Personal data controller: Smartsupp.com, s.r.o ., ID No.: 036 68 681, with registered office at Šumavská 31, 602 00 Brno, represented by Vladimír Šandera, Managing Director, registered in the Commercial Register maintained by the Regional Court in Brno, file No. C 86206 (“we”).
Contact details of Data Protection Officer: dpo@smartsupp.com
We provide Smartsupp platform (the “Platform”) through which we provide you with Live Chat, Chatbots, Lead Generation and other services which are ordered according to our Terms of Service (the “Terms”). We take privacy seriously. Our role in the processing of personal data is dual. We act as a personal data controller (or in some privacy laws referred to as a “Business”) and also as a personal data processor (or in some privacy laws referred to as a “Service Provider”). This Privacy Policy describes our role as a personal data controller meaning that in this Privacy Policy, you may find all relevant information about purposes, length of processing or your rights.
The Platform is available on website: https://www.smartsupp.com/ (the “Website”).
If you want to use our Platform as a user and use our services (thus, we would process personal data of e.g. visitors of your website), we also process personal data according to your instructions. Be aware that in such cases, you act as a personal data controller. Rules, how we handle personal data in such cases are available in our Data Processing Terms available here: https://help.smartsupp.com/dpa.
A. PERSONAL DATA PROCESSED
To be as transparent as possible, we divided personal data which we process into these categories:
- Identification information.This includes your name, last name, identification of organization on which behalf you are acting.
- Login information.Information about data filled out by user when creating account on the Platform, including possible information shared with us through third-party services when you use single sign-on. Also, this information includes technical information about your browser, location and other information.
- Contact details.Your e-mail address, phone number.
- Payment data and invoicing details.Information about purchase, information necessary for bookkeeping and payment for used services, credit information, billing address, registration number, chargebacks, information necessary to prevent frauds, information about persons stipulated on invoices, requests, statistical data.
- Log information, IP address and other information about usage of the Platform. We will process technical information, such as logs of the users in the Platform, IP address of the account, your device or operating system, system data etc.
- Data connected to fulfilment of the agreement.Information about fulfilment of a mutual agreement, range of provided services under the agreement if connected with a specific natural person acting on behalf of you.
- User information.This information includes information about your usage of the Platform (whether you use it correctly, use all possible features etc.).
- Communication data.Personal data provided by contacting us through our Website, e-mail communication chat bot or any other means of communication.
- Information obtained from questionnaires.This includes e-mail address information, how satisfied you are from 1-10 or other information we include in the questionnaire.
- Pictures and videos.We can process your pictures from a review, but only if you give us your consent to do so. We can also process pictures and videos from a webinar or a course you attended.
- Cookies.When using our Website, several cookies may be used. Details about storing cookies are available in our Cookie Policy .
We obtain personal data directly from you, or if you are a user of the Platform and your account was created by your employer/contractual party, we may obtain personal data from such employer/contractual party with which we are in contractual relationship.
Our Platform is not intended for storing or processing special categories of personal data (such as health data, biometric information etc.).
B. PURPOSES OF PERSONAL DATA PROCESSING
B.1 Provision of services
We primarily process personal data to provide you with our services, to provide you with the account in the Platform (and to provide your workers and other personnel with access) and requested services, in particular when you register in the Platform, create a user account, fill out billing details and pay for our services and contact us for further information. As a part of this, we may also send you messages about the conclusion and performance of a contract, new product and service releases, payment reminders, password resets and other essential information.
For this purpose, we process your Identification information, Login information, Contact details, Payment data and invoicing details, Log information, IP address and other information about usage of the Platform, Data connected to fulfilment of the agreement and Communication data if the communication is related to a mutual contractual relationship.
Payments are made via payment providers which are described in the Part C - list of recipients.
The legal basis for this processing is the performance of the contract between you and us and the need to take steps at your request before entering into the contract. In case you are not a direct party to the contract (if you are, for example, an employee of our customer or a person acting on behalf of our customer), we process your personal data based on our legitimate interest in the performance of any contract entered into.
The data are processed for the duration of the concluded contract and for the period necessary for the performance of the obligations under such contract. If you do not use your account for a longer period, it is deactivated, however, if you want to delete information about your account, you have to contact us through contact details or via support or other means of contact.
On Google Workspace API: We confirm that our application’s use of Google Workspace APIs is strictly limited to providing our services to users. We do not use any data obtained through Google Workspace APIs to develop, improve, or train generalized Artificial Intelligence (AI) or Machine Learning (ML) models. Our use of these APIs complies with Google’s Limited Use requirements as described here.
