MySupplace PRIVACY NOTICE
This privacy notice explains how Smartfix 30 S.A. (hereinafter referred to as “Smartfix 30” or “we”) collects and uses personal data with regard to the use of MySupplace and describes the rights you have with respect to your personal data.
It also expresses the strong commitment of Solutions 30 Group to respect and protect your privacy and Personal Data. whether you are part of our Clients or their respective end customers.
“Adequate Country”: means any country, territory or one or more specified sectors within that country, or organization that is located outside of the EEA and is recognized by the European Commission as ensuring an adequate level of protection of Personal Data.
“BCR”: means Binding Corporate Rules and constitutes a legal mechanism enabling transfers of Personal Data originating from or processed in the EEA within the Group.
“Client”: means a third party regardless of being a service provider or customer to whom Smartfix 30 provides services described in a contract signed between Smartfix 30 and such Client.
“Consent”: of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
“Data Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data (where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law).
“Data Subject”: an identifiable natural person to which Personal Data relates.
“EEA”: means the European Economic Area and includes all member states of the European Union, as well as Iceland, Liechtenstein, and Norway.
‘’GDPR’’: means General Data Protection Regulation (EU) 2016/679..
“Group” or ‘’Solutions 30 Group’’: means Solutions 30 SE and any subsidiary that is wholly or partially owned, whether directly or indirectly, by Solutions 30.
‘’MySupplace’’: means the online platform operated by Smartfix 30 as described below in the section “Scope”.
“Personal Data”: means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number (e.g., IP-address, cookie tag) or location data. The term Personal Data is very broad under the GDPR. To qualify as Personal Data it is not necessary to combine the name of a natural person with other identifiers of the natural person.
“Processing”: means any use or operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organizing, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, transfer or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing can include asking a person for information, capturing information on call details (including call recording), logging and analyzing network traffic and accessing a customer’s CRM system or other external database, if applicable.
“Profiling”: means any form of automated processing of your Personal Data consisting of the use of your Personal Data to evaluate certain personal aspects relating to you, in particular to analyze or predict aspects concerning your performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
‘’Smartfix 30 S.A. or Smartfix 30’’: means a Luxembourg public limited company registered with the Luxembourg Register of Commerce and Companies under the number B 202.823 with registered office at 3, rue de la Reine, L-2418 Grand Duchy of Luxembourg, being one of the subsidiaries of Solutions 30 SE and belonging to Solutions 30 Group.
‘’Solutions 30 SE’’ or ‘’Solutions 30’’: means a Luxembourg public limited company registered with the Luxembourg Register of Commerce and Companies under the number B 179.097 with registered office at 3, rue de la Reine, L-2418 Grand Duchy of Luxembourg.
“Supervisory authority”: means an independent public authority which is established by a Member State (e.g. CNPD in Luxembourg, CNIL in France etc.
Smartfix 30 operates MySupplace, a website accessible at www.mysupplace.com which offers an online platform dedicated to putting service providers and customer in contact with each other with respect to providing IT-related services (hereinafter referred to as “Services”).
In this context, Smartfix 30 collects and uses certain data of Clients.
The present policy describes how this data are collected in connection with operating MySupplace, managed and stored in order to meet the data protection standards outlined in the GDPR and the reference norms.
3.1. Who is the Data Controller?
The Data Controller is Smartfix 30, because the organization determines the purposes and means of the processing of Personal Data. You can contact our Data Protection Officer via firstname.lastname@example.org
3.2 What Personal Data we process?
The categories of Data Subjects and Personal Data and the purposes of Processing include, but are not limited to, the following:
- Name, title academic degrees
- Contact information (e.g., telephone number, email address, address)
- Job, Localization, industry, or business title
- Group identifiers (such as customer group)
- History of business relationship and correspondence.
- Contract documents
- Payment details (if they relate to a natural person)
3.3 What are the purposes of the Personal Data Processing?
Smartfix 30 ensures that Personal Data is obtained only for one or more specified purposes and is not further processed in any manner incompatible with those purposes.
In particular, the Personal Data collected for specified purposes will not be used for another purpose, unless:
- a relevant exemption from the legislation applies; or
- the natural persons whose personal information is to be processed for the new purpose have consented to the processing for this new purpose.
- any consent for any incompatible purpose is freely given and informed.
