Privacy Policy: Customers and Distributors

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD); SMILEAT, S.L. (SMILEAT and/or the data controller) provides you with basic information regarding the processing of personal data it carries out, so that you are always aware of how we process your data and the rights you have as the data subject. 

Responsible. SMILEAT, S.L. Purpose. Management of the commercial relationship and, where applicable, the contractual relationship. Sending commercial communications by any means, including electronic means. Compilation of statistics and surveys. Fraud prevention. Legal Basis. Performance of a contract to which the data subject is a party, legitimate interest, and consent of the data subject, where applicable. Recipients. None are envisaged except in compliance with a legal obligation . Rights. You may exercise your rights by emailing info@smileat.com  to exercise your rights of access, rectification, erasure, restriction, objection, and data portability, as well as other rights explained in the privacy policy  on our website


Data Controller

Data Controller: SMILEAT, S.L. (hereinafter, SMILEAT)

Tax ID Number: B-87,144,622

Mailing Address: 62 Gran Vía Street, 5th Floor, Apartment D – 28013 Madrid

Email: info@smileat.com

Purposes of the Processing

We will process your data for the purpose of managing the relationship established through this contract and, specifically, to:

(i)           Management of the business relationship and, where applicable, the contractual relationship. To this end, SMILEAT may manage these relationships by whatever means it deems appropriate.

(ii)          Contract formalization. Delivery management. Management of the Help Center and after-sales service, with the aim of addressing inquiries,shipments, deliveries, and orders, using the channels SMILEAT deems appropriate (emails, phone calls, SMS, push notifications, regular mail, etc.). Collection, accounting, tax, and administrative management. Handling claims procedures before judicial or administrative bodies

(iii)         To manage a secure relationship with our customers. Your data may be processed to carry out fraud prevention measures during the sign-up process if evidence of fraud arises during the current sign-up process, including the creation of a list designated for that purpose.

(iv)         Sending Marketing Communications. Provided that the requirements of applicable regulations are met, your data may be processed to send you commercial communications regarding other SMILEAT products or services similar to those you have purchased; you may object to this processing at any time.

(v)          Sending Advertising Communications. Notwithstanding the foregoing, provided that you have expressly consented by checking the boxes provided for that purpose on the data collection forms, we will process your data to carry out promotional, advertising, or commercial activities and communications, through various means—including electronic means—regarding products and/or services that we believe may be of interest to you. Please note that you may revoke your consent at any time by using the automated link that will be included for this purpose in any commercial communications you receive, if applicable, or by sending an email to info@smileat.com or to SMILEAT’s mailing address. Should you express your wish that your data not be processed for the purpose of sending commercial communications, SMILEAT informs you that you may opt out of advertising through the relevant opt-out systems. For this purpose, you may consult the information published by the Spanish Data Protection Agency, which serves as the competent supervisory authority.

(vi)         Compilation of statistics. We may also process your data to compile pseudonymized statistics and conduct surveys on the quality of our products and services in order to make improvements and carry out marketing activities—which have been previously authorized by the customer and do not involve profiling or further processing.

The processing of data for purposes other than those detailed above will require a legal basis or prior and explicit consent in each case.

Legal Basis for the Processing of Your Data

The legal basis for processing your data for the purposes detailed in the previous section is as follows:

or      (i) and (ii) Art. 6.1(b) of the GDPR: performance of a contract or the implementation of precontractual measures; however, the handling of complaints before certain agencies or courts will be carried out in compliance with a legal obligation.

or      (iii) Art. 6.1(c) of the GDPR: compliance with a legal obligation

or       (v) (vi) Art. 6.1(f) GDPR: legitimate interest. Based on legitimate interest, we will also process data from individuals and/or sole proprietors that is necessary for the purpose of the contract, processing only the minimum data required to locate them professionally and solely for the purpose of maintaining the relationship regarding the contract entered into with the legal entity where the data subject works and/or provides services. The processing of your data based on legitimate interests will, in all cases, be carried out with the utmost rigor and respect for your privacy, rights, and freedoms; under no circumstances will it be used for purposes that undermine your rights in this regard.

or       (iv) Art. 6.1(a) of the GDPR: consent of the data subject, which may be withdrawn at any time. The processing of your data for the purposes set forth in the preceding section and based on the consent requested from you may be revoked at any time; however, under no circumstances shall the withdrawal of this consent affect the enforcement of the General Terms and Conditions of Sale entered into with SMILEAT.

 

Recipients

 

SMILEAT does not plan to disclose data to third parties, except as required by law, in which case such disclosures will be made in full compliance with all legally established safeguards. In other cases, SMILEAT will request your explicit consent or another legal basis for processing.

