Privacy Policy

 

Last update June 28, 2021

 

Preamble


This confidentiality policy addresses you as a user of the internet site https://fromsmash.com (hereinafter “the Site”) in view to informing you about how your personal data, if any, can be collected and processed by SMASH & CO.

For us, respecting your private life and your personal data is a priority and we are committed to processing your data in strict conformity with the Law on Computing and Freedom of January 6, 1978 (hereinafter referred to as the “CF law”) since amended, and the European Union’s General data protection regulations of April 27, 2016 (hereinafter referred to as “GDPR”).

Whatever the case, we are committed to abiding by the two following essential principles:

  1. You remain in control of your personal data;

  2. Your data are processed transparently, confidentially and securely.

Article 1. Identity and address of the data controller


The controller of your data is SMASH & CO (Siren: 828 889 493) located at 2 rue de la Claire – 69009 Lyon.

For more information on our address
Legal reminder: The data controller is, with respect to the Law on Computing and Freedom, the entity that defines the resources and objectives of the processing performed. When two data controllers or more define the objectives and objectives of the processing together, they are jointly responsible for the processing (or joint managers). The subcontractor is an entity that processes the personal data on behalf of the data controller, it acts under the authority of the data controller and under their instructions.

SMASH & Co is a simplified joint stock company with a sole partner and a paid up capital of €575,000.00, enrolled on the Trade and Companies Registry of Lyon under number 828 889 493, whose head office is at 2 rue Claire – 69009 Lyon, France.

Article 2. Collection and origin of the data


All the data concerning you are collected either directly from you (information communicated via the different forms on the Site), or indirectly when you visit the Site (login and browsing data).

In all cases, your data are collected and processed only to ensure the supply of different services (Smash Free and Smash Premium), manage your subscription to Smash Premium, respond to your requests for information and for marketing purposes, with the sole aim of proposing our offers.

The details of how your data are collected and processed is provided in the present Confidentiality Policy.

For further information
When necessary, we undertake, according to case, to obtain your consent and/or allow you to contest the utilization of your data for certain objectives, such as, the possibility of installing third party cookies on your computer for the purposes of measuring the audience of our internet site.

Article 3. Objectives and legal basis of processing


Your different data are collected and processed for:


1 / The use of Smash Free (free version of Smash)

For further information
Legal basis:

- Contractual, processing is necessary to perform a contract or to carry out pre-contractual measures.

2 / The creation and management of your Smash Premium account, your subscription and your invoices.

For further information
Legal basis:

- Contractual, processing is necessary to perform a contract or to carry out pre-contractual measures.

3 / Respond to your requests for information on our services and to manage client relations.

For further information
Legal basis:

- Your consent

4 / Manage and respond to your requests to exercise your “Computer and Freedom” rights.

For further information
Legal basis:

- Legal obligation (Law on Computing and Freedom and GDPR).

5 / Ensure the efficient operation and permanent improvement of our internet site and its functionalities. 

For further information
Legal basis:

- Our legitimate interest in guaranteeing the best level of operation and quality of our site by using in particular the statistics of visits to the site.
- Your consent when it is required.

6 / For the free version of Smash, to carry out marketing operations of retargeting, that are aimed to introduce you to our offers on third-party sites, by using email address only.

For further information
Legal basis:

- Your consent

Article 4. The data processed


The mandatory or optional nature of the personal data and possible consequences of a failure to respond regarding you are stipulated during their collection.

You can consult the details below of the personal data we may possess concerning you:


To use Smash Free

  • Your IP address,

  • The IP addresses of your addressees,

  • Your email address,

  • Your name,

  • The email addresses of your addressees,

  • The subject associated with your transfer,

  • The message associated with your transfer,

  • The title of your link,

  • The customized URL of your link,

  • The name of your files, their sizes and their types,

  • Your localization and your language,

  • The localization and language of your addressees,

  • The name and version of your browser,

  • The names and versions of your addressees’ browsers,

  • Your computer’s operating system,

  • The operating systems of your addressees.


To create and manage your Smash Premium account, your subscription and your invoices

  • Your name,

  • Your first name,

  • Your email address,

  • Your password,

  • The name of your company (optional),

  • Your postal address,

  • Your town/city,

  • Your country,

  • Your zip code,

  • Your state (North America only),

  • Your company’s intracommunity VAT no. (optional),

  • Your method of payment (credit card or PayPal),

  • Your bank details,

  • The email address of your “Staff members” (optional).


To respond your requests for information on our services and manage client relations

  • Your name,

  • Your email address,

  • The subject of your message,

  • Your message.


To manage your requests to exercise your “Computer and Freedom” rights

  • Your name,

  • Your first name,

  • Your mobile phone number,

  • Your email address,

  • If necessary, a copy of your identity card.


To ensure the efficient operation and permanent improvement of our internet site and its functionalities


Article 5. Addressees of your data


Within the limits of their respective attributions and for the objectives recalled in article 4, the main persons who may have access to your data are the following:

  • The staff members authorized at SMASH & CO (only the joint founders);

  • The companies responsible for hosting the data and files;

  • The company responsible for management payments;

  • The company responsible for sending transactional emails;

  • When the situation arises, the jurisdictions concerned, mediators, accountants, auditors, lawyers, writ servers and bailiffs, debt collection agencies, the police or gendarmerie in the case of theft or judicial requisition, emergency services;

  • The authorized personnel of our subcontractors;

  • Third parties liable to install functional cookies on your terminals (computers, pads, mobile phones, etc.) when you give your consent;

  • Companies of advertising agencies or social networks, for marketing operations concerning our offerings only.

