Customer Privacy Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD); SMILEAT, S.L. (SMILEAT and/or the data controller) provides you with basic information regarding the processing of personal data it carries out, so that you are always aware of how we process your data and the rights you have as the data subject. 

Responsible. SMILEAT, S.L.Purpose. Management of the contractual relationship for the purchase of products. Customer registration. Sending commercial communications Compilation of statistics and surveys. Legal Basis. Performance of a contract to which the data subject is a party; consent of the data subject, where applicable; and consent of parents or legal guardians in the case of minors whose data is provided; and legitimate interest. Recipients. None are foreseen except to comply with a legal obligation . Rights. You may exercise your rights of access, rectification, erasure, restriction, objection, and data portability, as well as other rights explained in the Additional Information, which you can access via this link: Privacy Policy


CUSTOMER PRIVACY POLICY  

Data Controller

Data Controller: SMILEAT, S.L. (hereinafter, SMILEAT)

Tax ID Number: B-87,144,622

Mailing Address: 62 Gran Vía Street, 5th Floor, Apartment D – 28013 Madrid

Email: info@smileat.com

Purposes of the Processing

We will process your data for the purpose of managing the relationship established through this contract and, specifically, to:

(i)      Management of the contractual relationship for the purchase of products. Manage the purchase and delivery of SMILEAT’s various food products.Manage customer discounts and reward points, as well as customer payments.

(ii)    Execution of the contract. Delivery Management. Help Center and After-Sales Service Management, with the aim of addressing inquiries,shipments, deliveries, and orders, using the channels SMILEAT deems appropriate (emails, phone calls, SMS, push notifications, regular mail, etc.). Collection, accounting, tax, and administrative management. Handling claims procedures before judicial or administrative bodies

 

(iii)  Customer Registration. SMILEAT will collect the customer’s personal information when the customer purchases the product and fills out the corresponding forms; it will also collect the information of minors provided by customers,  in order to obtain a discount or points.

 

(iv)      Manage a secure relationship with customers. Your data may be processed to carry out fraud prevention measures during the sign-up process if evidence of fraud arises during the current sign-up process, including the creation of a list designated for that purpose.

 

 

(v)    Sending commercial communications. To carry out promotional, advertising, or commercial activities and communications through various channels, including electronic means, provided that you have given your express consent to do so. Please note that you may revoke your consent at any time by using the automated link provided for this purpose in the commercial communications you receive, if applicable, or by sending an email to info@smileat.com  . If you wish to opt out of having your data processed for the purpose of sending commercial communications, SMILEAT informs you that you may register with opt-out systems. For this purpose, you may consult the information published by the Spanish Data Protection Agency, as the competent supervisory authority. Refusal to provide your consent will prevent processing for these purposes.

 

(vi)   Compiling statistics and conducting surveys. We may also process your data to compile statistics and conduct surveys on the quality of our products in order to make improvements, carry out marketing activities, and develop new products—provided such activities have been previously authorized by the customer and do not involve profiling or data mining.

SMILEAT informs you that it will not make automated decisions based on the profiles of data subjects.

 

Legal Basis for the Processing of Your Data

The legal basis for processing your data for the purposes detailed in the previous section is as follows:

or      (i) (ii) Art. 6.1(b) of the GDPR: performance of a contract or the implementation of precontractual measures; however, the handling of complaints before certain agencies or courts will be carried out in compliance with a legal obligation.

 

or      (iii) Art. 6.1.a) GDPR: based onthe customer’s consent. In the event that personal data is collected from children under 14 years of age, the consent of their parents or guardians will be required, via the checkboxes provided for this purpose on the corresponding forms.

 

or      (iv) Art. 6.1.c) GDPR: compliance with a legal obligation.

 

or        (v) Art. 6.1(a) of the GDPR: based on the data subject’s consent, which may be revoked at any time. The customer’s consent is requiredfor the sending of commercial communications by electronic means. Such consent may be revoked at any time.

or       

or      (vi) Art. 6.1(f) of the GDPR: legitimate interests. The processing of your data based on legitimate interests will, in all cases, be carried out with the utmost rigor and respect for your privacy, rights, and freedoms; under no circumstances will it be used for purposes that undermine your rights in this regard.

 

or      (v) Art. 6.1(a) of the GDPR: based on the data subject’s consent. The customer’s consent is required for the sending of commercial communications by electronic means. Such consent may be revoked at any time, and under no circumstances shall the withdrawal of this consent affect the enforcement of the General Terms and Conditions of Sale entered into with SMILEAT.

 

 

For any other purpose not expressly provided for, your consent will be required, and you may revoke that consent at any time.

 

Recipients

 

SMILEAT does not plan to disclose data to third parties, except as required by law, in which case such disclosures will be made in full compliance with all legally established safeguards. In other cases, SMILEAT will request your explicit consent or another legal basis.

