Please read our full document below to understand details between where we are a Data Controller (your Smart Segments account data, company information etc.) and where we are a Data Processor (when we process your data from for example Roller Software or Xero through our systems into Google Data Studio or your Google Big Query Data Warehouse)
Privacy and security as data processor
This section summarizes our commitments to you where we are a Data Processor (when we process your data through our systems into Google Data Studio or your Data Warehouse.)
- When it comes to being a data processor, the data is never stored permanently on our systems. In the majority of cases, we process your data in real time. To improve performance, we may cache your query results on the servers as needed for the success of your query. Please note that any time we cache query results we strongly encrypt the data. Any caches are deleted once they are unnecessary or when you cease use of our systems.
- Our staff is trained regularly on handling data and our systems are monitored constantly. Our staff have access as needed. For any data we process, your data is extremely restricted and we will only access it at your written request or in the case where we need to debug and solve problems. In each case all such access is audited.
- We do not share the data you process with us with any party.
- Smart Segments uses the official APIs (application programming interfaces) for accessing data on XERO and Roller Software.
- Data transfers are done using SSL encrypted HTTPS connections.
- For logging into XERO we use OAuth. This is a secure authentication method, which means that you never have to type your password into our tools, as the authentication happens on a webpage hosted by the data source (eg. XERO).
- XERO works with OAuth, and provide their own interface for revoking access rights.
- Our data processing and storage happens in monitored and highly scalable, best-in-class data centers managed by Google.
Privacy and security as data controller
This section relates to the personal data processed by us as a data controller for concluding the agreement with our customers and for other purposes as set out in more detail below.
We may also process personal data that is sent to our systems by our customers when providing our processing services to our customer (please see section 2. above). Such processing of personal data is governed by a data processing agreement entered into between us as the data processor and our customer as the data controller. We process such data only on the instructions of our customer. If you have any questions relating to such data processing, please contact directly the relevant data controller. The sections 3.1 – 3.11 that follow refer only to personal data provided to us by Smart Segments license holders (our customers) and/or visitors to our marketing web sites.
1.1 Controller of the processing of your personal data
Smart Segments (“Smart Segments” or “We”)
Contact person in case of matters relating to the processing of personal data: Jeroen Sijl
1.2 Data processed and sources of personal data
When you sign up for our services, we may collect and process the following personal data about you: Your name; Address details; E-mail address.
We collect the above mentioned personal data directly from you when you sign up for the service. If you do not provide us with your above personal details, we may not be able to enter into an agreement with you. In addition we may collect technical data such as IP address, operating system, web browser, and browsing history on smartsegments.com.au and other Smart Segments web properties, prior to entry into the agreement. This data may be combined with your personal data so that we may create optimized and efficient workflows and provide further analysis to improve sales and delivery of our products.
1.3 Purposes of processing
We may process personal data for the following purposes:
- Concluding the agreement with you or the legal entity you represent;
- Maintaining a contractual relationship with you or the legal entity you represent, including:
- invoicing;
- providing you with support for the services under the agreement;
- troubleshooting
- Sending you or the legal entity you represent necessary updates regarding:
- the services under the agreement;
- changes in our Terms and Conditions or this Privacy Policy.
Statistical and analytical purposes.
- We use the personal data to generate reports and statistics regarding the use of our services.
- Where possible, we use anonymized data or non-personal data in these activities.
1.4 Legal grounds for the processing
If you are a natural person and have entered into an agreement with Smart Segments, we process personal data to the extent it is necessary for the performance of the agreement between you and Smart Segments as well as for the purposes of the legitimate interests pursued by us as the data controller.
If you represent a legal person (e.g. a company or another legal entity) which has entered into an agreement with Smart Segments, the legal grounds for the processing of personal data is that processing is necessary for the purposes of the legitimate interests pursued by us as the data controller.
To the extent we process the personal data (as defined in section 2) in connection of performance of the agreement between a legal person and Smart Segments, the legitimate interest pursued by us is the conclusion and performance of the agreement between your legal entity and Smart Segments. In such case we will process your personal data as necessary towards the mutual interest of concluding and maintaining a contractual relationship with the legal entity you represent.
