Privacy Policy
At Smile Elm (“we,” “us,” “our”), accessible via smileelm.com (the “Website”), we are committed to protecting your privacy and ensuring the security, integrity, and lawful processing of your personal data. We understand the importance of privacy in the digital age and are dedicated to respecting and safeguarding your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of smileelm.com and describes how we collect, use, disclose, and safeguard personal information obtained through the Website. Smile Elm is the data controller for the purposes of the GDPR and is responsible for determining the purposes and means of processing your personal data.
2. Categories of Data Processed
We collect and process the following categories of personal information:
a. Usage Data: Includes information about your browser type, IP address, device identifiers, access times, pages viewed, link clicks, referring URLs, and session duration. This data is used to analyze Website performance and user interaction.
b. Account Data: Includes personal identifiers such as your name, mailing address, email address, and telephone number, which are collected when you register for an account or make a purchase.
c. Profile Data: Includes information derived from your interactions with the Website, including product interests, purchase history, user preferences, and behavioral analytics.
d. Communication Data: Includes records of correspondence with us such as customer support inquiries, contact form submissions, and user feedback.
e. Technical Data: Includes details about the devices and technology you use to interact with smileelm.com, such as hardware model, operating system, browser settings, language preferences, and network information.
f. Transaction Data: Includes purchase and payment details, such as billing and delivery addresses, payment method, purchase timestamps, and transaction confirmations.
g. Preference Data: Includes information about your marketing and communication preferences, survey responses, and interests in specific products or services.
3. Legal Bases for Processing
We process your personal data under the following lawful bases:
– Performance of a Contract: When processing is necessary to fulfill our contractual obligations to you, such as order fulfillment or account management.
– Legitimate Interest: Where processing supports business operations such as fraud prevention, product improvement, analytics, and security, and does not override your rights.
– Consent: Where required by law, we obtain your explicit consent prior to processing activities such as marketing communications and analytics.
– Legal Obligations: When processing is required for compliance with legal or regulatory duties.
4. Your Rights
In accordance with the GDPR and CCPA, you have the following rights regarding your personal information:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You are entitled to request correction of inaccurate or incomplete information.
– Right to Erasure: You may request deletion of your personal data under certain conditions.
– Right to Restriction: You can request limited processing of your personal information in specific circumstances.
– Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
To exercise any of these rights, please contact us at [email protected].
5. Security Measures
We implement rigorous technical and organizational measures to ensure the protection of your personal data. These include:
– End-to-end data encryption for transmissions and storage.
– Limited access to personal data, restricted to authorized personnel under confidentiality obligations.
– Regular system backups and disaster recovery protocols.
– Staff training on data protection principles and incident response.
6. International Transfers
When we transfer your personal data outside the European Economic Area (EEA), we do so in compliance with international data protection standards, using mechanisms such as Standard Contractual Clauses approved by the European Commission. Similarly, U.S. data transfers comply with CCPA requirements and additional state-level privacy legislation, as applicable.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or to meet legal, accounting, or regulatory requirements. Retention periods vary by data category:
– Usage, Technical, and Cookie Data: Typically retained for 12-24 months.
– Account and Transaction Data: Retained for as long as your account is active plus a period of 7 years for compliance purposes.
– Communication and Support Data: Retained for up to 3 years after last contact.
– Preference and Profile Data: Retained for up to 2 years, unless consent is withdrawn earlier.
8. Cookie Policy
We use cookies and similar technologies on smileelm.com for the following purposes:
– Essential Cookies: Required for Website functionality and secure login.
– Functional Cookies: Enable personalization and user preference storage.
– Analytics Cookies: Help us understand Website usage and improve performance. We use tools such as Google Analytics, which may collect anonymized metrics.
– Performance Cookies: Enhance the responsiveness and efficiency of the site interface.
9. Cookie Management and Compliance
You are informed of our use of cookies via a cookie consent banner upon your first visit to smileelm.com. You may update your preferences or withdraw consent at any time via our Cookie Settings interface or by modifying your browser’s cookie controls. We respect the “Do Not Track” signals enabled in user browsers and honor applicable opt-out rights under the CCPA.
For California residents, we provide a “Do Not Sell or Share My Personal Information” link as required under the CCPA.
10. Children’s Privacy
We do not knowingly collect or process personal information from children under the age of 13. If we become aware that such information has been collected in violation of this policy, we will take appropriate steps to delete it. Parents or guardians who believe their child has submitted personal information to us are encouraged to contact [email protected].
11. Policy Updates
We reserve the right to update this Privacy Policy as necessary to reflect changes in applicable laws, our practices, or Website features. When material changes occur, we will notify users through appropriate channels, such as banners or email notifications, where applicable.
12. Contact
If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please direct your inquiry to:
Email: [email protected]
Subject: Privacy Inquiry
We are committed to protecting your privacy and upholding your trust. For more information about our data processing or privacy compliance, please do not hesitate to contact us.