us, for example the purpose of your visit if you visit one of our site locations.
  1. Why we collect your personal data

Where we need to collect personal data under the terms of a contract with you or in accordance with applicable law and you fail to provide that personal data when requested, or withdraw your consent to our processing of that personal data, we may not be able to perform the contract we have (or are trying to enter into) with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We may collect and use the above personal data about you for the following purposes:

  • General business relationship management within Smart Communications;
  • To perform the services under the contract, including auditing and measuring the use of our services;
  • To provide support and assistance to customers in respect of our services;
  • To assist customers’ usage and improve customers’ usage of our products and services;
  • To ensure and protect the security of our services including preventing unauthorised access and preventing malicious software distribution;
  • To manage our daily business activities, such as executing payments;
  • To manage any queries, complaints or claims relating to the services you provide to Smart Communications or that Smart Communications provides to you;
  • In compliance with local law, for direct marketing, advertising and public relations purposes, in connection with Smart Communications’ business activities, products and services (including in accordance with local law to make recommendations about our services, product updates, surveys, referral programmes, special offers, incentives, promotions, events and webinars), and to inform you about important developments within Smart Communications. In compliance with local law, will also send you marketing material about our third-party business partners where their services are used in conjunction with our products, for example, SMARTCOMM for Salesforce;
  • For product development purposes, to allow us to improve our products and services or develop new products and services;
  • Where necessary to comply with laws and regulations, under judicial authorisation, or to exercise or defend the legal rights of the Smart Communications global group companies;
  • To help us conduct our business more effectively and efficiently or check and improve the quality of our products and/or services;
  • To carry out research and development with various Smart Communications partners;
  • To investigate violations of law or breaches of other Smart Communications policies, (specifically in relation to the use of CCTV in the EU this will include enabling Smart Communications to comply with the Authorised Economic Operator (AEO) standards established by the EU for the prevention and detection of crime and for protecting the safety of staff and other third parties);
  • In order to comply with Smart Communications’ legal or regulatory obligations and requirements relating to health and safety, manage business continuity and ensure the well-being of any attendee to a Smart Communications’ location.

We will only use your personal data for the purposes for which it was collected unless, in accordance with local law, we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose for which it is collected. If we need to use your personal data for an unrelated purpose, we will notify you to explain the lawful basis which allows us to do so or to obtain your consent, as required under applicable law.

We may also collect personal data from you when you use our websites.  For further information about how we use personal data that we collect when you visit our websites, please see our Website Privacy Policy and Cookies Notice by clicking the link in the page footer.

  1. How your personal data is collected

We use different methods to collect personal data including:

  • Direct Interactions. We collect information about you in our direct interactions with you. This may include when you:
  • Use our services and we receive information generated through your use of the services either entered by you or others who use the services with you;
  • Create an account with us that may be required for receipt and use of the services;
  • Apply for our products and services;
  • Request marketing and communications material;
  • Give us feedback or contact us; or
  • Attend a meeting or video conference, event, webinar or similar, that Smart Communications hosts, co-hosts or attends.
  • Third Parties. To the extent permitted by applicable law, we may receive information about you from other sources including publicly available websites, databases or third parties from whom we have purchased data only where we have checked that these third parties have a lawful basis to disclose your personal data to us. We may combine this data with information we already have about you. We may also receive information from Smart Communications group companies. This helps us to update, expand and analyse our records, identify new prospects for marketing and provide products and services that may be of interest to you.
  1. Sharing of Personal data

We take care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we allow a third party to access personal data, we will implement appropriate measures to ensure the information is used in a manner consistent with this Privacy Policy and that the security and confidentiality of the information is maintained.

