Privacy Policy
Last Updated: 22 February 2024
Please note that this Privacy Policy only applies to SmartLink (the “Service”). If you use any other products or services please refer to the privacy policy for that particular product or service.
If you do not agree to the processing of your personal information in the way this Privacy Policy describes, please do not provide your information when requested and stop using the Service. By using the Service you are acknowledging how we process your personal information as described in this Privacy Policy.
We hold personal information that you provide to us to set up and manage your account and the Service, and personal information generated in connection with your use of the Service ("Administrative Information"). We are the data controller of Administrative Information. This privacy policy informs you of your choices and our practices regarding your Administrative Information.
We also hold data, including personal information, that you submit, upload, transmit, gather, transfer or otherwise process, or that we process upon your direction or instruction, in your use of the Service ("Non-Administrative Information") and we process this data solely to provide the Service. The terms relating to our processing of Non-Administrative Information are set out in the SmartLink Terms and Conditions and Data Processing Agreement. You are the data controller of Non-Administrative Information and questions about data handling processes from your users or third parties regarding Non-Administrative Information should in the first instance be addressed to you. At all times, we act as a service provider to you, and process data on your behalf. You can extract your Non-Administrative Information at any time.
For the purpose of data protection laws, the data controller of Administrative Information is Proxima Beta Pte. Limited (“we”, “us”, “our”).
If you have any questions about anything in this Privacy Policy, or want to exercise any rights you may have, our contact information can be found here. You can also reach out to our data protection officer at dpo_smartlink@proximabeta.com. We have representatives for data protection purposes listed here.
1. Cookies
To provide email sending statistics, which are Non-Administrative Information, where requested by you, our cloud email service provider, Amazon Web Services (“AWS”), will use cookies, webhooks and other similar technologies (“Cookies”) to provide such statistics. For more information, please refer to AWS’s cookies notice.
2. Children
Our Service is not intended for children. Children must not use the Service for any purpose.
By children, we mean users under the age of 18 years old; or in the case of a region where the minimum age for processing personal information differs, such different age. We will not knowingly allow children to register for our Service and/or provide any personal identification information. If you are a child, please do not sign up to use our Service or provide any information about yourself through the Service.
3. How We Use Your Personal Information
This section provides more detail on the types of personal information we collect from you, and why.
For users who live inthe European Economic Area, Switzerland, or the United Kingdom, it also identifies the legal basis under which we process your data.
| Personal Information | Purpose of Use | Legal Basis for Processing (only applicable for the EEA and UK) |
|---|---|---|
| Account creation / log in data: Name, email address, username and password | We use this information to:
| Necessary for us to perform our contract with you to provide and support the Service. |
| Log data and metadata such as Service usage, occurrences of technical errors, interactions with the Service and other logs and metadata | We use this information to:
| Necessary for us to perform our contract with you to provide and support the Service. It is in our legitimate interest to ensure the functioning of, and improve, the Service. Necessary for compliance with a legal obligation. |
| Customer service communications | We use this information to:
| Necessary to perform our contract with you to provide and support the Service. |
4. How We Store and Share Your Personal Information
Pursuant to our contract with you, we may transfer data outside of the location in which you are based for the purposes described in this Privacy Policy.
We have servers for the Service in Germany. We also have support, engineering and other teams who may support the Service, including from Singapore.
For EEA/UK users, transfers between our affiliates and to third parties use applicable safeguards, such as incorporating standard contractual clauses, obtaining your consent first or taking into account adequacy assessments.
Only where necessary will we share your personal information with third parties. Situations where this occur are:
We may disclose your personal information with selected third parties in and outside of your country, including:
Third parties that provide services in support of the Service, including Google Cloud Platform, a provider of cloud services that stores information identified in this policy in Germany, and AWS, a provider of cloud email services who processes email addresses and email sending statistics in Singapore and the United States. All third party service providers providing services for us are prohibited from retaining, using, or disclosing your personal information for any purpose except where strictly necessary for the Service (i.e., for the purpose(s) described above).
