Data storage and processing

1. How does Smallppt protect Your Personal Data?
In brief: Ensuring the safety and security of our service and Your Personal Data is a priority.
Smallppt uses appropriate technical and organizational measures to protect Your Personal Data. Only authorized Smallppt staff or third-party company staff (i.e. service providers) have access to Your Personal Data. All such staff are required to adhere to our Privacy Notice. Additionally, all third-party employees who have access to Your Personal Data must sign non-disclosure agreements. In addition, Smallppt has contracts in place with third-party companies that have access to Your Personal Data in order to protect it. To protect Your Personal Data, Smallppt maintains a secure IT environment and has measures in place to prevent unauthorized access to it. All communication and file transfers to and from our server are encrypted with TLS. Passwords are only stored in encrypted (hashed) form, never in plain text.
2. How does Smallppt use Your Personal Data?
In brief: We use Your Personal Data to provide you with high-quality services. Your privacy is our priority. We would not use Your Personal Data for any unlawful purposes.
We process Your Personal Data for the purposes listed above.
In specific cases, Your Personal Data may also be processed for the following purposes:
● In case we partially or fully sell the company or buy another company in whole or in part. We have a legitimate interest to further the development of our company through mergers and acquisitions
● To comply with our legal obligations, including participation in investigations and proceedings conducted by the government or public authorities
● In case we have a legal obligation to this effect we may process Your Personal Data to protect our rights and safety, as well as those of our customers and third parties. Although we may not have a legal obligation to do so, we may still process data for this purpose based on our legitimate interest or those of other affected persons in order to assert legal claims
3. To whom does Smallppt disclose Your Personal Data, and why?
In brief: We share some of Your Personal Data with others in order to provide you with our services. Don’t worry, we do not sell Your Personal Data or give it to spammers.Smallppt may share Your Personal Data with the following categories of recipients as necessary:
● External services providers (e.g. hosting providers, software and software as a service providers, app development providers, email service, email verification and email analytics providers, providers for error logging and service development, customer support providers, survey and user feedback providers, payment providers, billing service providers, and marketing providers). We have a legitimate interest to use external providers to ensure that we can provide our services in a professional and user-friendly manner and with a high level of service quality Data transfers to service providers are covered by data processing agreements between us and the respective provider
● In the event that we buy or sell our company in whole or in part, data may be transferred to our potential contractual partners. We have a legitimate interest to further the development of our company in this manner
● To law enforcement agencies, public authorities, and courts in order to comply with legal obligations to participate in investigations and proceedings conducted by governments or public authorities
● To other companies, individuals, or government agencies where it is required to disclose personal data by law or based on legitimate interests to protect our rights or safety as well as those of our customers and third parties
Some of the aforementioned providers may process Your Personal Data outside the EU/EEA. For more information on protective measures used to secure data transfers in countries outside the EU/EEA, please see Section 7 below.
Among other things, Smallppt may share Your Personal Data with the following third parties, but only in the circumstances set out below:
3.1 PayPal / Stripe
We offer payment via PayPal / Stripe, a service offered by PayPal / Stripe Pte. If you select PayPal / Stripe as your payment method, you will be redirected to the PayPal / Stripe website and the personal data you enter will be transmitted to PayPal / Stripe in encrypted form. PayPal / Stripe enables you to make payments under our contract and according to our legitimate interest to offer you extended payment options and to outsource payments
PayPal / Stripe acts as a data controller in providing its services. Therefore, the data processing is governed by PayPal’s / Stripe’s privacy policy, not ours. We have no control over the data that PayPal / Stripe collects or the extent of data use by PayPal / Stripe. For details about PayPal’s / Stripe’s data processing
PayPal / Stripe may process personal data outside the EU/EEA. For more information on protective measures for securing data transfers to countries outside the EU/EEA
3.2 Google reCAPTCHA
We use the reCAPTCHA service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA on our website. This is a security service that helps us distinguish whether data inputs on our website (e.g. into contact forms or when opening a URL) are made by an individual or by automated means. The purpose of reCAPTCHA is to block automated requests, spam, or other malicious traffic to our website. Google will process Your Personal Data (e.g. IP address, input rates, time spent on a specific site, and movements on the site) to evaluate the website traffic as part of this product. Our use of Google reCAPTCHA is based on our legitimate interest to protect our website against spam and malicious traffic in order to ensure its security
In providing Google reCAPTCHA, Google acts as a data controller for Google Ads and may process Your Personal Data for other purposes. We have no control over the data that Google collects or the extent of the data collected by Google. We also have no knowledge of the content of the data transmitted to Google. For details about Google’s data processing, please refer to https://policies.google.com/privacy. Google may process personal data outside the EU/EEA. For more information on protective measures for securing data transfers to countries outside the EU/EEA, please see Section 7 below.