To the extent we process the personal data with the aim to improve our services the legitimate interest pursued by us is the development of our business and processes. We strive to limit the use of personal data in this context to the minimum and will process your personal data (as defined in section 2) as necessary towards the mutual benefit of improving and optimizing our products.
1.5 Recipients of personal data
When processing your personal data for the purposes described above, we may transfer the personal data to the following third parties:
- Google Analytics, customer and traffic analysis
- Google Adwords, advertising and marketing
- LinkedIn Ads, advertising and marketing
- Facebook Ads, advertising and marketing
- MailChimp, customer marketing and outreach
- Stripe, payments processing
- Paypal, payments processing
- Slack, customer support
- Google Cloud Platform, servers and infrastructure
We may also transfer personal data to the relevant authorities in Australia or abroad where such authorities have a legal right to receive the information.
1.6 Transfer of your personal data to outside of the EU/EEA
We may transfer your personal data outside the European Union or the European Economic Area in connection with the purposes stated in this Privacy Policy. Your personal data may be transferred to the United States, and/or other non-EU jurisdictions, as applicable.
If personal data is transferred outside the EU/EEA, we ensure that the personal data is transferred in accordance with the applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) or by ensuring that the recipient of the data participates certification schemes (including the EU-US Privacy Shield).
1.7 How long do we store your personal data?
Your personal data will be stored only as long as it is necessary for the performance of the contract with you and for the purposes set out in section 3 above. We will delete the information once it is no longer needed for those purposes.
1.8 Your rights
1.8.1 Right of access
You may contact us and we will inform what personal data we have collected and processed regarding you and the purposes such data are used for. You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed.
1.8.2 Right to object
You may object to certain use of personal data if such data are processed for other purposes than purposes the purposes set out above. If you object further processing of personal data, we may not be able to provide to you the services under the agreement.
1.8.3 Restriction of processing
You may request us to restrict the processing of your personal data. In such case, however, we may not be able to provide to you the services under the agreement.
1.8.4 Right to withdraw consent
If the processing of your personal data is based on your consent, you have the right to withdraw the consent at any time. If you wish to exercise the right to withdraw the consent, you may contact us at the contact details set out in section 1 above.
1.8.5 Right to data portability
You have the right to receive your personal data from us in a structured and commonly used format and to independently transmit those data to a third party.
1.8.6 Exercising your rights
You may contact us by mail or e-mail using the contact details set out in section 1 above with a request to exercise any of the above rights. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
1.9 Analytics, Online Advertising, and Remarketing
Smart Segments works with 3rd party providers to obtain the information regarding traffic on Smart Segments websites, including pages viewed and the actions taken when visiting smartsegments.com.au and other Smart Segments web properties; to serve our advertisements on other websites and elsewhere online; to provide us with information regarding the use of our websites and the effectiveness of our marketing efforts.
Above mentioned partners may collect certain information about your visits to and activity on Smart Segments websites, they may set and access their own tracking technologies on your device (including cookies and web beacons), and use that information to show you targeted advertisements.
We use Google AdWords Remarketing and other similar services (e.g. retargeting) to advertise Smart Segments across the Internet.
These services will display relevant ads tailored to you based on what parts of Smart Segments websites you have viewed by placing a cookie on your device. This cookie does not in any way identify you or give access to your computer. It helps us to customize our marketing to better suit your needs and only display ads that are relevant to you.
You can read here how Google is using your data when you are visiting Smart Segments websites
You can set up your browser to decline cookies, should you wish to do so.
However, this may prevent you from taking full advantage of Smart Segments websites. If you do not wish to participate in our Google AdWords Remarketing, you can opt out by visiting Google’s Ads Preferences Manager.
Please note that some parts of our Services may not function properly if use of cookies is refused.
1.10 List of Cookies Stored
We store the following cookies from the following services when you use Smart Segments.com properties.
- Session cookie used by the application to store state between page views (such as your current logged in information)
- Google Analytics and Adwords tracking cookies (typically “_ga” and “utm”) for tracking page views
- WordPress Cookies for settings while browsing the main Smart Segments.com site (wp*, et*)