This Privacy Policy describes how Smart Accounting SIA (we) processes the personal data of its Clients, the representatives of its Clients, Users and any other data subjects (you) in relation to their use of Smaptime and Services. This Privacy Policy applies if you use, have used or have expressed an intention to use Smaptime and Services, including the Demo version. This Privacy Policy also applies to our marketing leads.

In the described cases, we act as a data controller as regards your personal data and are responsible for the processing thereof. This Privacy Policy does not apply to the personal data processed in the Contents by our Clients on Smaptime and in using the Services. In such case, the Client acts as a data controller as regards such personal data and is responsible for the processing thereof. We process such personal data on behalf of the Client and act as a data processor.

Definitions

Any capitalized terms used herein, unless explicitly stated thereafter, should be understood as defined in our Terms of Service.

Processing - any activity or set of operations performed with or without an automated means, such as collecting, recording, registering, organizing, structuring, storing, adapting or modifying, recovering, viewing, using, disclosing, sending, distributing or otherwise making them available, matching or combining, limiting, erasing or destroying.

Personal data - any information relating to an identified or identifiable natural person (data subject).

Collecting your personal data

We collect your personal data in the following ways:

  • you provide it to us yourself
  • it is provided to us by the representative of the Client or another User (within your company)
  • we receive your personal data from a third party
  • we have collected your personal data by automatic means.

Personal data processed and the legal basis for processing

We mainly process your personal data for concluding and performing the Agreement with you. This includes providing customer support and contacting you regarding Smaptime and the Services. For the foregoing, we process the following personal data:

  • identification data (name, date of birth)
  • contact data (work address, work phone number, work email address)
  • employment data (Client’s company, position within the Client’s company)
  • communications data (emails, messages sent to us)
  • data related to the use of Smaptime and Services.

If you are the Client, the legal basis for processing your personal data is performance of the Agreement or taking steps at your request prior to concluding the Agreement.

If you are the representative of the Client or a User, the legal basis for processing your personal data is our legitimate interests to enable the use of or the legitimate interests of the Client to use Smaptime and Services as requested by the Client.

If you are a lead (Demo version Client, a marketing lead or their representative), we process your personal data for the purposes of marketing Smaptime and Services and getting you to sign the Agreement with us.

Additionally, we may also process your personal data to safeguard our rights. The legal basis for the latter is our legitimate interest to do so.

We do not process any special categories of personal data. As Smaptime and Services are not available for persons under 18 years old as by our Terms, we do not process any personal data of persons under 18 years old.

Data processors

We use service providers (data processors) in processing your personal data. In doing so, we remain fully responsible for your personal data.

Please contact us if you require more detailed information about the data processors we use.

Third parties

We only share your personal data with third parties if stipulated herein, if required under the applicable law (e.g. when we are obligated to share personal data with the authorities) or under your consent.

If you are the User or the Client’s representative, then we share your personal data with the Client as it is necessary to fulfil our obligations under the Agreement with the Client. The legal basis for such sharing is our legitimate interest to enable the use of or the legitimate interests of the Client to use Smaptime and Services as requested by the Client.

Geographical area of processing

As a general rule, the personal data is processed within the EU.

We only transfer and store your personal data outside the EU where we have a lawful basis to do so, including to a recipient who is: (i) in a country which provides an adequate level of protection for personal data; or (ii) under an instrument which covers the EU requirements for the transfer of personal data outside the EU.

Upon request we can provide details on personal data transfers to countries outside the EU.

Data retention

We retain your personal data for as long as necessary for the purposes they were collected for, as long as necessary to safeguard our rights (statute of limitations), or as long as required by the applicable law (e.g. bookkeeping). If the same personal data is processed for several purposes, the personal data will be retained for the longest retention period applicable.

When you remove your account, we delete all data associated with your account from our production database. We keep backups, designed for catastrophic system recovery, for 30 days. When an account is deleted, none of your personal data will remain on our servers past 30 days.

Deactivated users will no longer have access to your account, but their name and time entries will remain in your account for historical reporting purposes.

Your rights

To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights entitle you to:

  • require personal data to be corrected if it is inadequate, incomplete or incorrect
  • object to processing of personal data, which is based on legitimate interests and which is processed for direct marketing purposes
  • require erasing personal data, for example, one that is processed based on consent, if such consent is withdrawn
  • restrict the processing of personal data, for example, while we assess whether you are entitled to have your personal data being erased
  • receive information if your personal data is being processed by us
  • receive personal data provided to us for data portability purposes
  • withdraw consent to process personal data
  • request and receive information from us about which of our cooperation partners had received your personal data
  • lodge complaints with the Data Protection Authority.

Amendments of Privacy Policy

Should our personal data processing practices change or should there be a need to amend the Privacy Policy under the applicable data protection regulations, other applicable legal acts, case-law or guidelines issued by competent authorities, we are entitled to unilaterally amend this Privacy Policy at any time, so please review it frequently. Any significant changes to this policy will be sent out to the registered email address of the account owners.

Governing law

The processing of your personal data shall be governed by the laws of the Republic of Latvia.

Contact

In case you have any question regarding the processing of your personal data by us or you would like to exercise your rights as a data subject, please contact us by email info@smaptime.eu.

Privacy Policy valid from 06.10.2020

Contact us

Smart Accounting SIA
Republikas laukums 3-124, Riga LV-1010, Latvia (EU)
Registration number 40003694889