SMART GROUP PRIVACY POLICY
We highly value the protection of your privacy and personal data and want you to be able to trust that we will use your personal data with care. This Privacy Policy will help you understand what personal information we collect, why we collect it and what we do with it.
Please note that this Privacy Policy applies to all SMART Group companies in Europe and is published on behalf of all such companies as defined below.
All companies in the SMART Group have designated SMART NV as our global data controller and is responsible for the data.
-
Who are we?
This Privacy Policy applies to the personal data collected by SMART as a result of offering its products. References to "SMART", "we", "us" or "our" in this Privacy Policy include all the entities of our group listed below, currently located in four jurisdictions throughout Europe.
As far as the entity in the UK is concerned, as from 1 January 2021 the UK will be considered as a third country (in the context of the GDPR regulations, in the context of exchanges with this entity (and other third parties), the rules applicable to exchanges of data with third countries providing adequate protection for your personal data will apply as well.
Belgium
(Head Office and Principal Place of Business)
SMART NV
BE0448.827.611
Neerveld 14
2550 Kontich
SMART PRODUCTS NV
BE0462.447.894
Neerveld 14
2550 Kontich
HAPPY BV
BE0428.175.816
Neerveld 14
2550 Kontich
France
SMART FRANCE SAS
FR 25840930317
33 Rue le Peletier
75009 Paris
Germany
SMART TOYS AND GAMES GMBH
DE 815623855
An der Pönt 46
40885 Ratingen
United Kingdom
SMART TOYS AND GAMES LTD
GB243462321
1 London Road
Arundel
West Sussex
BN18 9BH
As part of our activities [the production and sale of educational toys, such as Smart Games, Smartmax and Geosmart via retail partners and other sales channels, as well as the follow-up and provision of after-sales services, digital activities (e.g. sales of apps via the app store, subscriptions to smartgameslive.com)], we collect, store, pass on or otherwise process personal data.
On the basis of the applicable privacy legislation, the entities listed above qualify as 'data controllers' with respect to these personal data that they process in the context of their local activities. In specific cases, they are joint controllers with another group entity. For some functions at group level, such as purchasing, sales, marketing, IT and the legal department, SMART NV is the data controller
-
What is the importance of this Privacy Policy?
We highly value your privacy and personal data and make every effort to protect your personal data in accordance with applicable data protection legislation, in particular the European General Data Protection Regulation (GDPR) and applicable national data protection laws.
In this Privacy Policy we explain how we collect your personal data, how and for what purposes we will process it and to whom your personal data may be disclosed.
Furthermore, this Privacy Policy also contains important information about your rights with regard to the processing of your personal data. We encourage you to read this Policy carefully.
From time to time it may be necessary to amend this Privacy Policy. The most current version of this Privacy Policy is available on our general websites, our product websites and our webshops.
Please note: When you share your personal information with us, we expect you to read this Privacy Policy carefully first. We collect and process your personal data in accordance with the requirements of the GDPR. We guarantee optimal protection of our databases, we will provide you with easy access to your personal data, and we will allow the correction and deletion of your data upon simple request. Please note that we require your 'consent' for certain processing of your data (e.g. for sending our electronic newsletter or for the use of tracking cookies). For other types of processing, the law provides us with different legal grounds.
-
From whom do we collect personal data?
As part of our activities (as described above), we may collect personal data from customers, retail partners or consumers who purchase or use our products, respondents to our market research initiatives or surveys, participants in our (consumer) contests, visitors to our websites, journalists, contacts with administrative authorities, and individuals who otherwise come into contact with us (e.g. by providing their name and contact details as employees or appointees of our customers, suppliers and other commercial partners).
-
How do we collect your personal data?
We may collect information about you in a variety of ways:
- directly from you when you provide us with your personal data in the context of our commercial activities;
- directly from you in the context of contract negotiations or the conclusion of an agreement;
- directly from you when you provide us with your personal data when entering our premises;
- directly from you when you participate in a market research or survey that we conduct;
- directly from you when you participate in a contest that we organize;
- directly from you when you register on our websites, when you surf on our websites, when you fill in a contact form on our websites, when you register for our electronic newsletter, or when you create a User Profile and/or purchase products through our webshops;
- via third parties and official sources (such as the Graydon database for credit checks, databases or mailing lists obtained through retail partners or other commercial partners, public databases of journalists or through our service providers);
- via your employer with whom we have an agreement or partnership (e.g. when you act as a contact for our customers, service providers or commercial partners).