B.2 Customer support and other requests
We also process your personal information to provide you with customer support, including handling all requests and inquiries, including follow-up communication and providing documentation for any further communication with entities.
For this purpose, we process your Identification information, Contact details, IP address and other information about usage of the Platform, Data connected to fulfilment of the agreement and Communication data if the communication is related to a customer support.
The legal basis for this processing is the performance of the contract between you and us or our legitimate interest.
Personal data are processed for the duration of the contractual relationship with the customer and subsequently for as long as necessary to protect our own legal interests or period necessary for handling any customer support request. The maximum period for storage is stipulated at 3,5 years after the inquiry was raised.
B.3 Customer satisfaction assessments (and surveys)
We also use information for evaluating customers using the product, assessing satisfaction, trends and ensuring the Platform usage is maximized.
For this purpose, we process your Identification information, Contact details, User information, Data connected to fulfilment of the agreement, Information obtained from questionnaires.
The legal basis for this processing is our legitimate interest which consists of improving the platform and the user experience.
The personal data are stored for the duration of the mutual relationship. The data are processed for reasonable period required for mutual communication or conducting surveys.
B.4 Protection of rights and duties and protection against frauds and misuse
We may also process your data to protect us from unauthorized use of our Platform and services to ensure their safe use. Also, we may use personal information to protect our own claims or to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person or violations of our Terms. This purpose also includes processing of personal data for handling possible complaints.
For this purpose, we process your Identification information, Login information, Contact details, Payment data and invoicing details, Log information, IP address and other information about usage of the Platform, User information, Data connected to fulfilment of the agreement and Communication data if the communication is related to a mutual contractual relationship.
The legal basis for this processing is our legitimate interest in protecting our rights and duties and protection against fraud and misuse.
We process the data for the period during which limitation periods or any other time limits for the assertion of claims may run. This period may be changed according to the current state and according to the specific findings and caused frauds. Generally, the period of processing may be stipulated according to the run of limitation periods (such as 10 years according to applicable laws).
B.5 Legal obligations
As any other companies, we also have to comply with the legal obligations, particularly in the area of taxes, accounting and other areas that are applied to us. At the same time, we need to be prepared to provide cooperation to state authorities if we are required to do so by law.
For this purpose, we process your Identification information, Contact details, Payment data and invoicing details, Data connected to fulfilment of the agreement, Communication data (if used for the purpose of legal obligations).
The legal basis for this processing is the fulfilment of our legal obligations.
Those data are processed for the period required by law. We are legally obliged to keep accounting documents and accounting records (invoices) for 5 years starting from the end of the accounting period to which they relate. We are also obliged to keep invoices for 3 years starting from the end of the tax year in which the tax liability relating to the invoice arose. We are also obliged to keep tax documents for 10 years starting from the end of the tax year in which the transaction took place.
B.6 Newsletters and commercial communication
From time to time, we may send you commercial communication. This does not mean communication related to the performance of the contractual relationship (e.g. updates to contractual terms and conditions, notifications of payments, delays, etc.), but communication about promotion events, discounts, campaigns and other communication supporting our brand.
For this purpose, we will process your e-mail address and your Identification information.
The legal basis for this processing is divided into two separate parts:
· If you create your account and register, we conclude contract together and a customer relationship is made. Thus, personal data are processed under our legitimate interest (direct marketing).
· If you subscribe to our newsletter list, you are giving us consent for such processing by subscribing.
You may opt out of receiving any newsletters at any time by using the unsubscribe links provided in the footer of each sent message. Also, you may withdraw your consent at any time which has the same meaning as the opt out option described above.
Personal data are processed for a period of 2 years from the last active viewing of the newsletter, unless you unsubscribe earlier.
B.7 Reviews
We love to share information about your review of the Platform and we love to tell the world. So, we may process your personal data and share your review on our social sites or the Website.
For this purpose, we process your Identification information, Contact details and Login information. In case of your explicit consent, we also process pictures, company name, position and other personal data included in the text of the review.
The legal basis for this processing is your consent.
Your personal data in reviews are processed until your consent is revoked, 5 years at the latest.
B.8 Webinars/courses
You can also participate on our webinars and other courses we organize. We will process your personal data for organizing and providing you with such webinar or a course. Please note that we may take video footage or photographs of some of these events. We aim to be as anonymous as possible, so we will not include your name or other details in photographs or video footage unless you give us permission to do so (e.g. if it is a reference).
