Smarter Ecommerce GmbH (hereinafter known as "smec") is committed to privacy and especially to compliance with national and international data protection regulations. To adhere to social, corporate and legal requirements responsibly, compliance with the generally accepted and globally valid provision for the protection of personal data is essential. The trusting and transparent handling of data strengthens customer relations and takes into account the high demands of smec on transparency and professionalism.
3. Personal data
Personal data is all information that relates to an identified or identifiable person. These are, for example, name, date of birth, social security number, email address, but also geodata, IP addresses or other (online) identifiers and customer numbers.
smec processes the collected and stored personal data exclusively for the purposes stated in this declaration. smec does not sell or lease any data for purposes of revenue generation. Disclosure to third parties or publication of data is only possible with the prior written consent of the person concerned. The data is either processed by smec itself or by selected processors. The data is always kept secret.
4. Collection and user of data
smec collects, stores and processes personal data for different purposes. This data will be deleted after the elimination of the respective legal basis, provided that no statutory provisions or legitimate interests contradict.
The websites of smec (including https://smarter-ecommerce.com, start.whoopapp.com, www.greatday-event.com) identify and collect access data from website visitors and save it in log files. Among other things, the following data is recorded: name of the website, date and time of the call, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited site), IP address and the requesting provider.
smec has a legitimate interest in knowing the users of its own websites in order to optimize the services offered and to further increase the user-friendliness. Therefore, smec collects this data for the purpose of statistical evaluation and constant optimization of the websites. In the case of a legitimate suspicion of unlawful use, smec reserves the right to subject the stored log data to an ex post review in order to avoid unlawful use.
Furthermore, smec provides different contact forms to process inquiries of interested parties (for example about a product demo). Personal data (e.g. name, email address, telephone number) are also requested. This data is stored by smec in secure CRM systems in order to be able to answer the inquiries correctly and to have an overview of the requestors and those interested in follow-up inquiries or contacting.
With our newsletter we keep you up-to-date and inform you about new offers, services, events and interesting contributions from the e-commerce sector. The newsletter serves to keep in constant communication with our customers, partners and interested parties.
In order to receive this service, we require the consent of the persons concerned. In doing so, general contact details (name and email address) are requested and stored for the purpose of sending the newsletter until further notice. The data will be used exclusively for this purpose and will not be passed on to third parties.
Furthermore, smec stores the IP address as well as the time stamp of the newsletter registration in order to check or, if necessary, to prove whether a third party has unauthorizedly used an email address without the knowledge and consent of the authorized person.
Newsletter recipients have the right to revoke the newsletter service at any time, simply by using the unsubscribe link provided in the newsletter or by sending a request to the contact details below. After that, no more newsletters will be sent to the specified email address and the stored data will be deleted immediately.
Cookies are small text files that a website stores on the respective device (PC, notebook, smartphone, tablet) of the visitor when visiting the website. These cookies contain information about the user himself (for example IP address and information about the hardware and software used) as well as the website visited.
As an alternative to the default browser settings, you can opt out of non-essential cookies, such as those used for traffic analysis, by clicking on this link. An opt-out cookie will be set on your device, which prevents further data collection.
smec uses the analytics service Google Analytics provided by Google. In doing so, Google accesses the cookies of the user and uses them to analyze the use of the website. The data of the cookies is also regularly transmitted to the US and stored on Google's own servers. This website has enabled the anonymization of IP addresses feature, which truncates the IP address before submitting it.
Google uses this information for the detailed evaluation of the use of this website. Google summarizes the information about the website activities for smec in structured reports.
To ensure the required level of protection, Google is certified under the EU-US Privacy Shield. In addition, smec has entered into suitable agreements with Google to ensure a corresponding level of data protection.
smec does no profiling and therefore the IP address stored by means of Google Analytics will not be merged with other Google products or services.
To prevent Google from collecting and processing the data generated by the cookie and related to your use of the website, you can simply download and install a browser add-on at https://tools.google.com/dlpage/gaoptout.
The Orbiter is a free-to-use service for visualizing of data (such as Google AdWords data) provided by smec. This service presents different data from the Google AdWords account in an easy-to-understand, graphical form, which substantially increases the readability and comprehensibility of the data. To do so, the user authorizes smec to access the user's Google AdWords account and to read out the corresponding data required for visualization. The associated writing-permission is not used by smec under any circumstances. smec uses its access only to read the information and does not make any changes to the user's AdWords account. This authorization is limited in time to the duration of the session and therefore ends automatically at the end of the session.
smec does not store authorization tokens beyond the session. All read-out data is treated strictly confidentially, used exclusively for the defined purpose and not forwarded to unauthorized persons or third parties.