Your data is processed for
- Client support: contacting and informing Client, planning and controlling of the offer for Services
- Contract fulfillment: Performance of Services
- Billing for Services used
- Provision of information on opportunities for cooperation with MySupplace as well as information about the project market.
- Updates on the platform
We rely on the following legal bases to process your Personal Data:
- Legitimate interest: With regard to Client support, we process your Personal Data based on our legitimate interest in operating and administering our business. We also rely on legitimate interest to process your Personal Data for marketing purposes where this is permitted by law; to improve our products and services; and to prevent and detect fraud on our platform.
- Performance of a contract: When we process your Personal Data to provide services to you or otherwise fulfil our contractual obligations to you, we do so on the basis that this processing is necessary in order for us to perform our contract with you.
- Consent: We will process your Personal Data based on your consent where this is required by law, for example where we are required to obtain your consent in order to send you marketing communications.
- Compliance with legal obligations: We also process your Personal Data to comply with legal obligations to which we are subject.
3.4. For how long so we retain your data?
Personal Data processed for the purposes hereunder will be stored only to the extent necessary during the term of our contractual relationship or as required to pursue any other legitimate purpose as described in this notice. In principle, we will retain your Personal Data as long as required or permitted by applicable law, in particular as long as the data may be needed to fulfill or defend against claims that are not yet time-barred. Afterwards, we will remove your Personal Data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it.
3.5. With whom do we share your Personal Data?
Third parties: Smartfix 30 may also transfer your data to governmental agencies and regulators (e.g. tax authorities), social insurance carriers, courts, and government authorities, all in accordance with applicable law based on Art. 6 (1) (c) GDPR and to external advisors acting as controllers (e.g., lawyers, accountants, auditors etc.) based on Art. 6 (1) (f) GDPR.
Service providers: Smartfix 30 contracts with third party service providers as part of its normal business operations to carry out IT-related tasks.
Third parties connected with business transfers. We may transfer your Personal Data to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets. In the event of such a change, we will ask the receiving party to treat your personal information in a manner consistent with this Privacy Notice.
3.6. What are your rights?
Right to withdraw your consent: If you have given your consent regarding certain types of Processing activities (in particular regarding the receipt of certain direct marketing communications), you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. You can withdraw your consent by writing to email@example.com.
Additional data privacy rights: Pursuant to applicable data protection law and the GDPR, you have the right to: (i) request access to your Personal Data; (ii) request rectification of your Personal Data; (iii) request erasure of your Personal Data; (iv) request restriction of processing of your Personal Data; (v) request data portability; and/or (vi) object to the processing of your Personal Data. Please note that these rights might be limited under the applicable (local) data protection law.
(i) Right to request access to your Personal Data: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is processed, and, where that is the case, to request access to the Personal Data. The access information includes – inter alia – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You also have the right to obtain a copy of the Personal Data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
(ii) Right to request rectification: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
(iii) Right to request erasure (right to be forgotten): you have the right to obtain from us the erasure of your Personal Data and we may be obliged to erase such Personal Data.
(iv) Right to request restriction of processing: you have the right to obtain from us and we may be obliged to restrict the processing of your Personal Data. In this case, the respective Personal Data will be marked and may only be processed by us for certain purposes.
(v) Right to request data portability: you have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those Personal Data to another entity without hindrance from us, where the processing is carried out by automated means and is based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR.
(vi) Right to object: Under certain circumstances, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Data by us and we are required to no longer process your personal data. Such right to object especially applies if we collect and process your Personal Data for profiling purposes in order to better understand your interests in our products and services or for certain types of direct marketing. If you have a right to object and if you exercise this right, your Personal Data will no longer be processed for such purposes by us.
Please note that the aforementioned rights might be limited under the applicable national data protection law. Smartfix 30 remains the universal point of contact for your execution of these rights.
You can make a request to exercise any of these rights in relation to your Personal Data by emailing us at firstname.lastname@example.org.
Please note that we may require you to prove your identity before providing the requested information. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
In case of complaints you also have the right to lodge a complaint with the competent Supervisory Authority, in particular in the Member State of your habitual residence or alleged infringement of the GDPR.
We have implemented technical and organisational security measures in an effort to safeguard Personal Data in our control, including limiting access to Personal Data only to employees and authorised service providers who need to know such information for the purposes described in this privacy notice, as well as other technical, administrative and physical safeguards.
While we endeavour to always protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.