We may disclose your personal data to the following categories of recipients:

  1. Smart Communications group companies. As a global group of companies we share your personal data between our group companies located in the jurisdictions in which our companies reside where required to deliver high quality services and to share administrative and operational resources for the efficient running of the Smart Communications business. Please see section 8 for the transfer mechanism outside of the UK or the European Economic Area (“EEA”) for these lawful disclosures.
  2. Third party services providers and partners who provide data processing services to us (for example, to support the delivery of our services), or who otherwise process personal data for purposes that are described in this Privacy Policy or notified to you when we collect your personal data. Depending upon the circumstances and where permitted by applicable law, these third parties include but are not limited to:
  • Professional advisors including lawyers, auditors, insurers and professional bodies;
  • IT and website service providers including Google Analytics, cloud service providers and data analysis service providers;
  • Security service providers;
  • Finance and billing service providers;
  • Marketing and CRM service providers,
  • Event organisers and PR agencies; and
  • Our partners and event sponsors.

For further information about how we use and share personal data that we collect when you visit our websites, please see our Website Privacy Policy and Cookies Notice by clicking the link in the footer of this page.

In respect of marketing and CRM service providers, event organisers, PR agencies and event sponsors, your personal data is transferred to such third parties on the basis of legitimate interest to the extent this is not overridden by your data protection interests or fundamental rights and freedoms. Third-party service providers, wherever possible, must process the personal data in accordance with this Privacy Policy and the additional data protection and privacy terms in our contract with them (which are no less onerous than the terms of this Privacy Policy).

  1. To any competent law enforcement body, regulatory, government agency, court or other third party (e.g. lawyers, auditors) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  2. To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Policy;
  3. To any other person if we have lawful ground to permit the disclosure (e.g. your consent).

Specifically in relation to CCTV, if and to the extent permitted by local law, Smart Communications may disclose recorded materials collected via CCTV, as permitted under local law, to: law enforcement and government agencies where images recorded would assist in a criminal enquiry and/or the prevention of terrorism and disorder;  prosecution agencies; relevant legal representatives; the media where the assistance of the general public is required in the identification of a victim of crime or the identification of a perpetrator of a crime;  people whose images have been recorded and retained unless disclosure to the individual would prejudice criminal enquiries or criminal proceedings; and/or emergency services in connection with the investigation of an accident.

Specifically in relation to Smart Communications customer usernames used to access the Smart Communications services, service access, and event logs are maintained by Smart Communications to ensure and protect the security of the services. Customer-specific event logs for the SaaS services are available to individual customers as an additional module and therefore, such customers’ usernames and customer tenancy activity may be provided back to customers licensed for this module

We do not share your personal data with third parties except as described in this Privacy Policy.

  1. Lawful basis for using your personal data

We will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you (i.e. to deliver our services or manage our business relationship with you), and/or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

Where permitted by local law, we may collect and use your personal data in reliance on our legitimate interests (or those of any third party).

In some cases, we may need to process your personal data where required to comply with applicable laws. In some cases, the use of your personal data is necessary for us to comply with a statutory or contractual requirement. Without your personal data, we cannot manage our relationship with you, nor comply with applicable laws. In some very limited cases, we may also need your personal data to protect your vital interests or those of another person.

Direct Marketing Communications

We will only send direct marketing communications in compliance with applicable local law. Depending on the circumstances this will be where we have your consent to do so or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. Smart Communications has a legitimate interest to market its products and services to existing customers to promote brand awareness and increase sales. The processing of personal data is an integral part of direct marketing, without processing of such personal data, direct marketing would not be possible. Smart Communications have assessed the purpose and necessity of such direct marketing communications and have concluded that considering the data retention and data minimisation principles Smart Communications adheres to, and the value of the direct marketing material to the recipient, your interests do not override the legitimate interest of Smart Communications for the types of direct external communications Smart Communications undertakes. Smart Communications has concluded that it is reasonable for business personnel within the industry sectors in which it operates to expect that their business contact details be processed in this way in accordance with local law. In the case of direct marketing, you have the right to request us not to use your personal data for these marketing purposes by opting out of receiving electronic communications by clicking on the unsubscribe link at the bottom of any such electronic communication. In addition, where we process your personal data to send you direct marketing communications based on your consent, you have the right to withdraw your consent at any time by sending us an email using the contact details provided under the “How to contact us” section of this Privacy Policy, below.