We will process your Identification information, Contact details, Payment data and invoicing details and Pictures and videos.
The legal basis for this processing is a mutual contract that we concluded when you registered at our webinar/course.
Personal data will be processed for the duration of the contractual relationship with us and thereafter for a period of 4 years from the termination of the contractual relationship.
PROCESSING OF PERSONAL DATA IN CONNECTION WITH COOKIES ON THE WEBSITE AND IN THE PLATFORM
B.9 Website/Platform operation and security (necessity)
We process your personal data for the operation of the Website and the Platform and its security, i.e., for the internal functioning of the Platform, your identification as a registered user when browsing and making repeated visits to the Platform, and for ensuring your security. Also, we need to process information about your preferences, such as consents, what type of cookies do you agree with, consent strings for personalization and marketing purposes etc.
For this purpose, we process Technical data such as IP address and Cookies categorized as necessary.
The legal basis for this processing is our legitimate interest in the proper functioning and safe operation of our Platform. Data are processed, as a rule, for the duration of your visit to the Platform, for a maximum period stipulated in cookies bar or cookies policy. Please note down that your website browser may set up a period for which the Cookies are stored.
B.10 Analysis of Website/Platform traffic (statistics)
We process your personal data to understand how visitors use our Website or the Platform. As part of this, we can monitor traffic to our Website or the Platform, optimize it and generally make your visit to the Website or the Platform smoother and more user-friendly.
For this purpose, we process Cookies data categorized as analytical provided by us or third-parties when you provide us with your consent. Data are processed, as a rule, for the duration of your visit to the Platform, for a maximum period stipulated in cookies bar or cookies policy. Please note down that your website browser may set up period for which the Cookies are stored.
B.11 Web support and promotion (marketing)
We process your personal data to obtain information about your personal preferences and to display relevant advertising. In doing so, we may promote and offer products and services on the site and show you marketing communications relating to the services you have enquired about and promote our brand online. This may include also promotion of our services through e.g. social sites as we share such information with third parties.
For this purpose, we process Cookies data categorized as marketing provided by us or third-parties when you provide us with your consent. Data are processed, as a rule, for the duration of your visit to the Platform, for a maximum period stipulated in cookies bar or cookies policy. Please note down that your website browser may set up period for which the Cookies are stored.
C. SHARING OF PERSONAL DATA
We share personal data with below mentioned data recipients:
| Entity name | Purpose | Location | Measures for transfer |
| Braintree (PayPal (Europe) S.à r.l. et Cie, S.C.A.) | Payment service provider | EU | N/A |
| Stripe | Payment service provider | USA | Company registered under Data Privacy Framework |
| Fakturoid | Billing software | CZ | Concluded DPA |
| Wflow.com | Tool for savings incoming invoices for accountants / accounting digitalization | CZ | Concluded DPA |
| ABRA Flexibee | Accounting software | CZ | Concluded DPA |
| Keboola | Data analytics | CZ | Concluded DPA |
| Google Ireland and Google, Inc. | Data analytics, storage provider | EU data center | Company is registered under Data Privacy Framework |
| Holistics Software Pte Ltd | Data analytics | USA | Concluded DPA and SCCs |
| Mixpanel, Inc. | Analytics | USA | Company is registered under Data Privacy Framework |
| HelpJuice | Help Center CMS | USA | Concluded DPA |
| SatisMeter | NPS/Surveys | CZ | Concluded DPA |
| CustomerScore.io | Customer Health Scoring | CZ | Concluded DPA |
| Miro | Collaborative online whiteboard | USA | Company is registered under Data Privacy Framework |
| Notion | Team collaboration platform | USA | Company is registered under Data Privacy Framework |
| Trello | Team collaboration platform | USA | Company is registered under Data Privacy Framework |
| Slack | Internal communication tool | USA | SCCs |
| XodoSign | Electronic signature tool | Austria | DPA |
| Slido | Audience engagement platform | USA | Company is registered under Data Privacy Framework |
| JetBrain (YouTrack) | Organization tool (note-taking web application), project management | CZ | DPA |
| Hubspot | CRM | USA | Company is registered under Data Privacy Framework |
|
Microsoft Corporation
|
Using tools such as Microsoft Klarity | USA | Company is registered under Data Privacy Framework |
| OpenAI | AI Assistance | USA | DPA and SCCs |
| Zapier | Automations | USA | Company is registered under Data Privacy Framework |
| Make.com | Automations | USA | Company is registered under Data Privacy Framework |
| Mezmo | Centralized application logging system | USA | Company is registered under Data Privacy Framework |
| Sentry.IO | Production issue monitor | USA | Company is registered under Data Privacy Framework |
| Freshdesk | HelpDesk in connection with customer care | USA | Company is registered under Data Privacy Framework |
When using cookies on our Website and in the Product, we may also share your personal data with other data recipients, such as: Facebook, X, Youtube, LinkedIn, Google Ads, Google, G2Crowd, Konektime.
