Privacy Policy

1. Preamble

Smarter Ecommerce GmbH (hereinafter known as "smec") is committed to privacy and especially to compliance with national and international data protection regulations. To adhere to social, corporate and legal requirements responsibly, compliance with the generally accepted and globally valid provision for the protection of personal data is essential. The trusting and transparent handling of data strengthens customer relations and takes into account the high demands of smec on transparency and professionalism.

This privacy policy gives a comprehensive overview of the nature and extent of the personal data processed by smec, the purposes of the processing, the rights of data subjects, the data transfer to third countries and the necessary technical and organizational data protection measures.

2. Scope and changes of the privacy policy

This privacy policy applies to all products and services offered by smec that are communicated or promoted to customers or potential prospects. Furthermore, this privacy policy applies to all websites managed by smec and to which this declaration is available.

Due to changing legal, economic, entrepreneurial or technical conditions, this privacy policy needs to be updated from time to time and adapted to the changing conditions. smec reserves the right to change this statement at any time. The currently valid version of the privacy policy of smec is available at www.smarter-ecommerce.com/en/privacy.

3. Personal data

The purpose of this privacy policy is the protection of personal data. This purpose is achieved by implementing and complying with the relevant legal provisions, such as the EU General Data Protection Regulation (GDPR), the Austrian data security law (DSG) and the Austrian telecommunications law (TKG 2003).
Personal data is all information that relates to an identified or identifiable person. These are, for example, name, date of birth, social security number, email address, but also geodata, IP addresses or other (online) identifiers and customer numbers.

Explicitly excluded from the scope of this privacy policy are anonymous or anonymized data, which may be e.g. for surveys, statistical evaluations or improvements to the website by measuring user behavior, and therefore can not be assigned to an individual, natural person. This is not a personal data in the sense of this statement.

smec processes the collected and stored personal data exclusively for the purposes stated in this declaration. smec does not sell or lease any data for purposes of revenue generation. Disclosure to third parties or publication of data is only possible with the prior written consent of the person concerned. The data is either processed by smec itself or by selected processors. The data is always kept secret.

4. Collection and user of data

smec collects, stores and processes personal data for different purposes. This data will be deleted after the elimination of the respective legal basis, provided that no statutory provisions or legitimate interests contradict.

Website

The websites of smec (including https://smarter-ecommerce.com, start.whoopapp.com, www.greatday-event.com) identify and collect access data from website visitors and save it in log files. Among other things, the following data is recorded: name of the website, date and time of the call, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited site), IP address and the requesting provider.
smec has a legitimate interest in knowing the users of its own websites in order to optimize the services offered and to further increase the user-friendliness. Therefore, smec collects this data for the purpose of statistical evaluation and constant optimization of the websites. In the case of a legitimate suspicion of unlawful use, smec reserves the right to subject the stored log data to an ex post review in order to avoid unlawful use.

Furthermore, smec provides different contact forms to process inquiries of interested parties (for example about a product demo). Personal data (e.g. name, email address, telephone number) are also requested. This data is stored by smec in secure CRM systems in order to be able to answer the inquiries correctly and to have an overview of the requestors and those interested in follow-up inquiries or contacting.

Newsletter

With our newsletter we keep you up-to-date and inform you about new offers, services, events and interesting contributions from the e-commerce sector. The newsletter serves to keep in constant communication with our customers, partners and interested parties.
In order to receive this service, we require the consent of the persons concerned. In doing so, general contact details (name and email address) are requested and stored for the purpose of sending the newsletter until further notice. The data will be used exclusively for this purpose and will not be passed on to third parties.
Furthermore, smec stores the IP address as well as the time stamp of the newsletter registration in order to check or, if necessary, to prove whether a third party has unauthorizedly used an email address without the knowledge and consent of the authorized person.

Newsletter recipients have the right to revoke the newsletter service at any time, simply by using the unsubscribe link provided in the newsletter or by sending a request to the contact details below. After that, no more newsletters will be sent to the specified email address and the stored data will be deleted immediately.

Cookies

Cookies are small text files that a website stores on the respective device (PC, notebook, smartphone, tablet) of the visitor when visiting the website. These cookies contain information about the user himself (for example IP address and information about the hardware and software used) as well as the website visited.
smec uses cookies to constantly improve the performance of the website and to better understand the user behavior of website visitors. smec has an interest in constantly improving and developing its websites, making them even more user-friendly, effective and secure. For this purpose, the user behavior is analyzed on the websites of smec and this data is stored without personal reference (by anonymizing the IP address).
In the event that a user no longer wants to use cookies, he may refuse the setting of cookies in the settings of the browser. However, this may result in restrictions or performance reductions of individual services.

Opt-out
As an alternative to the default browser settings, you can opt out of non-essential cookies, such as those used for traffic analysis, by clicking on this link. An opt-out cookie will be set on your device, which prevents further data collection.

Google Analytics

smec uses the analytics service Google Analytics provided by Google. In doing so, Google accesses the cookies of the user and uses them to analyze the use of the website. The data of the cookies is also regularly transmitted to the US and stored on Google's own servers. This website has enabled the anonymization of IP addresses feature, which truncates the IP address before submitting it.
Google uses this information for the detailed evaluation of the use of this website. Google summarizes the information about the website activities for smec in structured reports.
To ensure the required level of protection, Google is certified under the EU-US Privacy Shield. In addition, smec has entered into suitable agreements with Google to ensure a corresponding level of data protection.
smec does no profiling and therefore the IP address stored by means of Google Analytics will not be merged with other Google products or services.

Opt-out
To prevent Google from collecting and processing the data generated by the cookie and related to your use of the website, you can simply download and install a browser add-on at https://tools.google.com/dlpage/gaoptout.