Where we process your Personal Information (as defined under CCPA) for any direct marketing activities we do so in compliance with the CCPA, noting that we adhere to any marketing preferences chosen by you (as described above).

CCTV
Where permitted by applicable law, legitimate interest is relied upon for CCTV recording on our premises. This includes (where applicable) enabling Smart Communications to comply with the Authorised Economic Operator (AEO) standards established by the EU for the prevention and detection of crime and for protecting the safety of staff and other third parties.  CCTV will only be recorded and used in accordance with local law.

Special Category Data

In the unlikely event we are required to collect any Special Category Data (as defined under GDPR) the lawful basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.

Special Category Data: Video Conferencing Recording

We will ask you to give your prior consent before using your biometric data (i.e., recording your voice or image) obtained via video conference recording.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please use the contact details under the “How to contact us” provided below.

  1. Security

Personal data is maintained on secure servers and is accessible by authorized personnel of Smart Communications (and our group companies and service providers) for the purposes described in this Privacy Policy.

Smart Communications maintains appropriate administrative, technical and physical safeguards designed to help maintain the confidentiality and integrity of your personal data and to protect it against accidental or unlawful destruction, accidental loss, unauthorised alteration, disclosure or access, misuse, and any other unlawful form of use of your personal data that Smart Communications has in its possession. In adherence with data protection laws and internal policies, Smart Communications addresses security at all appropriate technology infrastructure points.

Smart Communications follows generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received, however no security measure is perfect. To the extent that a password is required in relation to the services, you must safeguard your password, as it is one of the easiest ways you can manage the security of your own account – if you lose control over your password, you may lose control over your personal data.

Smart Communications has put in place a Security Incident and Breach Response Procedure that deals with any suspected personal data breach and we will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. International Data Transfers

Subject to any restrictions agreed with you in a contract with us, your personal data may be transferred to, and processed in, countries other than the country in which you are resident.  These countries may have data protection laws that are different to the laws of your country.

Smart Communications and our third-party service providers and partners operate around the world.  This means that when we collect your personal data it may be processed in any of these countries.

Where we transfer your personal data to Smart Communications group companies, the transfer shall be in accordance with the 2021 Standard Contractual Clauses approved by the European Commission including supplementary measures, as applicable and appropriate. Transfers may also occur under Smart Communication’s intra group data transfer agreement which applies the same standard of adherence to applicable data protection law.

Where we transfer your personal data to third parties, we shall only do so in compliance with applicable data protection law. Where such transfer is made from the United Kingdom or EEA, such transfers  are compliant with the transfer mechanisms approved by the European Commission under Article 46 of the General Data Protection Regulation (“GDPR”) and equivalent UK law.

Smart Communications is committed to processing and handling your personal data in accordance with applicable law, and we continue to monitor guidance on applicable data protection laws regarding appropriate safeguards for transfers of personal data.

  1. Retention of Personal data

We keep your personal data only as long as necessary for the purposes for which it was collected, to provide you with services, in accordance with our contract with you and where required or permitted under law. Generally, this means your personal data will be retained until the end of your contractual relationship with us and as long we have an ongoing legitimate business need to do so. Criteria used to determine data retention include, but are not limited to, statutory retention requirements, whether the data is necessary for tax or regulatory purposes, and whether the data is still relevant for business leads purposes. Our data retention policy is available upon request.

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

In relation to direct marketing, we will retain personal data (only to the extent necessary) in order to ensure we respect you direct marketing opt out preferences.

