Privacy policy.
Last updated: 31 March 2021
We have presented this Privacy Notice to allow our users quick and easy access to the relevant areas of the Policy that they require, if you have any questions or queries please contact a member of the team: info@mysmash.media
About SMASH & My Smash Limited
SMASH is a web-based application designed for use on desktop and mobile web browsers.
The SMASH brand is owned and managed exclusively by My Smash Limited, a company registered in England and Wales, Company Number: 11313377 with registered offices at: 82 Wandsworth Bridge Road, London, SW6 2TF, United Kingdom.
How To Contact Us & Our Data Protection Officer (DPO)
My Smash Limited is the Data Controller for all personal information that we process unless stated otherwise.
My Smash Limited is registered with the Information Commissioner's Office - registration number: ZA796881. Entry details can be found here: https://ico.org.uk/ESDWebPages/Entry/ZA796881
You can contact our Data Protection Officer directly using the following methods:
Email: info@mymsash.media
Post:
Data Protection Officer
My Smash Limited
82 Wandsworth Bridge Road
London SW6 2TF, United Kingdom.
We have conducted a Data Protection Impact Assessment on all our processing activities to ensure that individual rights of any individual are never knowingly infringed.
Privacy by Design
SMASH has been developed using a Privacy by Design approach, this means that Privacy of our users and Information Security has been at the heart of the SMASH application through all areas of development and we do not request, hold nor process any data that is not essential to the delivery of the core service.
Personal Data means any information relating to natural persons who:
● can be identified or who are identifiable, directly from the information in question; or
● who can be indirectly identified from that information in combination with other information.
Personal Data that is received by the SMASH application by affirmative input by the intended users, are re-confirmed by use of a verification email that is sent to the registered user.
SMASH has been developed with your Privacy in mind and we have taken appropriate technical and organisational measures to protect the confidentiality and integrity of your data during storage, transit and all processing activities.
What Personal Data do we collect and why?
In order to carry out our day-to-day operations and offer the benefits to SMASH users we obtain information from and about registered users.
The SMASH application is accessed via a web browser on the user’s desktop or mobile device.
Once the SMASH application is opened, the user may choose to register a personal profile and in order to access all features available in SMASH the user is required to create an account. When an account is created the following data is collected.
Identity Data: first name; last name.
Contact Data: email address.
Registration Data: any other personal data that you may provide when you register an account with us.
Financial Data: Bank account details; partial payment card details.
Profile Data: account username; password; profile picture or avatar; the content of any messaging you send or content you upload.
Behavioural Data: Data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about any products you viewed or purchased through the site.
Technical Data: IP address; browser type and operating system; geolocation, to ensure we’re showing you the correct notices and information; any other unique numbers assigned to a device.
Marketing and Communications Data: Marketing preferences; service communication preferences.
How We Collect or Receive Your Personal Data
Personal data you provide to us
You may give us your personal data directly, for example, when you register on the site, contact us with enquiries, complete forms on our site, subscribe to receive our marketing communications or provide feedback to us.
Personal data we collect using cookies and other similar technologies
When you access and use our site, we will collect certain behavioural data and technical data. We collect this personal data by using cookies and other similar technologies.
How do we use your Personal Data and Our Legal Basis for Processing
We will only use your personal data when the law allows us and only for the following purposes:
● To the extent that it is required for us to carry out the full services on behalf of our users based on the agreement we have with them.
● Provision of the service will also include sharing relevant elements of your contact data with other users, but you will always be in control of that via your sharing settings in your profile.
● We will also collect and process behavioural data and technical data when you use certain features and functionality on our site. This data helps us understand how you use our site so that we can improve it and optimise your experience.
● Where we need to comply with our legal and/or regulatory obligations
Under the General Data Protection Regulations (GDPR) there are various legal bases for the processing of personal data.
● Where it is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, and subject to any sharing permissions you have set in your profile.
● Where it is in our legitimate interest to use personal data in such a way to ensure that we provide access to the site and our services in a secure and effective way and so that we can make improvements to our site.