 

Notwithstanding the foregoing, SMILEAT hereby informs you that, on an exceptional basis, your data may be processed by SMILEAT or by third-party companies contracted by SMILEAT. In such cases, the corresponding contract will be signed between the parties, and it is an essential requirement for the formalization of this contract that the service provider be familiar with the existing regulations regarding the protection of personal data and that compliance with these regulations be guaranteed throughout the term of the contract.

 

Data Processed

The personal data processed by SMILEAT was provided by you when you filled out the corresponding registration and/or contract subscription forms, or discount forms.

SMILEAT informs you about the processing of the following categories of data:

·        Basic information: Customer’s first and last names (for minors, the date of birth may be provided voluntarily if the customer chooses to apply a discount)

·        Contact information: Mailing address, email address, phone number.

·        Payment methods: bank account information

 

Accuracy of Data and Legal Age. You warrant that you are of legal age or at least fourteen years old to provide your consent in accordance with current data protection regulations, and that the information you provide is true, accurate, complete, and up-to-date. You are liable for any direct or indirect damage or harm that may result from a breach of this obligation.

 

International Data Transfers

No international data transfers are planned. However, in the event that SMILEAT’s activities require the transfer of your data to a third country outside the European Union or to a country that does not have an adequate level of protection as determined by the European Commission, SMILEAT will implement appropriate safeguards to carry out such international transfers in accordance with applicable law.

 

Data Accuracy

You warrant that the information provided is true, accurate, complete, and up-to-date, and you are liable for any direct or indirect damages or losses that may arise as a result of a breach of this obligation.

 

Rights

You may exercise the rights granted to you under applicable law: the right of access, rectification, erasure, and objection; the right to restrict processing; the right to data portability; and the right not to be subject to automated individual decision-making.

 

  • Access: allows the data subject to obtain information about whether SMILEAT processes personal data concerning them or not, and, if so, the right to obtain information about their personal data that is being processed.
  • Correction: allows you to correct errors and modify data that turns out to be inaccurate or incomplete.
  • Erasure: Allows data to be deleted and no longer processed by SMILEAT unless there is a legal obligation to retain it and/or other legitimate grounds for its processing by SMILEAT in accordance with current regulations.
  • Restriction: Under the conditions established by law, this allows data processing to be suspended, thereby preventing SMILEAT from processing it in the future, retaining it solely for the purpose of asserting or defending legal claims.
  • Objection: Allows the data subject, under certain circumstances and for reasons related to their specific situation, to object to the processing of their data.  SMILEAT will cease processing the data, except for legal reasons or to exercise or defend against potential claims.
  • Portability: This right allows the data subject to receive their personal data and transmit it directly to another data controller in a structured, commonly used, and machine-readable format. To exercise this right, the data subject must provide a valid email address.

 

You may exercise your rights by any means that allows for proof of the sending and receipt of your request. The request must be addressed to SMILEAT using the contact information provided in the “Data Controller” section, with the subject line “Data Protection.” The request must include: first name, last name, a detailed description of your request, and your mailing address for notification purposes. If there are any doubts regarding your identity, you may use any procedure that verifies your identity without requiring a copy of your ID card.

 

If you are not satisfied with SMILEAT’s response regarding the exercise of your rights, you have the right to file a complaint with the supervisory authority, the Spanish Data Protection Agency, to seek protection of those rights.

Notwithstanding the foregoing, any person has the right to obtain confirmation as to whether or not SMILEAT is processing personal data concerning them.

 

Retention of Your Data

 

SMILEAT hereby informs you that it will process and store your data for as long as necessary in accordance with the purpose and legal basis of the processing for which it was collected, provided that you do not object or expressly revoke your consent in the event that consent is the legal basis for the processing.

 

We also process your data to comply with applicable law, prevent illegal activities, resolve disputes, troubleshoot issues, fulfill our contract, and for other purposes permitted by law.

We will retain your personal data for the duration of the statutory limitation periods, in accordance with applicable laws and regulations, including the general and sector-specific regulations applicable to SMILEAT.

Once the processing of your data is no longer necessary and the statutory retention periods have expired, we will delete and/or block it in accordance with our data retention and deletion policy.

If you complete your purchase electronically, SMILEAT processes your data in accordance with security standards. For this purpose, credit card transactions will be transmitted via a secure SSL (Secure Socket Layering) server. When the letters “http” change to “https,” the “s” indicates that you are in an SSL-secured area; your browser may also notify you of the site’s security status via a pop-up message. The SSL security protocol encrypts personal information during data transmission.

In accordance with industry standards, SMILEAT informs you that it maintains technical and organizational measures to prevent accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and other unlawful acts or practices

In this regard, SMILEAT will implement appropriate security measures to prevent the alteration, loss, unauthorized processing, or unauthorized access to data. Furthermore, it will inform anyone with access to its data of their obligations regarding security and confidentiality, as well as their duty of confidentiality.