Orbiter

The Orbiter is a free-to-use service for visualizing of data (such as Google AdWords data) provided by smec. This service presents different data from the Google AdWords account in an easy-to-understand, graphical form, which substantially increases the readability and comprehensibility of the data. To do so, the user authorizes smec to access the user's Google AdWords account and to read out the corresponding data required for visualization. The associated writing-permission is not used by smec under any circumstances. smec uses its access only to read the information and does not make any changes to the user's AdWords account. This authorization is limited in time to the duration of the session and therefore ends automatically at the end of the session.
smec does not store authorization tokens beyond the session. All read-out data is treated strictly confidentially, used exclusively for the defined purpose and not forwarded to unauthorized persons or third parties.
To further improve the service and learn more about its users and audiences, smec reads general data (such as AdSpend) to categorize users. This data is stored in the smec CRM system and kept strictly confidential. This enables smec to better understand users' goals and intentions, solve common problems faster, and constantly improve its services.

Products and services (including AdEngine, Whoop!)

For the proper use of the products and services offered by smec, personal data of the customer (contact data, login data, billing data, address data) is stored and processed by smec. These data is processed exclusively for the proper performance of the contract and automatically deleted on request, or after the abolition of the legal basis, provided that no legal provisions or legitimate interests contradict this.

5. Data transfer and submission

smec has a great interest in protecting all data (in particular personal data) against unauthorized access and processing it in a manner that complies with the statutory provisions. In addition to its own infrastructure and systems, smec also uses various software providers and tools (such as Google, Salesforce, Stripe, Slack and Asana), which enable secure and collaborative processing of the data.
It may also be the case that data is stored or processed outside the territory of the European Union, in particular in the United States, whereby smec ensures that appropriate safeguards are in place for all third-party providers, which guarantee the necessary level of data protection. Most large and international software vendors (such as Google, Salesforce and others) are certified under the EU-US Privacy Shield. Compliance with the requirements of the EU-US Privacy Shield complies with the level of data protection of the European Union, which allows data transmission to these companies.
With all processors without self-certification, smec has concluded corresponding agreements on data processing in accordance with Art. 28 (3) GDPR.

6. Data processing agreement

Data processing agreements have to be made, if personal data is processed by a third party (processor) on behalf of the controller. By doing so, the processor guarantees to comply with the applicable data protection rules. The processor may process personal data only in the context, scope and purpose specified in the agreement. In these cases, smec will be further responsible for the processing activities and the protection of the rights of the data subjects. In case of inquiries, the processor must provide the best possible support to smec.

smec has entered into an agreement with all processors and therefore works exclusively with those processors and partners who provide reasonable guarantees that appropriate technical and organizational measures are taken to ensure that the processing complies with data protection requirements, so the required level of protection is being guaranteed.

7. Data protection measures

In order to protect personal data sufficiently, smec has taken appropriate technical and organizational measures. These measures ensure that personal data is not used, processed, copied, modified, deleted or published or used without authorization.

Different measures have been taken, such as the definition of a company-wide and cross-sectoral rights and deletion concept, control and monitoring of access to the data, extensive backup and restore options. Additional security is provided by comprehensive anti-virus programs and firewalls. These measures will ensure the confidentiality, integrity and availability of systems and data. In addition, organizational measures such as training and extended confidentiality arrangements for smec staff, the dual control approach and newly-developed processes to ensure a level of protection appropriate to the risk were taken.

8. Rights of data subjects

Data subjects affected by data processing are entitled to smec's extensive (information) rights. Such requests have to be sent to the contact details below and will be processed and answered by smec immediately, but no later than after 30 days. These rights are unrestrictedly available to the person concerned, however, if excessive use is made of these rights (for example, due to frequent inquiries), smec reserves the right to charge the associated processing costs without any additional charge. The person concerned will be informed separately if necessary.

The data subject concerned has a right of

  • Information: The data subject can request information about which personal data about him is stored or processed by smec.
  • Correction: If personal data is incomplete or incorrect, the person concerned may request correction of it.
  • Deletion: The person concerned may request smec to delete his personal data. smec must comply with this request if the legal basis for data processing is eliminated and no further legal basis (for example statutory retention requirements, legitimate interests) preclude this.
  • Restriction of processing
  • Data portability: The data subject may require smec to transfer his personal data to a third party in a structured, machine-readable format.
  • Objection to data processing: If personal data is processed for legitimate interest, the data subject can object to this processing. The controller must then examine and explain whether his legitimate interest in processing has a greater effect than the interests of the person concerned for secrecy.
  • Revocation of granted consent: Upon receipt of a revocation, smec will cease processing of the personal data affected immediately, provided that this is done exclusively on the basis of the consent and no other legal basis exists.


The data subject concerned must send all inquiries in writing to the contact details listed below.

9. Links

smec uses links to various social media services on its websites (e.g., Facebook, Twitter, LinkedIn, Xing, Youtube, Instagram). By clicking on these links you will be forwarded directly to the presence of smec in the respective social media service.
In addition, smec uses additional links to third-party websites (such as trade fair and event information or press releases).

The collection and processing of personal data on the respective websites of third parties is the sole responsibility of the respective service provider. smec has no influence on this and is therefore not responsible for the data processing.

10. State law

This privacy statement has no influence on applicable state law, it complements or clarifies the Austrian data protection law. National and international laws always have priority in the event of a collision with this statement.

11. Contact details

To assert the data subject rights or for other inquiries, please use the following smec contact data:

Smarter Ecommerce GmbH
Peter-Behrens-Platz 9
4020 Linz
Email: datenschutz@smarter-ecommerce.com
Tel: +43 (0) 732 997002
Fax: +43 (0) 732 997002-10

Add our Web App to Home screen

Benefit from offline access and great performance

Top