Companies within our corporate group who process your personal information solely for the purpose of providing the Service to you. All such group companies may only use your personal information in accordance with this Privacy Policy.
Regulators, judicial authorities and law enforcement agencies. There are circumstances in which we may be legally required to disclose information about you, such as to comply with legal obligations or processes. In complying with the terms of valid legal processes, such as a subpoena, or search warrant, unfortunately we may not be able to seek your consent to or notify you in advance of such disclosure.
Third parties to ensure safety, security, or compliance with laws. We may disclose your information to:
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (such as exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
A third party that acquires all or substantially all of us or our business. We may also disclose your information to third parties if we either: (a) sell, transfer, merge, consolidate or re-organise any part(s) of our business, or merge with, acquire or form a joint venture with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved in such change to our business; or (b) sell or transfer any of our assets, in which case the information we hold about you may be sold as part of those assets and may be transferred to any prospective buyer, new owner, or other third party involved in such sale or transfer.
5. The Security of Your Personal Information
We have information security and access policies that limit access to our systems and technology, and we protect data through the use of technological protection measures such as encryption.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will implement and maintain reasonable measures to protect your personal information, we cannot guarantee the security of the information transmitted through the Service or otherwise via the Internet; any transmission is at your own risk.
6. Data Retention
We do not keep your data for longer than is necessary to fulfil the relevant purpose described above unless we are required or permitted to do so under law. If we retain your information beyond the retention periods set out below, for example to comply with applicable laws, we will store it separately from other types of personal information.
For further details on how long we keep your data, please refer to the time periods set out below.
| Personal Information | Retention Policy |
|---|---|
| Account creation / log in information | Stored for so long as an account exists. Information is erased within 7 days of the user’s request for deletion. |
| Log data and metadata | Error-related log data: Stored for 30 days. Other log data and metadata: Stored for so long as an account exists. Information is erased within 7 days of the user’s request for deletion. |
| Customer service information | We do not store this data and will delete customer service communications upon resolution of incident. |
7. Your Rights
Some jurisdictions’ laws grant specific rights to users of the Service. Please refer to the Supplemental Jurisdiction-Specific Terms, or the applicable laws in your jurisdiction, for an overview of specific rights that apply to persons subject to data protection laws in the listed jurisdictions and how these can be exercised.
You may have certain rights in relation to the personal information we hold about you. Some of these only apply in certain circumstances (as set out in more detail below). You can exercise some of these rights directly by accessing and updating the information in your account. If you believe we hold any other personal information about you, please contact us.
Access
You may have the right to access personal information we hold about you, how we use it, and who we share it with. You can access the personal information you have made available as part of your account by logging into your account.
Portability
You may have the right to receive a copy of certain personal information we process about you. For example, in certain jurisdictions this can comprise personal information we process pursuant to our contract with you, as described above in the section “How We Use Your Personal Information”. We will provide further information to you about transferring this data if you make such a request.
Correction
You may have the right to correct personal information we hold that is inaccurate. You can access the personal information we hold about you by logging into your Service account.
Erasure
You may be able to delete your account, or remove certain personal information, by logging into your Service account. We may need to retain personal information if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims) but we will let you know if that is the case..
Restriction of Processing to Storage Only
You may have a right to require that we stop processing the personal information we hold about you (other than for storage purposes in certain circumstances). Please note, however, that if we stop processing the personal information, we may use it again if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or for another’s protection). Where we agree to stop processing the personal information, we will take steps to tell any third party to whom we have disclosed the relevant personal information so that they can stop processing it too.
Objection
You may have the right to object to our processing of your personal information. If you wish to do so, please contact us using the contact details set out below, and we will consider your request.
Consent Withdrawal
To the extent provided by applicable laws and regulations, you may withdraw consent you previously provided to us for certain processing activities by contacting us using the contact details set out below. Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent we may not be able to deliver the expected service. Please note that the right to withdraw consent is only available if the legal basis for processing information is consent.