In case of reviews, your personal data may be shared on other platforms, such as: Amazon, Shoptet, Shopify, trustradius.com, Capterra, G2, WordPress, Satismeter, Apple, Google.
In addition to this, we may share your personal data with certain third parties as data controllers for the purpose of "Fulfilling legal obligations" where we are obliged to do so under applicable legislation (in particular, administrative authorities, police authorities and judicial authorities). Similarly, we may be obliged to share your data with persons who claim to have been harmed by your conduct.
D. YOUR RIGHTS IN PROCESSING AND THE POSSIBILITY OF EXERCISING THEM
In all matters related to the processing of your personal data, whether it is a question, the exercise of rights, sending a complaint to our hands, etc., you can contact us at privacy@smartsupp.com .
Your request will be processed without undue delay, at most within 1 month. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by further 2 months. We will, of course, always inform you of any such extension and the reason for it.
You also have the right to lodge a complaint with the supervisory authority as described below.
D.1 Right of access
You have the right to obtain confirmation from us as to whether or not we are processing your personal data. If we process your personal data, you also have the right to request access to information about the purpose and scope of the processing, the recipients of the data, the duration of the processing, the right to rectification, erasure, restriction of processing and to object to the processing, the right to file a complaint with a supervisory authority and the sources of the personal data (this information is already provided in this document). You can also ask us for a copy of the personal data we process. We provide the first copy free of charge; further copies may be subject to a fee. The scope of the data provided may be limited so as not to interfere with the rights and freedoms of others.
D.2 Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time. However, the withdrawal of consent does not affect the lawfulness of the processing prior to the withdrawal of such consent, nor does it lead to the termination of the processing of personal data that has already been anonymized.
D.3 Right to repair
You have the right to request us to correct inaccurate personal data concerning you. Depending on the purpose of the processing, you may also have the right to have incomplete personal data completed, including by providing an additional declaration.
D.4 Right to erasure (right to be forgotten)
You have the right to request the deletion of your personal data in cases where:
- we no longer need your personal data for the purposes for which it was collected or processed;
- you withdrew the consent on the basis of which the personal data was processed and there is no further reason for processing it:
- you object to processing and there are no other overriding reasons for processing, or you object to processing for direct marketing purposes;
- personal data are processed in violation of the law.
However, you cannot exercise this right if the processing is necessary for compliance with our legal obligations or tasks entrusted to us in the public interest or for the establishment, exercise, or defense of legal claims.
D.5 Right to restriction of processing
You have the right to request restriction of the processing of your personal data in cases where:
- you contest the accuracy of your personal data; in this case, you may request a restriction of processing until the accuracy of the personal data has been verified;
- the processing is contrary to the law and instead of erasure, you request a restriction of the processing of personal data;
- we no longer need your personal data for the purposes for which it was collected or processed, but you require it for the establishment, exercise, or defense of legal claims;
- you have objected to the processing of your personal data; in this case, you may request a restriction of processing until it is verified that our legitimate interests prevail.
D.6 Right to portability
You have the right to obtain a copy of your personal data that we process by automated means on the basis of your consent or for the performance of a contract. We will transmit this data in a commonly used and machine-readable format to you or to a controller designated by you, if technically feasible. The scope of the data provided may be limited so as not to interfere with the rights and freedoms of others.
D.7 Right to object
You have the right to object to the processing of your personal data that we process on the basis of our legitimate interest. We will stop processing your data if there are no other overriding reasons for processing or if the processing is not necessary for the establishment, exercise, or defense of legal claims or if you object to processing for direct marketing purposes. Specific rule will apply when you object to newsletters. In this case, we will stop sending you such newsletters.
E. RIGHT TO FILE A COMPLAINT
In addition to the possibility of exercising your rights with our company, you can also file a complaint with the relevant supervisory authority, which is the Office for Personal Data Protection located at Pplk. Sochora 27, 170 00 Prague 7.
F. CHANGES TO THIS INFORMATION
This Privacy Policy is effective as of 19.05.2025. We are entitled to change this Privacy Policy from time to time, so please check it regularly. We will post any changes to this document on our Website.