 

Notwithstanding the foregoing, SMILEAT hereby informs you that, on an exceptional basis, your data may be processed by SMILEAT or by third-party companies contracted by SMILEAT. In such cases, the corresponding contract will be signed between the parties, and it is an essential requirement for the formalization of this contract that the service provider be familiar with the existing regulations regarding the protection of personal data and that compliance with these regulations be guaranteed throughout the term of the contract.

 

Data Processed

 

The data processed by SMILEAT are as follows:

·        Basic Information: (First Name, Last Name, and ID Number/Foreign Resident ID Number/Tax ID Number, signature).

·        Contact Information: Mailing addresses, email addresses, and phone numbers.

·        Empowerment data—position within the organization.

·        Payment details: CCC .

·        Payment method: Bank transfer.

No specially protected data are processed

 

Data Accuracy

You warrant that the information provided is true, accurate, complete, and up-to-date, and you are liable for any direct or indirect damages or losses that may arise as a result of a breach of this obligation.

International Data Transfers

In principle, no international data transfers are planned. However, in the event that SMILEAT’s activities require the transfer of your data to a third country outside the European Union or to a country that does not have an adequate level of protection as determined by the European Commission, SMILEAT will implement appropriate safeguards to carry out such international transfers in accordance with applicable law.

 

Rights

You may exercise the rights granted to you under applicable law: the right of access, rectification, erasure, and objection; the right to restrict processing; the right to data portability; and the right not to be subject to automated individual decision-making.

 

  • Access: allows the data subject to obtain information about whether SMILEAT processes personal data concerning them or not, and, if so, the right to obtain information about their personal data that is being processed.
  • Correction: allows you to correct errors and modify data that turns out to be inaccurate or incomplete.
  • Erasure: Allows data to be deleted and no longer processed by SMILEAT unless there is a legal obligation to retain it and/or other legitimate grounds for its processing by SMILEAT in accordance with current regulations.
  • Restriction: Under the conditions established by law, this allows data processing to be suspended, thereby preventing SMILEAT from processing it in the future, retaining it solely for the purpose of asserting or defending legal claims.
  • Objection: Allows the data subject, under certain circumstances and for reasons related to their specific situation, to object to the processing of their data.  SMILEAT will cease processing the data, except for legal reasons or to exercise or defend against potential claims.
  • Portability: This right allows the data subject to receive their personal data and transmit it directly to another data controller in a structured, commonly used, and machine-readable format. To exercise this right, the data subject must provide a valid email address.

 

You may exercise your rights by any means that allows for proof of the sending and receipt of your request. The request must be addressed to SMILEAT using the contact information provided in the “Data Controller” section, with the subject line “Data Protection.” The request must include: first name, last name, a detailed description of your request, and your mailing address for notification purposes. If there are any doubts regarding your identity, you may use any procedure that verifies your identity without requiring a copy of your ID card.

 

 If you are not satisfied with SMILEAT’s response regarding the exercise of your rights, you have the right to file a complaint with the supervisory authority, the Spanish Data Protection Agency, to seek protection of those rights.

Notwithstanding the foregoing, any person has the right to obtain confirmation as to whether or not SMILEAT is processing personal data concerning them.

 

Retention of Your Data

 

SMILEAT hereby informs you that it will process and store your data for as long as necessary in accordance with the purpose and legal basis of the processing for which it was collected, provided that you do not object or expressly revoke your consent in the event that consent is the legal basis for the processing.

 

We also process your data to comply with applicable law, prevent illegal activities, resolve disputes, troubleshoot issues, fulfill our contract, and for other purposes permitted by law.

We will retain your personal data for the duration of the statutory limitation periods, in accordance with applicable laws and regulations, including the general and sector-specific regulations applicable to SMILEAT.

Once the processing of your data is no longer necessary and the statutory retention periods have expired, we will delete and/or block it in accordance with our data retention and deletion policy.

If you complete your contract electronically, SMILEAT processes your data in accordance with security standards. For this purpose, credit card transactions will be transmitted via a secure SSL (Secure Socket Layering) server. When the letters “http” change to “https,” the “s” indicates that you are in an SSL-secured area; your browser may also notify you of the site’s security status via a pop-up message. The SSL security protocol encrypts personal information during data transmission.

In accordance with industry standards, SMILEAT informs you that it maintains technical and organizational measures to protect against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and other unlawful means or procedures

In this regard, SMILEAT will implement appropriate security measures to prevent the alteration, loss, unauthorized processing, or unauthorized access to data. Furthermore, it will inform anyone with access to its data of their obligations regarding security and confidentiality, as well as their duty of confidentiality.