Announcements
We may from time to time send you announcements when we consider it necessary to do so (for example, when we temporarily suspend access to the Service for maintenance, or security, privacy or administrative-related communications). These are essential system and service-related announcements and you are not able to opt-out of these notifications, which are not promotional in nature.
8. Contact
Please get in touch with us if you have any questions. You can reach us in the first instance at:
Email: dpo_smartlink@proximabeta.com
Mailing Address:
- Proxima Beta Pte. Limited
- International Privacy & Data Protection Centre
- 30 Raffles Place #18-01
- Singapore 048622
We will endeavour to deal with your request as soon as possible. This is without prejudice to any right you may have to launch a claim with a data protection authority in the region in which you live or work where you think we have infringed data protection laws.
9. Changes
If we make any changes to this Privacy Policy we will post the updated Privacy Policy here and notify you in accordance with relevant legal requirements.
10. Language
Except as otherwise prescribed by law, in the event of any discrepancy or inconsistency between the English version and local language version of this Privacy Policy, the English version shall prevail.
Our Representatives in Certain Jurisdictions
| Jurisdiction | Representative | Address | Contact details |
|---|---|---|---|
| EU | Proxima Beta Europe B.V. | Buitenveldertselaan 3-5 1082 VA Amsterdam | dpo_smartlink@proximabeta.com |
| UK | Image Frame Investment (UK) Limited | Suite 1, 3rd Floor 11 - 12 St. James's Square, London, United Kingdom, SW1Y 4LB | dpo_smartlink@proximabeta.com |
SUPPLEMENTAL JURISDICTION-SPECIFIC TERMS
Some jurisdictions’ laws contain additional terms for users of the Service, which are set out in this section. If you are a user located in one of the jurisdictions below, the terms set out below under the name of your jurisdiction apply to you in addition to the terms set out in our Privacy Policy above.
California
This section applies to California residents covered by the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) (“CCPA”). For purposes of this section, “personal information” and “sensitive personal information” have the meanings given in the CCPA and do not include information excluded from the CCPA’s scope.
Collection and Disclosure of Personal Information
Over the past 12 months, we have collected and disclosed for a business purpose the following categories of personal information from or about you or your device:
- Identifiers, such as your name, email address, and username. This information is collected directly from you.
- Information regarding your use of the Service, including log data and metadata. This information is collected directly from you and your device.
- Other information described in subdivision (e) of Section 1798.80, including customer service communications. This information is collected directly from you in the context of being our consumer.
We collect and disclose your personal information for the following purposes:
- To provide you with the Service, maintain your account, and provide customer service.
- To address and remediate technical issues and bugs, and to improve our services.
- To enforce our terms, conditions and policies.
For additional information about what each type of personal information is used for, see Section 3 (How We Process Your Personal Information).
We disclose each of the categories of personal information that we collect to the following types of entities:
- Other companies within our corporate group who process your personal information in order to operate the Service.
- Other companies that provide services on our behalf in support of the Service and who are prohibited by contract from retaining, using, or disclosing personal information for any purpose other than for providing their services to us.
- Regulators, judicial authorities and law enforcement agencies and other third parties where reasonably necessary to comply with a legal obligation; enforce our terms and conditions; detect and prevent fraud or security issues; and to protect ours and others’ rights, property or safety.
- Entities that acquire all or substantially all of our business.
In the past 12 months, we have not sold or shared Personal Information of California residents within the meaning of “sold” and “share” in the CCPA, and we have no knowledge of any sale or sharing of personal information of users under 16 years of age.
In addition, we do not use or disclose sensitive personal information about you.
Retention of Your Personal Information
The retention period varies among the different categories of data collected. For detailed information about the retention period for any specific category of data, see Section 6 (Data Retention).
Rights under the CCPA:
If you are a California resident and the CCPA does not recognize an exception that applies to you or your personal information, you have the right to:
- Request we disclose to you free of charge the following information covering the 12 months preceding your request:
- the categories of personal information about you that we collected; -the categories of sources from which the personal information was collected;
- the purpose for collecting personal information about you;
- the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
- the specific pieces of personal information we collected about you;
- Request we delete personal information we collected from you, unless CCPA recognises an exception;
- Request we correct inaccurate personal information that we maintain about you; and
- Be free from unlawful discrimination for exercising your rights including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.