● Consent is always used for marketing communications from which you are able to withdraw at any time if you are subscribed. Marketing messages will only be sent via email to the user whose email address is used to register the account.
● Push notifications may be used where consent is provided specifically for them to be shown via the device used.
Cookies
We use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the devices that you use to access our site and services. We use this data to analyse how you use our site and our services and the effectiveness of our site and services.
Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy for further details.
In certain circumstances, we may rely on another lawful basis when we use your personal data collected via the use of cookies,. For example, where we use personal data collected through the use of analytics cookies to analyse how you use our site, it is in our legitimate interest to use your personal data in such a way to improve our site and our services.
Sharing Personal Data with Third Parties
Provision of the service will also include sharing relevant elements of your contact data with other users, but you will always be in control of that via your sharing settings in your profile.
Otherwise we use certain third parties to help us provide the service. We go through a stringent due diligence process when we select any third parties to work with to ensure their ethics, policies and processes are in line with our own.
These Third Parties include:
Type of Service: Email Service Provider (ESP) - Service Notifications.
Reason why we should share data with them: So that we can send service notifications that are critical to the operation of the SMASH service.
Our selected partner, their Web address and Privacy Policy: Mailchimp (Mandrill)
How we manage your data with them: Data is retained in accordance with our Data Retention Policy.
Type of Service: Email Service Provider (ESP) - Marketing.
Reason why we should share data with them: So that we can send marketing emails (where explicit consent exists).
Our selected partner, their Web address and Privacy Policy: Mailchimp
How we manage your data with them: Data is retained in accordance with our Data Retention Policy.
Type of Service: Hosting Providers.
Reason why we should share data with them: So that we can provide our services to Customers and that data can be held within a secure data centre.
Our selected partner, their Web address and Privacy Policy: Amazon Web Services
How we manage your data with them: Data is retained in accordance with our Data Retention Policy.
Type of Service: Application analytics.
Reason why we should share data with them: So that we can improve the services that we are offering to our Users by understanding their behaviour in aggregate when using SMASH.
Our selected partners, their Web address and Privacy Policy: Google Analytics, LogRocket
How we manage your data with them: Non personally-identifiable information is shared with our partners. This anonymous data is retained indefinitely.
They will only access your personal information where it is required to supply the services and we will always remain in control of any data that is being processed.
We will only disclose your information to parties not listed in this Privacy Policy in the following circumstances:
● We have a legal obligation to do so, for example for law enforcement or regulatory bodies
● To protect our interests and help us prevent fraud, detect crime or investigate any form of malicious or other activity which may be against our terms of service.
● Where you give us specific permission to do so by providing consent
Transfers outside the UK and the European Economic Area (“EEA”)
Where necessary in order to provide our services, we will transfer personal data to countries outside the UK and the EEA.
Non-EEA countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.
Your Rights
Under the GDPR you have rights we need to make you aware of, these are listed below.
Please contact our Data Protection Officer to discuss any of these rights and how we may assist: info@mysmash.media
Your right of access:
You have the right to ask us for copies of your personal information
Your right to rectification:
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
Your right to erasure:
You have the right to ask us to erase your personal information in certain circumstances
Your right to restriction of processing:
You have the right to ask us to restrict the processing of your information in certain circumstances
Your right to data portability:
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
Data Retention and Erasure Policy
We will only retain information for as long as required to deliver the services to our Customers safely and securely.
Our data retention policy is based on specific data types that we process:
Type of information collected & stored: Registered user personal information and all submitted project information.
Retention period (maximum): Indefinitely, unless explicitly instructed to close account and delete all information.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
When the purposes we collected the data for have ended we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
Changes to our Privacy Policy
This Privacy Policy goes through regular reviews and is updated where appropriate; the revised version will be visible on our websites.
Contact Us
Email: info@mysmash.media
Post:
Data Protection Officer
My Smash Limited
82 Wandsworth Bridge Road
London SW6 2TF, United Kingdom.