3.3 Google Analytics
We use Google Analytics on our website, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. Its purpose is to analyze user behavior and, based on the results, help us make decisions relating to product and marketing optimization. Google will process Your Personal Data (IP address, online identifiers, device identifiers, and device information, e.g. browser type, version, device type, user behavior, e.g. pages visited, session duration, use of specific website functions, e-commerce activity) to evaluate your use of the website, compile reports on website activity, and provide us with other services related to website activity and internet usage.
Google Analytics uses cookies for data processing (see Section 8 below for further information). You can consent to the processing of Your Personal Data by Google Analytics and/or prevent it/withdraw your consent at any time through our cookie banner. To withdraw your consent, go to the cookie settings at the bottom of our website. Google will anonymize Your Personal Data 14 months after your last activity, provided there is no legal obligation to store it for a longer period.
The transfer of Your Personal Data to Google is based on our data processing agreement (in connection with Art. 28 GDPR). Google may process personal data outside the EU/EEA. For more information on protective measures for securing data transfers to countries outside the EU/EEA
3.4 Google Ads
a) Conversion Tracking We use Google Ads Conversion Tracking (offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA) on our website. We use this service to determine how successful our advertisements through the Google marketing network are (so-called Google Ads) based on the display of the advertisements and clicks by users. This service makes our advertisements more interesting for you and improves our marketing campaigns. To enable this service, Google places a conversion tracking cookie on your computer. You can consent to the processing of Your Personal Data by Google and/or prevent it/withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings at the bottom of our website. The cookie expires within 30 days after visiting our website. It enables Google to recognize your internet browser and captures the unique cookie ID, the number of ad impressions per placement (frequency), last impression, and opt-out information (ads that the user no longer wishes to be addressed with). If you visit our website before the cookie expires, we and Google can recognize you, for example, if you click on an ad for our services and are redirected to our website. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information.
b) Google Ads Remarketing We also use the online marketing service Google Ads Remarketing offered by Google on our website. We use this function to present you with advertisements on our website based on your interests in Google Ads on other websites within the Google marketing network. For this purpose, Google analyzes your interaction with our website, e.g. which offers you were interested in, in order to be able to display relevant advertisements on other sites even after you have finished visiting our website. To enable this service, Google places a cookie on your computer. You can consent to the processing of Your Personal Data by Google and/or prevent it/withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings at the bottom of our website. This cookie expires 180 days after visiting our website. Google uses this cookie to analyze how you interact with Google Ads on our website and on other websites to present you relevant advertisements.
c) General information on Google Ads Google acts as a data controller for Google Ads and may process Your Personal Data for other purposes. We have no control over the data that Google collects or the extent of the data collected by Google. We also have no knowledge of the content of the data transmitted to Google. For details about Google’s data processing, please refer to: https://policies.google.com/privacy. Google may process personal data outside the EU/EEA. For more information on protective measures for securing data transfers to countries outside the EU/EEA
3.5 Facebook
Our website utilizes Facebook Pixel (provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA) for the following purposes:
a) Facebook Conversion Tracking We use the Facebook Pixel as an analytics tool to measure the effectiveness of our advertisements on Facebook by understanding the actions that Facebook users make on our website. The tool allows us to follow the actions of users after they are redirected to our website via an advertisement on Facebook (so-called “conversion”). This allows us to evaluate the efficacy of our Facebook advertisements for statistical and marketing research purposes.
b) Facebook Custom Audiences We also use the Facebook Pixel for remarketing purposes in order to be able to show you advertisements on Facebook likely to correspond to your interests. This tool allows us to match visitors of our website to Facebook users and enables us to create Facebook advertisements for different target groups based on how they interacted with our website.
c) General information on Facebook The Facebook Pixel captures information about your browser session when visiting our website and shares this information with Facebook, along with a hashed version of your Facebook ID and the viewed URL. We will only place the Facebook Pixel (for information on cookies and similar technologies see Section 8 below) with your consent (Art. 6 (1) (1) a GDPR). Therefore, you can prevent the use of Facebook Pixel or withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings at the bottom of our website. The Facebook Pixel will be deleted after 180 days of your last interaction with our website. Facebook provides us with aggregated reports which enables us to improve the quality and relevance of our advertisements on Facebook and to present Facebook users with more relevant advertisements for marketing improvement. We and Facebook are joint controllers for data processing through the Facebook Pixel under Art. 26 GDPR and have entered into a joint control agreement. You may access this agreement here: https://www.facebook.com/legal/controller_addendum. You may exercise your data protection rights directly with Facebook. Facebook may process personal data outside the EU/EEA. For more information on protective measures for securing data transfers to countries outside the EU/EEA, please see Section 7 below.