We aim to fulfil all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.
How to Exercise Your Rights
If you are a California resident to whom the CCPA applies, you may exercise your rights, if any, by contacting us as specified in Section 8 (Contact) . We may take steps to verify your identity before complying with your request to protect your privacy and security, and may decline your request if we are unable to verify your identity. To verify your identity, we may need you to provide certain information such as your email address, or any other information necessary to verify your identity.
Under the CCPA, you may exercise these rights yourself or you may also designate an authorized agent to make these requests on your behalf. In order for us to process the request, you must provide the authorized agent with signed written permission. We reserve the request to require the agent to verify their own identity and to confirm directly with you that you have provided the authorized agent permission to submit the request.
Questions
If you have questions or concerns regarding this Privacy Policy, please contact us as specified in Section 8 (Contact).
Canada
If you are located in Canada and wish to obtain written information about our policies and practices with respect to our service providers located outside Canada, you may contact us as specified in Section 8 (Contact). Where we use service providers who might have access to your personal information, we require them to have privacy and security standards that are comparable to ours. We use contracts and other measures with our service providers to maintain the confidentiality and security of your personal information and to prevent it from being used for any purpose other than as provided in this Privacy Policy.
France
Instructions for the processing of your personal data after your death. You have the right to provide us with general or specific instructions for the retention, deletion, and communication of your personal data after your death. The specific instructions are only valid for the processing activities mentioned therein and the processing of these instructions is subject to your specific consent. You may amend or revoke your instructions at any time.
You may designate a person responsible for the implementation of your instructions. This person will be informed of your instructions in the event of your death, and be entitled to request their implementation from us. In the absence of designation, your heirs, or, unless otherwise provided for, in the event of the death of the designated person, their heirs will have the right to be informed of your instructions and to request their implementation from us.
When you wish to make such instructions, please contact us as set out in Section 8 (Contact).
Hong Kong
As a Hong Kong data subject you have legal rights in relation to the personal information we hold about you (to the extent permitted under applicable laws and regulations). You are entitled to make a subject access request to receive a copy of the data we process about you, a data correction request as well as a right to reject to the use of your personal data for direct marketing purposes. A fee may be chargeable by us for complying with a data access request.
Japan
By acknowledging the Privacy Policy, you consent to the transfer of your personal information to third parties (if any), which may include the cross-border transfer of your information to any country where we have databases or affiliates and, in particular, to the jurisdictions specified in Section 4 (How We Store and Share Your Personal Information).
The categories of personal information specified in Section 3 (How We Use Your Personal Information) may include "special care-required personal information" (i.e., sensitive information as detailed under applicable law), and you consent to the collection of such information.
You may request us to notify you about the purposes of use of, to disclose, to make any correction to, to discontinue the use or provision of, and/or to delete any and all of your personal information which is stored by us, to the extent provided by the Act on the Protection of Personal Information of Japan. When you wish to make such requests, please contact us as set out in Section 8 (Contact).
New Zealand
We take reasonable steps to ensure that third party recipients of your personal information located outside New Zealand handle your personal information in a manner that is consistent with New Zealand privacy laws. However, you acknowledge that we do not control, or accept liability for, the acts and omissions of these third party recipients.
You have the right to access personal information we hold about you, how we use it, and who we share it with. You have the right to request the correction of any of your personal information we hold that is inaccurate.
If you are dissatisfied with our response to your request for access to, or correction of, your personal information or your privacy complaint in respect of your personal information, you may contact the Office of the New Zealand Privacy Commissioner (www.privacy.org.nz).
While we take reasonable steps to ensure that third party recipients of your personal information comply with privacy laws that are similar to those of your jurisdiction, you acknowledge and agree that we cannot control the actions of third party recipients and so cannot guarantee that they will comply with those privacy laws.