-
What personal data do we collect?
We may collect the following data from you to the extent that this information is relevant to the purposes for which we require it, as set out in Title 6 below. The list below contains all the data that we may collect, but it does not apply to every method of collection. Whenever certain information is mandatory, and other information is only optional, this will be clearly indicated to you so that you can choose whether or not to provide us with your information.
Identification data and contact details
Personal identification data: name, address, phone/cell phone number, e-mail address (and, where applicable, passwords and account information of persons who register on our webshops). If we collect passwords, we do not store them as text, but send them encrypted via SSL and then store them as "hashed passwords" in our databases.
Electronic identification data: IP addresses, information collected through cookies (read our Cookie Policy)
Financial details
Identification and bank account numbers
Note: In our webshops we do not process any payment data directly on our websites, this is done via our payment partner (mollie/ingenico).
Financial transactions: amounts you have to pay and have paid, statement of payments, etc.
Agreements and settlements
Personal details
Personal details: gender, date of birth, nationality, language preference
Complaints
Complaints, incidents or accidents
Composition of your family
Marriage or current form of living together
Information about family members
Leisure and hobbies
Leisure and hobbies
Profession and occupation
Profession and occupation (private or business, VAT number if applicable)
Career
Photo and/or video recordings
Images from security cameras
Pictures via social media / in the context of competitions we organize
Sound recordings
Sound recordings via social media / in the context of contest we organize
Other categories of data
Your purchasing intentions and interests
Suspected place of consultation
Hour and day of consultation
Which websites were visited
-
What we use this data for?
We use this data for the following purposes:
- for supplier and customer management,
- for the management of (invoice) disputes and claims,
- to deal with consumer questions and complaints,
- for public relations purposes,
- for the management of our websites and (mobile) applications,
- to provide you with information that you have requested, for example:
- to contact you regarding our product range,
- to answer a question,
- for market research and statistical purposes,
- to notify you of any winnings after participating in a contest or competition,
- for production planning and follow-up of orders/deliveries,
- to comply with our legal obligations (e.g. in connection with legal or commercial product warranties or product recalls),
- for contacting us in the context of our after-sales services,
- for security and access control of our buildings,
- for marketing purposes, both for our paper mailings and for our electronic newsletter (if you have subscribed to it),
-
to register your parental consent for, for example: photo and/or video recordings of your child.
For your full information, please find below the legal grounds relevant to these processing operations:
- the processing of your personal data for the delivery of goods or services and for the follow-up of sales and invoicing, or to provide you with certain information relating to products sold, or in the context of the handling of consumer complaints, we base the processing of your personal data on the necessity for the execution of the contract,
- the processing of your personal data in the context of follow-up of product warranties and product safety, we base our processing on the need to comply with our legal obligations as a toy manufacturer,
- In all other cases, we base the processing of your personal data on the need to protect our legitimate commercial interests as a company (in particular the interest to contact prospects and potential customers, to inform consumers and partners about our product range and to promote our business in general, both online and offline, and the interest to obtain information about customers' buying behavior, preferences and buying intentions in order to determine market strategies),
- The processing of your personal data for electronic direct marketing purposes (tracing and analyzing your interests, sending our electronic newsletter) is based on your opt-in consent. Only if you have clearly indicated that you wish to receive our (electronic) newsletter will we register you for this purpose.
Know that you have the right to revoke your consent at any time, at no cost to us and without any negative consequences for you. You can do this by sending an email (see below) or via the opt-out link included in each of our marketing emails.
-
With whom do we share your personal data?
-
With our service providers (‘processors’):
As part of our activities as listed above, we sometimes share your personal data with third parties, in particular service providers (e.g. IT/cloud service providers or PR/marketing service providers who organize mailing campaigns for us, sales service providers or creative agencies) who act as 'processors' for us.