3.6 Twitter
We use Twitter Ads, a marketing service provided by Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland) on our website. We use this service to determine how successful our advertisements on Twitter (so-called Twitter Ads) are based on the display of the advertisements and clicks by users. We use this service to make our advertisements more interesting for you and to improve our marketing campaigns, including developing custom audiences for remarketing purposes.
To enable this service, Twitter places a cookie (“Universal Website Tag”) on your device which enables Twitter to collect information on your interaction with ads placed on Twitter. For this purpose, Twitter collects Your Personal Data, such as your IP address, the unique cookie ID, the number of ad impressions per placement, and the last ad impression.
You can consent to the processing of Your Personal Data by Twitter (Art. 6 (1) (1) a GDPR) or prevent it or withdraw your consent at any given time through our cookie banner. To withdraw your consent, go to the cookie settings at the bottom of our website. This cookie expires within 30 days.
Twitter may process personal data outside the EU/EEA. For more information on protective measures for securing data transfers to countries outside the EU/EEA
4. What are my data protection rights and how can I exercise them?
In brief: You have certain rights over Your Personal Data under data protection laws, including, for example, the Swiss Federal Data Protection Act, the California Consumer Privacy Act, or the EU GDPR.
Depending on the specific circumstances of the case and your place of residence, you may have some or all of the following rights:
● to withdraw your consent to the processing of Your Personal Data at any time. As a result, we may no longer process Your Personal Data based on the consent. But the withdrawal of your consent has no effect on the lawfulness of processing before the withdrawal;
● to access the personal data processed by us and/or request copies of this data. In particular, you can obtain information about the purposes of processing, categories of personal data, categories of recipients to whom your data has been or will be disclosed, planned retention period, and origin of your data if it was not collected directly from you;
● to request the rectification/correction, erasure, or restriction of processing of Your Personal Data;
● to request Your Personal Data, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit this data to another controller. You may also ask us to directly transmit this data to another controller, where technically feasible;
● to object to the processing of Your Personal Data on grounds relating to your particular situation, if we process Your Personal Data based on our legitimate interests. You may also object to the processing of Your Personal Data for direct marketing purposes at any time;
● to opt-out of the sale of Your Personal Data to third parties.
5. How and for how long do we store Your Personal Data?
In brief: We keep Your Personal Data and the User Files you upload only as long as they are needed for the provision of our services or as required by law.
We will only retain Your Personal Data and User Files you upload for as long as necessary to fulfill the purpose for which it was collected or to comply with legal requirements. To help us, we apply criteria to determine the appropriate periods for retaining Your Personal Data depending on its purpose, such as account maintenance, facilitating client relationship management, and responding to legal claims or requests from authorities.
If you do not have a User Account (see Section 1.4 above) or are not logged in when using our services (e.g. when being asked for a signature via our eSign tool, see Section 1.9 above), we will generally delete User Files within 14 days after the last time they were opened. Please note that this retention period is extended by another 14 days every time you reopen the respective User File. Please note that if you use third-party services to access our services, data retention of User Files by the respective provider may differ.
If you access our services via a User Account, we delete User Files within one hour unless you save them to your file storage. When you choose to delete saved User Files, we generally delete them within 14 days.
6. Which data transfers outside the EU/EEA take place?
In brief: In some cases, we may transfer Your Personal Data outside of Switzerland and will ensure that Your Personal Data is well protected irrespective of its location.
We are located in Switzerland, which has been recognized as a safe third country in an adequacy decision of the European Commission. When you use our services, Your Personal Data may be transferred to recipients located in other countries, including outside the EU/EEA.
Where such a recipient country does not provide for an adequate level of data protection according to the European Commission, we will only transfer Your Personal Data to the recipient country on the basis of appropriate safeguards, such as binding corporate rules, standard contractual clauses (European Commission decision 2010/87/EU), or when another exception under Art. 49 GDPR applies. Please contact us (see “Contact Us” section) to request information on the specific safeguards that are in use for the recipients of Your Personal Data.
7. Contact us
In brief: Let us know if you have any questions.
If you have any requests concerning our processing of Your Personal Data or any queries with regard to these practices, please contact Smallppt at the contact data given above, including via email at Smallppts@gmail.com