Privacy Policy
Last update June 28, 2021
Preamble
This confidentiality policy addresses you as a user of the internet site https://fromsmash.com (hereinafter “the Site”) in view to informing you about how your personal data, if any, can be collected and processed by SMASH & CO.
For us, respecting your private life and your personal data is a priority and we are committed to processing your data in strict conformity with the Law on Computing and Freedom of January 6, 1978 (hereinafter referred to as the “CF law”) since amended, and the European Union’s General data protection regulations of April 27, 2016 (hereinafter referred to as “GDPR”).
Whatever the case, we are committed to abiding by the two following essential principles:
You remain in control of your personal data;
Your data are processed transparently, confidentially and securely.
Article 1. Identity and address of the data controller
The controller of your data is SMASH & CO (Siren: 828 889 493) located at 2 rue de la Claire – 69009 Lyon.
SMASH & Co is a simplified joint stock company with a sole partner and a paid up capital of €575,000.00, enrolled on the Trade and Companies Registry of Lyon under number 828 889 493, whose head office is at 2 rue Claire – 69009 Lyon, France.
Article 2. Collection and origin of the data
All the data concerning you are collected either directly from you (information communicated via the different forms on the Site), or indirectly when you visit the Site (login and browsing data).
In all cases, your data are collected and processed only to ensure the supply of different services (Smash Free and Smash Premium), manage your subscription to Smash Premium, respond to your requests for information and for marketing purposes, with the sole aim of proposing our offers.
The details of how your data are collected and processed is provided in the present Confidentiality Policy.
Article 3. Objectives and legal basis of processing
Your different data are collected and processed for:
1 / The use of Smash Free (free version of Smash)
- Contractual, processing is necessary to perform a contract or to carry out pre-contractual measures.
2 / The creation and management of your Smash Premium account, your subscription and your invoices.
- Contractual, processing is necessary to perform a contract or to carry out pre-contractual measures.
3 / Respond to your requests for information on our services and to manage client relations.
- Your consent
4 / Manage and respond to your requests to exercise your “Computer and Freedom” rights.
- Legal obligation (Law on Computing and Freedom and GDPR).
5 / Ensure the efficient operation and permanent improvement of our internet site and its functionalities.
- Our legitimate interest in guaranteeing the best level of operation and quality of our site by using in particular the statistics of visits to the site.
- Your consent when it is required.
6 / For the free version of Smash, to carry out marketing operations of retargeting, that are aimed to introduce you to our offers on third-party sites, by using email address only.
- Your consent
Article 4. The data processed
The mandatory or optional nature of the personal data and possible consequences of a failure to respond regarding you are stipulated during their collection.
You can consult the details below of the personal data we may possess concerning you:
To use Smash Free
Your IP address,
The IP addresses of your addressees,
Your email address,
Your name,
The email addresses of your addressees,
The subject associated with your transfer,
The message associated with your transfer,
The title of your link,
The customized URL of your link,
The name of your files, their sizes and their types,
Your localization and your language,
The localization and language of your addressees,
The name and version of your browser,
The names and versions of your addressees’ browsers,
Your computer’s operating system,
The operating systems of your addressees.
To create and manage your Smash Premium account, your subscription and your invoices
Your name,
Your first name,
Your email address,
Your password,
The name of your company (optional),
Your postal address,
Your town/city,
Your country,
Your zip code,
Your state (North America only),
Your company’s intracommunity VAT no. (optional),
Your method of payment (credit card or PayPal),
Your bank details,
The email address of your “Staff members” (optional).
To respond your requests for information on our services and manage client relations
Your name,
Your email address,
The subject of your message,
Your message.
To manage your requests to exercise your “Computer and Freedom” rights
Your name,
Your first name,
Your mobile phone number,
Your email address,
If necessary, a copy of your identity card.
To ensure the efficient operation and permanent improvement of our internet site and its functionalities
See the Cookie management charter
Article 5. Addressees of your data
Within the limits of their respective attributions and for the objectives recalled in article 4, the main persons who may have access to your data are the following:
The staff members authorized at SMASH & CO (only the joint founders);
The companies responsible for hosting the data and files;
The company responsible for management payments;
The company responsible for sending transactional emails;
When the situation arises, the jurisdictions concerned, mediators, accountants, auditors, lawyers, writ servers and bailiffs, debt collection agencies, the police or gendarmerie in the case of theft or judicial requisition, emergency services;
The authorized personnel of our subcontractors;
Third parties liable to install functional cookies on your terminals (computers, pads, mobile phones, etc.) when you give your consent;
Companies of advertising agencies or social networks, for marketing operations concerning our offerings only.
Your data are not transmitted to any other person other than those mentioned above.
- Amazon Web Services Inc, service provider registered on the Privacy Shield list(learn more)
- Squarespace Inc, service provider registered on the Privacy Shield list (learn more)
- Microsoft Corporation, service provider registered on the Privacy Shield list (learn more)
2 / The company responsible for managing the payments:
- Stripe Inc, service provider registered on the Privacy Shield list (learn more)
3 / The company responsible for sending the transactional emails:
- The Rocket Science Group LLC d/b/a MailChimp, service provider registered on the Privacy Shield list (learn more)
4 / Accountant:
- Fifty Bees (learn more)
5 / Auditor:
- Cabinet Perfexa (learn more)
6 / Third parties liable to install cookies:
7 / Advertising agencies:
- We don’t work yet with such companies.
