Last Updated May 15, 2019
Some key terms are defined as follows, and throughout this document:
- Smooch Technologies ULC ("Smooch", "we", "us", or "our") is the company that collects and processes Personal Data for the purposes described in this Policy
- Personal Data is any information relating to an identified or identifiable natural person ("Data Subject")
- Customer is a legal entity with whom Smooch has an agreement to provide the Services
2. About Smooch
Smooch provides a "Conversation Cloud" that allows our Customers to store, manipulate, analyze and transfer messages between their business systems and their customers on a variety of Smooch-provided and third party messaging channels (the "Service").
Smooch is committed to the protection of Personal Data, including data that we use for our own purposes, and that we maintain on behalf of our Customers.
3. Collection and Use of Personal Data
Smooch collects information, including Personal Data, for the following purposes:
- Providing and managing the Service
Internal business purposes
- Communicating with you and marketing
- Recruiting and managing personnel
- Collecting payment for the Service
- To understand and improve our Service and Website
This Policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable individual (Data Subject) or Customer of the Services.
Smooch Services are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.
Providing and managing the Service
In the course of providing the Service, Smooch may receive, access, analyze, process and maintain Personal Data on behalf of our Customers.
Our Customers determine the types of Personal Data that will be collected and used within the Service, how it will be used and disclosed, and how long it will be stored. For any questions related to how your Personal Data is used by our Customers, please contact them directly.
Service Data is the information that is processed on behalf of our Customers during provision of the Service.
Account Information, including contact information, user profile information, and information about your payment method, is collected from you when you register or authenticate into our Service and is used to manage payment for the Service, enable us to provide support, and facilitate communication.
Service Usage Information is collected, including information about how you are accessing and using the Service. We use this information to understand and improve our Services, and to investigate and prevent security issues, abuse, fraud.
Internal Business Purposes
Smooch collects the following information from you through our Website (https://smooch.io), social media, and other channels for the following purposes:
Communicating with you and marketing
- Responding to your request for a product demo: When you request a free demo, we may collect your first and last name, job title, business email address, and information about your company. We use this information to contact you and otherwise facilitate your free demo.
- Responding to your inquiries: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future and to improve our customer service and service offerings (including the Service and Website).
- Informing you about products and services. We may use your contact information for our own marketing or advertising purposes. We do not sell or rent your Personal Data to third parties. You can opt out of these at any time by following the steps outlined below.
Recruiting and managing personnel
- Processing your job application. If you apply for a job at Smooch, you may provide us with certain Personal Data about yourself, such as information contained in a resume, cover letter, or similar employment-related materials. We use this information for the purpose of processing and responding to your application for current and future career opportunities.
- Managing employees and contractors. If you join the Smooch team as an employee or contractor, we will use the information you provided, as well as information we create about you, for human resources purposes including verifying your eligibility and qualifications, performance management, to provide compensation and benefits, investigate incidents, and otherwise facilitate the relationship.
Collecting payment for the Service
- Collecting payment. For Customers that purchase a paid version of our Service, we collect and process information about how you use the Service, and your Account Information (including contact information, user profile information, and information about your payment method) for the purpose of billing you.
To Understand and Improve our Services and Website
- Understanding how you use the Service. Service Usage Information is collected, including information about how you are accessing and using the Service. We use this information to understand and improve our Services, and to investigate and prevent security issues, abuse, fraud.
4. Disclosure of your Personal Data
As a matter of practice, Smooch does not disclose, trade, rent, sell or otherwise transfer Personal Data, except as set out in this policy.
We may transfer or disclose Personal Data as follows:
Service Provider Arrangements. We may transfer (or otherwise make available) Personal Data to third parties who process it on our behalf for the purposes noted above. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
- As of the date hereof, these third party providers include technical operations such as database monitoring, data storage and hosting services and customer support software tools.
- Changes to our Business Structure. Smooch may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Smooch’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
- Compliance with Laws. Smooch and our Canadian, US, and other Service Providers may share or disclose Personal Data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
- Enforcing Our Rights, Preventing Fraud, and Safety. Smooch may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.
5. Your Rights
Access and Correction of Personal Data
If we receive a request from an individual to access or update Personal Data we have collected on behalf of a particular Customer, we will direct that individual to the relevant Customer. We will assist our Customers wherever possible in responding to individual access requests.
If you submit Personal Data via our Website or otherwise provide us with your Personal Data, you may request access, updating or correction of your Personal Data by submitting a written request to us. We may request certain Personal Data for the purposes of verifying your identity.
6. How We Protect Personal Data
Smooch takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Personal Data and other information, please see our Security Practices; we keep that document updated as these practices evolve over time.
Cookies are small text files sent by us to your computer and from your computer or mobile device to us each time you visit our website or use our desktop application. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.
Some cookies are associated with your account and Personal Data in order to remember that you are logged in and which parts of the Service or Website you are logged into. Other cookies are not tied to your account but are unique and allow us to carry out site analytics and customization, among other similar things. If you access the Services through your browser, you can manage your cookie settings there but if you disable some or all cookies you may not be able to use the Services.
Smooch sets and accesses our own cookies on the domains operated by Smooch and its affiliates. In addition, we use third parties like Google Analytics for website analytics. You may opt-out of third party cookies from Google Analytics on its website. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.
9. Contact Us
Please contact Smooch if:
- you wish to access, update, and/or correct inaccuracies in your Personal Data; or
- you otherwise have a question or complaint about the manner in which we or our service providers treat your Personal Data.
You can reach the Chief Privacy Officer by emailing email@example.com or at our mailing address below:
Smooch Technologies ULC
Attn: Chief Privacy Officer
1201 5333 Casgrain
Montreal, QC, H2T 1X3
If after contacting us you do not feel that we have adequately addressed your concerns, European individuals may exercise their rights as described in the following section.
Canadian individuals may contact:
The Office of the Privacy Commissioner of Canada
10. European Union / Swiss Individuals
In compliance with the Privacy Shield Principles, Smooch commits to resolve complaints about our collection or use of your Personal Data.
European Union / Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Smooch at firstname.lastname@example.org or at our mailing address below:
Smooch Technologies ULC
Attn: Chief Privacy Officer
1201 5333 Casgrain
Montreal, QC, H2T 1X3
Smooch has further committed to refer unresolved Privacy Shield complaints to, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.
We use a limited number of third party providers to assist us in providing the Services to our Customers. As of the date hereof, these third party providers perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
Liabilities in cases of onward transfer
If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of Switzerland or a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority or the Swiss Federal Data Protection and Information Commissioner) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).