  1. Your Data Privacy Rights

In accordance with the requirements under applicable law, you may have the following rights (subject to certain exceptions):

  1. To access, correct, delete, update or rectify your personal data; you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
  2. To object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
  3. To opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.  To opt-out of other forms of marketing (such as postal marketing, targeted, cross-context behavioral or telemarketing), please contact us using the contact details provided under the “How to contact us” heading below.
  4. If we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  5. To complain to a data protection authority about our collection and use of your personal data.
  1. AI Tools

We may process your personal data using AI Tools. In most cases, we process your personal data using the AI Tools to improve the efficiency, quality, and speed of our business processes and for the purpose of providing our services.

In using the AI Tools, we may process different types of personal data, such as but not limited to contact personal data (e.g., full name, email address, telephone number, job title and company name). For this purpose, we rely on our legitimate interest in using the AI Tools. This legitimate interest is to improve the delivery of our services to you.

We are a data controller of your personal data when it is processed while using the AI Tools. We have a signed agreement in place with each AI tool provider, the processor, to ensure that your personal data is protected. Our users of the AI Tools know to process personal data in accordance with applicable law and our various data protection policies. We ensure in our contracts with the AI provider that none of the data that the AI Tools process is used to improve their AI products.

We may process confidential data when using the AI Tools. Our AI Tool users adhere to the appropriate standards of confidentiality and we have internal policies and training to ensure compliance.

  1. Updates to this Privacy Policy

We may update this Privacy Policy at any time to reflect changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.  Any prior versions of this policy can be obtained by contacting us on [email protected]

  1. How to contact us

Please contact Smart Communications using the below contact details if you have any questions about this Privacy Policy or Smart Communications practices relating to privacy.

Attention: Data Protection Officer

Email: [email protected]

Telephone: 020 8238 7400 (UK) or 1-800-986-6810 (US)

Address: Suite 23, LCLB, 95 Mortimer Street, London, W1W 7GB UK

Updated 20th March 2025

Group companies responsible for the processing of personal data

SmartComms Pty Limited – where there is a transfer of personal data is made from the United Kingdom or EEA to Australia (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

SmartComms LLC – where a transfer of personal data is made from the United Kingdom or EEA to the United States of America (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

SmartComms SC Limited – SmartComms SC Limited is registered with the UK Information Commissioner’s Office under registration number Z9698640 and is the parent company of the Smart Communications Group.  It undertakes sales, marketing and product support for Smart Communications products and performs finance and billing functions for the entire group. As such it will be a controller of any customer data in relation to Smart Communications products and for billing purposes.  Any transfer of personal data from the EEA to the UK (where this group company is located) will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law, as applicable and appropriate.

Intelledox Pty Limited – where there is a transfer of personal data is made from the United Kingdom or EEA to Australia (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

Intelledox Inc – where a transfer of personal data is made from the United Kingdom or EEA to the United States of America (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

Intelledox Asia PTE Limited –. where a transfer of personal data is made from the United Kingdom or EEA to Singapore (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

Intelledox Limited – located in Ireland

SmartComms Platinum AG –  where a transfer of personal data is made to or from Switzerland (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

SmartComms GmbH – where a transfer of personal data is made to or from Germany (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law

Smart Communications CCM Austria GmbH – where a transfer of personal data is made to or from Austria (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law

SmartComms Platinum Pte Ltd – where a transfer of personal data is made from the United Kingdom or EEA to Singapore (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

SmartComms Asia PTE Ltd – where a transfer of personal data is made from the United Kingdom or EEA to Singapore (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

Joisto Group OY – where a transfer of personal data is made to or from Finland (where this group company is located) such transfer will be in compliance with the transfer mechanisms approved by the European Commission under Article 46 of GDPR and equivalent UK law.

Notice of Collection and Additional Rights for Residents of Certain U.S. States

This supplement to our Privacy Policy is intended to comply with our obligations pursuant to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”), the Virginia Consumer Data Protection Act (“CDPA”), the Colorado Privacy Act (“CPA”), and other U.S. states with data or privacy protection laws that provide specific privacy rights to residents of those states in relation to businesses that do “business” in those states.