Article 6. Period of data conservation
We conserve your data only for the time required for the objectives pursued, as described in article 4, and summarized in the following table:
To use Smash Free
1 year counting from the last use of Smash Free.
To create and manage your Smash Premium account, your subscription and your invoices:
3 years counting from the end of commercial relations.
To respond to your request for information on our services and manage client relations:
3 years counting from the end of commercial relations if you are a client or counting from your last contact if you are not yet a client.
To manage your requests to exercise your “Computing and freedom” rights:
1 year in the case of exercise of right of access or correction.
3 years in the case of right of right of opposition.
To ensure the efficient operation and permanent improvement of our internet site and its functionalities:
13 months. Beyond this period, the raw patronage data associated with a user name are deleted or anonymized.
Article 7. Your rights
In conformity with the Law on Computing and Freedom and the GDPR, you have the following rights:
the right of access (article 15 GDPR), rectification (article 16 GDPR), updating, and completeness of your data (for further information);
the right to block of erase your personal data (article 17 GDPR), when they are inexact, incomplete, equivocal, obsolete, or whose collection, utilization, communication or conservation is forbidden (for further information);
the right to withdraw your consent at any time (article 13-2c GDPR);
the right to limit the processing of your data (article 18 GDPR);
the right to contest the processing of your data (article 21 GDPR) (for further information)
the right to the portability that your gave to us, when your data were subjected to automated processing based on your consent or on a contract (article 20 GDPR);
the right to define the fate of your data after your death and to choose that we communicate (or not) your data to a third person appointed beforehand by you (for further information).
In the case of death and not having received instructions from you, we undertake to destroy your data, unless their conservation is necessary for purposes of proof or to satisfy a legal obligation.
You can exercise your rights by sending an email to: privacy@fromsmash.com or by sending a letter to: SMASH & CO – 2 rue de la Claire – 69009 Lyon.
Lastly, you can also make a claim to the supervisory authorities and to the CNIL in particular (https://www.cnil.fr/fr/plaintes).
Article 8. Login data and cookies
On our site we use login data and cookies (small files saved in your computer) that allow us to identify you, remember your visits to the pages you consult in particular, and measure the use made of our site.
You can consent, refuse or choose the type of cookies you accept to be installed on your computer terminals. We invite you to consult our cookie management charter.
Article 9. Transfers of data outside the European Union
Concerning the nature of its activity, SMASH & CO is led to carrying out transfers of your data to subcontractors outside the European Union.
When SMASH & CO carried out transfers outside the EU, you will be informed immediately. We will inform you of the measures taken to control this transfer and ensure that the confidentiality of their data is respected.
Recipients
First, SMASH & CO does not transfer your data it processes to third parties other than its internal services and providers for the purposes of processing, or to the legally authorized authorities at their request. When SMASH & CO acts as a subcontractor, the only provider acting as a subcontractor is Amazon Web Services which hosts the service in France, Ireland, England and Germany for its European customers. For its customers outside the European Union, the subcontractor Amazon Web Services hosts the service in the United States and Canada.
In other words, SMASH & CO does not give access to data processed in its own interest or in that of its customers to any partner.
Providers
When SMASH & CO uses service providers to provide certain tools or services involving personal data, the territory of the European Union will be systematically preferred as far as possible.
For example, the hosting of the platform SMASH & CO and the data it contains and files are provided by servers located in Paris, France for its French customers.
Exit from the Union with adequate protection by default
If the needs of the treatment involve an exit from the Union, SMASH & CO favors the territories and entities subject to a decision of adequacy from the European Commission.
Formalization of an adequate protection
If processing in the Union or in a territory with default protection proves impossible or inappropriate, SMASH & CO may consider an alternative transfer. In such a situation, SMASH & CO undertakes to implement an adequate contractual protection, except in exceptional cases listed by the GDPR.
Article 10. Security
SMASH & CO and its possible subcontractors undertake to implement every technical and organizational measure to ensure the security of our processing of personal data and their confidentiality, in application of the Law on Computing and Freedom and the European General Data Protection Regulations (GDPR).
Consequently, SMASH & CO takes useful precautions regarding the nature of your data and the risks incurred by our processing, to preserve data security and in particular prevent them from deformation, damage or access by unauthorized third parties.
Inherent to its design, SMASH & CO incorporates several levels of protection: secured data transfer, encryption, network configuration and controls of applications and users, distributed over an open-ended and secured infrastructure.
Thus, SMASH & CO implements the following measures:
The files stored in Smash are encrypted using AES (Advanced Encryption Standard), 256 bits.
Smash uses the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol to protect the data during transfer between the Smash application and the servers.
We regularly test the Smash applications and infrastructure to identify possible breaches in security, strengthen their security and protect them against attacks.
The files are automatically deleted from the servers once the Smash has expired.