-
Within our group of companies:
We may also share your personal data within our group of companies. Please note that we have companies in the following countries: France and Germany (all located within the European Economic Area) and the UK (which will provide adequate protection for your personal data from the end of the transition period (from 1 January 2021)).
In addition, within the SMART Group there is also a webshop for the US, which is managed & maintained by SMART NV. This server is located in Belgium, and data is forwarded to US partners for order fulfilment, payment providers and other purposes. In this exchange, your personal data is adequately protected.
For example, we always ensure that appropriate protection measures are taken when we transfer your personal data to third parties or SMART entities outside the EEA. For example, we will, where necessary, enter into a transfer agreement or a processing agreement, setting out restrictions on the use of your personal data and obligations relating to the security of your personal data.
-
With our external law firms:
We may also share your personal data with law firms in the event of (threatened) legal proceedings.
-
With public services:
Finally, we may also share your data with public authorities, police forces or the courts if there is a legal obligation to do so (e.g. the obligation to give public authorities and the police access to camera recordings at their request).
We always ensure that appropriate protection measures are taken when we transfer your personal data to third parties. For example, we will, where necessary, enter into a transfer agreement or a processing agreement, setting out restrictions on the use of your personal data and obligations relating to the security of your personal data.
Your personal data and your profile will not be lent or sold to third parties for marketing purposes without your prior express consent (by means of an opt-in).
-
-
How long do we retain your personal data?
Your personal data will not be stored longer than necessary for the purposes for which they were collected and processed (as described above). Afterwards it is still possible that they can be found in our backups or archives, but they will no longer be actively processed in a file.
More specifically, the following retention periods apply:
- personal data contained in accounting, financial or other official documents will be kept for as long as these documents are required to be kept by law,
- personal data required for the execution and follow-up of a contractual relationship will be kept for the entire duration of that relationship and 10 years after its termination,
- personal data obtained in the context of our complaints/claims handling will be deleted (or made anonymous) as soon as the complaint has been dealt with, and
- all personal data used for marketing purposes will be kept as long as we send you relevant mailings. Once we become aware that your contact information is no longer accurate or active, or if you decide to unsubscribe, we will no longer retain your personal information for these purposes. You can unsubscribe by clicking on the unsubscribe link in each email you receive or by simple request: privacy@smart.be. Only if we are required to do so by law, or if necessary to defend our interests in court (for example, in the event of a dispute), we will retain your personal data for a longer period of time.
More information about our retention periods is available on simple request (see article 11 Contact).
-
How do we protect your personal data?
We take the necessary administrative, technical and organizational measures to ensure a level of safety appropriate to the specific risks we have identified.
In doing so, we protect your personal data to the fullest extent possible against the destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
Furthermore, we always try to ensure that we keep your personal data accurate and up to date. We therefore kindly request that you inform us of any changes in your personal data (such as a change in your contact details).
More information about our security measures is available on simple request (see article 11 Contact).
-
What are your rights and how can you exercise them?
You have, within the limits defined in articles 15-22 of the GDPR, the legal right:
- on information and access to your data;
- on the rectification of your personal data;
- on the deletion of your personal data (‘the right to be forgotten’);
- to restrict processing of your personal data;
- of objection to the processing of your personal data;
- to obtain your personal data in a structured, common and machine-readable form, and to transfer that personal data (or have it transferred) to another controller.
Furthermore, you also have the right to complain about the processing of your personal data by us to the supervisory authority in your country.
For more information about these rights, and the circumstances under which you can exercise these rights, in particular your right to object (this is your 'opt-out' right for our electronic newsletter), please see the Annex to this Policy. In principle, you can exercise these rights free of charge.
Only in the event of unreasonable or repeated requests may we charge a reasonable administrative fee.
Further information and advice can also be obtained from the supervisory authority in your country.
We always try to respond to your requests or questions as quickly as possible. It is also possible that we will first ask you for proof of identity in order to verify your request.
-
Contact
If you have any questions or concerns about SMART's Privacy Policy or the processing of your personal data by us, please do not hesitate to contact us by sending an e-mail to privacy@smart.be, or by making a request via the contact form on our websites or by writing to us at the address mentioned in Part 1 above.