SmartComms SC Limited and its group companies (collectively “Smart Communications”, “we”, “us” and “our”) is collecting your personal information and sensitive personal information to support its business operations, including for the business purposes listed in the chart below.

DO NOT SELL OR SHARE MY PERSONAL INFORMATION

For purposes of applicable state data and privacy protection laws, we may share your personal information with third parties for cross-context behavioral advertising, as indicated in the chart below. The Personal Information we sell is specific to website activities and internet identifiers. Categories of third parties to whom we sell your Personal Information include analytics and marketing firms. We do not knowingly sell the Personal Information of individuals under the age of sixteen. You may opt-out of sales of your Personal Information by selecting the ‘Manage Cookie Preferences’ link in the footer of this page where you can manage your preferences.

We may collect the personal information and sensitive personal information categories listed in the table below. The table also lists, for each category, our expected retention period, use purposes, and whether we sell the information or share it with third parties for cross-context behavioral advertising.

Personal Information Category Retention Period Business Purpose Sold or Shared for Business Purposes
Identifiers. These include but are not limited to real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address.

Only for as long as necessary for us to perform the purpose of collection or as required under our contractual requirements with third parties or our legal obligations, at which point we will delete or anonymise your Personal Information.

You can read more about our retention on your Personal Information in section 9 “Retention of Personal Data” of our Privacy Policy.

General business relationship management within Smart Communications

To perform the services under the contract, including auditing the use of our services;

To provide support and assistance to customers in respect of our services;

To ensure and protect the security of our services including preventing unauthorised access and preventing malicious software distribution;

To manage our daily business activities, such as executing payments;

To manage any queries, complaints or claims relating to the services you provide to Smart Communications or that Smart Communications provides to you;

In compliance with local law, for direct marketing, advertising and public relations purposes, in connection with Smart Communications’ business activities, products and services and to inform you about important developments within Smart Communications. In compliance with local law, will also send you marketing material about our third-party business partners where their services are used in conjunction with our products, for example, SMARTCOMM for Salesforce

Where necessary to comply with laws and regulations, under judicial authorisation, or to exercise or defend the legal rights of the Smart Communications global group companies;

To help us conduct our business more effectively and efficiently or check and improve the quality of our products and/or services;

To carry out research and development with various Smart Communications partners;

To investigate violations of law or breaches of other Smart Communications policies,

In order to comply with Smart Communications’ legal or regulatory obligations

 Identifiers to the extent collected by way of Social Media, Performance and Targeting Cookies may be sold or shared.
California Customer Records personal information, which includes a name, signature, physical characteristics or description, address, telephone number, employment, employment history. Some personal information included in this category may overlap with other categories. Shared for business purposes
Protected classification characteristics under California or federal law including but not limited to age (40 years or older), color, citizenship. Shared for business purposes
Commercial information, including but not limited to products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies and information you provide to us in the course of us providing our specific support services to you such as log files, screen shots, sample data and CMS packages to the extent you are an existing or prior customer of Smart Communications; Shared for business purposes
Information including but not limited to such as physiological and behavioral characteristics (such as your voice and physical appearance obtained from recorded material collected via video conference or close circuit television (CCTV) that may identify you). Shared for business purposes
Internet or other similar network activity, such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Internet or other similar network activity to the extent collected by way of Social Media, Performance and Targeting Cookies may be sold or shared.
Sensory data, such as audio (obtained from recorded material collected via video conference or close circuit television (CCTV) that may identify you) Shared for business purposes
Professional or employment-related information such as title Shared for business purposes
Inferences drawn from other personal information, such as a profile reflecting a person’s preferences. Shared for business purposes

Sensitive personal information is a subtype of personal information consisting of specific information categories. While we collect information that falls within the sensitive personal information categories listed in the table below, the CCPA does not treat this information as sensitive because we do not collect or use it to infer characteristics about a person. We do not use your Personal Information to make important automated decisions about you. We may process your Personal Information because we receive it either directly from you or from one of our customers, for whom we act as a “Service Provider” (as defined under CCPA) or a “Processor” (as defined under other state data or privacy protection laws).