Your data are not transmitted to any other person other than those mentioned above.

For further information on the list of our partners.
1 / The companies responsible for hosting the data and files:

  • Amazon Web Services Inc, service provider registered on the Privacy Shield list(learn more)
  • Squarespace Inc, service provider registered on the Privacy Shield list (learn more)
  • Microsoft Corporation, service provider registered on the Privacy Shield list (learn more)

2 / The company responsible for managing the payments:

  • Stripe Inc, service provider registered on the Privacy Shield list (learn more)

3 / The company responsible for sending the transactional emails:

  • The Rocket Science Group LLC d/b/a MailChimp, service provider registered on the Privacy Shield list (learn more)

4 / Accountant:


5 / Auditor:

  • Cabinet Perfexa

6 / Third parties liable to install cookies:


7 / Advertising agencies:

  • We don’t work yet with such companies.

Article 6. Period of data conservation


We conserve your data only for the time required for the objectives pursued, as described in article 4, and summarized in the following table:


To use Smash Free

1 year counting from the last use of Smash Free.


To create and manage your Smash Premium account, your subscription and your invoices:

3 years counting from the end of commercial relations.


To respond to your request for information on our services and manage client relations:

3 years counting from the end of commercial relations if you are a client or counting from your last contact if you are not yet a client.


To manage your requests to exercise your “Computing and freedom” rights:

1 year in the case of exercise of right of access or correction.

3 years in the case of right of right of opposition.


To ensure the efficient operation and permanent improvement of our internet site and its functionalities:

13 months. Beyond this period, the raw patronage data associated with a user name are deleted or anonymized.

Article 7. Your rights


In conformity with the Law on Computing and Freedom and the GDPR, you have the following rights:

 

In the case of death and not having received instructions from you, we undertake to destroy your data, unless their conservation is necessary for purposes of proof or to satisfy a legal obligation.

You can exercise your rights by sending an email to: privacy@fromsmash.com or by sending a letter to: SMASH & CO – 2 rue de la Claire – 69009 Lyon.

Lastly, you can also make a claim to the supervisory authorities and to the CNIL in particular (https://www.cnil.fr/fr/plaintes).

Article 8. Login data and cookies


On our site we use login data and cookies (small files saved in your computer) that allow us to identify you, remember your visits to the pages you consult in particular, and measure the use made of our site.

You can consent, refuse or choose the type of cookies you accept to be installed on your computer terminals. We invite you to consult our cookie management charter.

Article 9. Transfers of data outside the European Union


Concerning the nature of its activity, SMASH & CO is led to carrying out transfers of your data to subcontractors outside the European Union.

When SMASH & CO carried out transfers outside the EU, you will be informed immediately. We will inform you of the measures taken to control this transfer and ensure that the confidentiality of their data is respected.


Recipients

First, SMASH & CO does not transfer your data it processes to third parties other than its internal services and providers for the purposes of processing, or to the legally authorized authorities at their request. When SMASH & CO acts as a subcontractor, the only provider acting as a subcontractor is Amazon Web Services which hosts the service in France, Ireland, England and Germany for its European customers. For its customers outside the European Union, the subcontractor Amazon Web Services hosts the service in the United States and Canada.

In other words, SMASH & CO does not give access to data processed in its own interest or in that of its customers to any partner.


Providers

When SMASH & CO uses service providers to provide certain tools or services involving personal data, the territory of the European Union will be systematically preferred as far as possible.

For example, the hosting of the platform SMASH & CO and the data it contains and files are provided by servers located in Paris, France for its French customers.


Exit from the Union with adequate protection by default

If the needs of the treatment involve an exit from the Union, SMASH & CO favors the territories and entities subject to a decision of adequacy from the European Commission.


Formalization of an adequate protection

If processing in the Union or in a territory with default protection proves impossible or inappropriate, SMASH & CO may consider an alternative transfer. In such a situation, SMASH & CO undertakes to implement an adequate contractual protection, except in exceptional cases listed by the GDPR.

Article 10. Security


SMASH & CO and its possible subcontractors undertake to implement every technical and organizational measure to ensure the security of our processing of personal data and their confidentiality, in application of the Law on Computing and Freedom and the European General Data Protection Regulations (GDPR).

Consequently, SMASH & CO takes useful precautions regarding the nature of your data and the risks incurred by our processing, to preserve data security and in particular prevent them from deformation, damage or access by unauthorized third parties.

Inherent to its design, SMASH & CO incorporates several levels of protection: secured data transfer, encryption, network configuration and controls of applications and users, distributed over an open-ended and secured infrastructure.

Thus, SMASH & CO implements the following measures:

  • The files stored in Smash are encrypted using AES (Advanced Encryption Standard), 256 bits.

  • Smash uses the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol to protect the data during transfer between the Smash application and the servers.

  • We regularly test the Smash applications and infrastructure to identify possible breaches in security, strengthen their security and protect them against attacks.

  • The files are automatically deleted from the servers once the Smash has expired.