To further improve the service and learn more about its users and audiences, smec reads general data (such as AdSpend) to categorize users. This data is stored in the smec CRM system and kept strictly confidential. This enables smec to better understand users' goals and intentions, solve common problems faster, and constantly improve its services.
Products and services (including AdEngine, Whoop!)
For the proper use of the products and services offered by smec, personal data of the customer (contact data, login data, billing data, address data) is stored and processed by smec. These data is processed exclusively for the proper performance of the contract and automatically deleted on request, or after the abolition of the legal basis, provided that no legal provisions or legitimate interests contradict this.
5. Data transfer and submission
smec has a great interest in protecting all data (in particular personal data) against unauthorized access and processing it in a manner that complies with the statutory provisions. In addition to its own infrastructure and systems, smec also uses various software providers and tools (such as Google, Salesforce, Stripe, Slack and Asana), which enable secure and collaborative processing of the data.
It may also be the case that data is stored or processed outside the territory of the European Union, in particular in the United States, whereby smec ensures that appropriate safeguards are in place for all third-party providers, which guarantee the necessary level of data protection. Most large and international software vendors (such as Google, Salesforce and others) are certified under the EU-US Privacy Shield. Compliance with the requirements of the EU-US Privacy Shield complies with the level of data protection of the European Union, which allows data transmission to these companies.
With all processors without self-certification, smec has concluded corresponding agreements on data processing in accordance with Art. 28 (3) GDPR.
6. Data processing agreement
Data processing agreements have to be made, if personal data is processed by a third party (processor) on behalf of the controller. By doing so, the processor guarantees to comply with the applicable data protection rules. The processor may process personal data only in the context, scope and purpose specified in the agreement. In these cases, smec will be further responsible for the processing activities and the protection of the rights of the data subjects. In case of inquiries, the processor must provide the best possible support to smec.
smec has entered into an agreement with all processors and therefore works exclusively with those processors and partners who provide reasonable guarantees that appropriate technical and organizational measures are taken to ensure that the processing complies with data protection requirements, so the required level of protection is being guaranteed.
7. Data protection measures
In order to protect personal data sufficiently, smec has taken appropriate technical and organizational measures. These measures ensure that personal data is not used, processed, copied, modified, deleted or published or used without authorization.
Different measures have been taken, such as the definition of a company-wide and cross-sectoral rights and deletion concept, control and monitoring of access to the data, extensive backup and restore options. Additional security is provided by comprehensive anti-virus programs and firewalls. These measures will ensure the confidentiality, integrity and availability of systems and data. In addition, organizational measures such as training and extended confidentiality arrangements for smec staff, the dual control approach and newly-developed processes to ensure a level of protection appropriate to the risk were taken.
8. Rights of data subjects
Data subjects affected by data processing are entitled to smec's extensive (information) rights. Such requests have to be sent to the contact details below and will be processed and answered by smec immediately, but no later than after 30 days. These rights are unrestrictedly available to the person concerned, however, if excessive use is made of these rights (for example, due to frequent inquiries), smec reserves the right to charge the associated processing costs without any additional charge. The person concerned will be informed separately if necessary.
The data subject concerned has a right of
- Information: The data subject can request information about which personal data about him is stored or processed by smec.
- Correction: If personal data is incomplete or incorrect, the person concerned may request correction of it.
- Deletion: The person concerned may request smec to delete his personal data. smec must comply with this request if the legal basis for data processing is eliminated and no further legal basis (for example statutory retention requirements, legitimate interests) preclude this.
- Restriction of processing
- Data portability: The data subject may require smec to transfer his personal data to a third party in a structured, machine-readable format.
- Objection to data processing: If personal data is processed for legitimate interest, the data subject can object to this processing. The controller must then examine and explain whether his legitimate interest in processing has a greater effect than the interests of the person concerned for secrecy.
- Revocation of granted consent: Upon receipt of a revocation, smec will cease processing of the personal data affected immediately, provided that this is done exclusively on the basis of the consent and no other legal basis exists.
The data subject concerned must send all inquiries in writing to the contact details listed below.
smec uses links to various social media services on its websites (e.g., Facebook, Twitter, LinkedIn, Xing, Youtube, Instagram). By clicking on these links you will be forwarded directly to the presence of smec in the respective social media service.
In addition, smec uses additional links to third-party websites (such as trade fair and event information or press releases).
The collection and processing of personal data on the respective websites of third parties is the sole responsibility of the respective service provider. smec has no influence on this and is therefore not responsible for the data processing.
10. State law
This privacy statement has no influence on applicable state law, it complements or clarifies the Austrian data protection law. National and international laws always have priority in the event of a collision with this statement.
11. Contact details
To assert the data subject rights or for other inquiries, please use the following smec contact data:
Smarter Ecommerce GmbH
Tel: +43 (0) 732 997002
Fax: +43 (0) 732 997002-10