As per our Privacy Policy, we retain your Personal Information only for as long as necessary for us to perform the purpose of collection or as required under our contractual requirements with third parties or our legal obligations, at which point we will delete or anonymise your Personal Information. You can read more about our retention on your Personal Information in section 9 “Retention of Personal Data” of our External Privacy Policy.

STATE PRIVACY RIGHTS

Residents of these states may have one or more of the following privacy rights.

1. The right to confirm whether we are processing your Personal Information and to access your Personal Information.

2. The right to know how we process your Personal Information over the past twelve months. You have the right to request information about (1) the categories of Personal Information we collect about you, (2) the categories of sources from which we collect your Personal Information, (3) the purpose for which we collect or sell your Personal Information, (4) the categories of third parties to whom we disclose your Personal Information, and (5) the specific pieces of Personal Information we collect about you.

3. Subject to certain exceptions, you may request a copy of your Personal Information in a portable and readily usable format that allows you to transmit your Personal Information to another party.

4. You may request we correct inaccurate Personal Information that we have about you and to delete Personal Information that we have collected about you, subject to certain exceptions. Only you, or a person authorised by you, may request that we delete your Personal Information. We may deny your request if retaining your Personal Information is necessary for us or our service providers to perform certain actions as set forth in the CCPA. We may further retain aggregate and deidentified information. Note that not all states allow authorised agents to make all types of requests.

5. You may direct us not to sell your Personal Information or share it for cross-context behavioral advertising. If you are a Colorado resident, you may opt out of all targeted advertising and profiling for the purpose of certain types of decision making. Nevada Residents may request to opt-out of selling their personal data by selecting “Manage Cookie Preferences” in the footer of this page and managing your preferences.

6. California’s “Shine The Light law” allows customers in California to request certain details about how certain types of personal data is shared with third parties, as well as in some cases affiliates, for marketing purposes. Under the law, we are required to provide this information or allow you to opt out of such disclosures. You may contact us to exercise your rights under this law.

7. We will not discriminate against you for exercising your rights under applicable privacy laws.

We will respond to your request within a reasonable time. Please note that we may ask you for further information in order to prove your identity before disclosing any personal data to you or responding to a request made by you to exercise your privacy rights. The information required to verify your identity may depend on the request and the nature and sensitivity of the Personal Information. We may ask for additional documentation if we believe it necessary to confirm your identity

We may also require proof of authorisation for anyone making a request on your behalf. These are security measures to ensure that any personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask for further information in relation to your request.

Some of these states allow you to appeal a decision we have made in response to your request to exercise a right under applicable privacy laws. If we decline to take an action on a request you have submitted, we will inform you of our reasons as well as instructions on how to appeal a decision for residents of states that allow appeals. You must appeal the decision within a reasonable timeframe. We will respond within sixty days of receipt of your appeal with an explanation of actions taken or not taken in response to your appeals along with a written explanation of the reasons for our decision. If we deny your appeal, we will provide you with a method to contact your relevant state authority to submit a complaint.

Due to the nature of our services, we may also process personal data relating to individuals with whom we do not have a direct relationship. The transfer of personal data from our customers (acting as data controller) to Smart Communications (acting as data processor) is in compliance with applicable data protection laws.  If you are an end user of one of our customers or in any other way connected to our customers’ use of the Smart Communication services, please contact the relevant customer directly who will then liaise with Smart Communications if legally required.

If you are unhappy with the way that Smart Communications has handled your personal data, you have the right to make a complaint to the authority responsible for data protection in the country that you are based. Contact details should be available online or you may alternatively ask us for assistance.

You can click here to return to our External Privacy Policy.

Updated 18th May 2025