Smartly.io Group’s
Privacy Policy

This Privacy Policy outlines how we as the data controller collect, use and share personal data of people who use or are connected to our services, are interested in our services (or us), or with whom we otherwise do (or would like to do) business. This Privacy Policy also provides you with information on your rights as a data subject and how to reach us if you have any questions.

updated:
April 2022

Smartly.io Solutions Oy and its affiliates (“Smartly.io Group”, “we” or “us”) are committed to respect the right to privacy, and to comply with applicable data protection laws, such as the GDPR (EU’s General Data Protection Regulation), the UK GDPR (the United Kingdom General Data Protection Regulation), and the CCPA (California Consumer Privacy Act). This Privacy Policy outlines how we as the data controller collect, use and share personal data of people who use or are connected to our services, are interested in our services (or us), or with whom we otherwise do (or would like to do) business. Services provided under brand names “Ad-Lib” and “Viralspace” are also covered by this Smartly.io Group’s Privacy Policy. This Privacy Policy provides you with information on your rights as a data subject and how to reach us if you have any questions.

Please note that we do not control any personal data processing conducted by online advertising platforms, third party services possibly linked to our services, or by our customers. We have added a few helpful links below, but you should always contact those third parties directly for accurate information on their processing.

Smartly.io Group’s Applications and other Services

Our Software-as-a-Service (SaaS) applications help to automate and optimize ad campaigns and ad creatives in online advertising platforms such as Facebook, Instagram, Snapchat, Pinterest, TikTok and Google. We also provide advertising related professional services and creative services. If you use or otherwise are involved in the delivery of our services (e.g. provide creative briefs), we collect the following personal data directly from you or the customer you represent:

  • Basic information (such as name, title, work location and contact information)
  • Communications (regardless if via email, telephone, chat, video-calls or by other means), traffic data and other related data
  • Service data (such as support requests, project plans, service history and service related metrics)

The personal data is used to provide the services, including to communicate with you, provide service support and to provide knowledge base, learning platform, training and other resources related to our services (please see also section “Academy, Learning and Certifications” of this Privacy Policy). We also use such data to conduct surveys, to process feedback and to develop and improve our services. The personal data is erased from or anonymized in our systems upon request of the data subject or the customer they represent, or if the data is detected as irrelevant in our automated or manual system maintenance, or after three years of our latest contact to the data subject, whichever occurs first.

If you are a user of our platform services, we also process:

  • Login details and general user information, including user name, email address, password (hashed with bcrypt)
  • IP address and browser user agent (when using the Smartly.io application)
  • User’s id in customer’s identity provider (when using SSO/SCIM)
  • Log data and other data derived from your actions in our services

This personal data is used to authenticate users to allow access to the Smartly.io Group’s application(s), identify users when providing customer support, and store events and log information regarding a customer’s use of the Smartly.io Group’s application(s) for purposes of audit in case of a security or other incident to have a trail of actions performed by us and our users, to maintain support records, and for purposes of services improvement and service level analysis. The data is removed upon request, except for data (such as user name) stored in application logs and audit trails, which are deleted according to our standard data management cycle.

After a user has connected or otherwise authorized our platform to access their ad account or assets on certain online advertising platform(s), we process (where granted with access and to the extent applicable to the services in question):

  • The user identification information, such as user ID, user name, user email and profile picture URL
  • Access tokens (more information is available about access rights in the applicable online platform’s community sites, for example regarding Facebook access tokens here)
  • Advertiser identification information, such as Ad account ID and Advertiser ID
  • Events and log information on interaction between the ad account and Smartly.io Group’s application(s)
  • YouTube and Google User Data as specified below in Section 2

Such personal data is used to identify each user and verify their access rights, permit users to access and use the service (i.e. to identify and connect the assets and campaigns and manage these assets and campaigns on online advertising platform via Smartly.io Group’s platform, to synchronize campaign entities and metrics between our services and online advertising platform), and to provide support service. We will process such ad account and campaign related personal data until our access to such data is revoked (including invalidated by using an online advertising platform’s tools), except for the following exceptions:

  • Facebook ad account related information is removed 30 days after the respective customer terminates the relevant contract or 60 days after the ad account is disconnected by the user
  • Snapchat record is removed within 1 day after it’s no longer used to access ad accounts, or after 14 days of inactivity to access the catalogs
  • Event logs / application data stored in Smartly.io Group (which deletion is described above)
  • Data stored in back-ups are deleted in accordance with our standard data management cycle, for example the backup records are deleted from the application database after 90 days

If you are an external contact invited by a Smartly.io Group’s customer to access certain content in our application (such as the creative preview page) or to receive notifications from our application, we process your contact information (such as your name and email address) to deliver the invite and, based on the scope of access, to allow you to access and interact with our application or parts thereof. A user (acting on behalf of a Smartly.io Group’s customer) may invite external contacts by adding their contact information in our application or through a dedicated link, and said user remains responsible for ensuring that they have the necessary permissions and authorizations to do so. If you are granted access in our application as an external contact, we process your contact information, input in the application (such as comments), and action logs to allow you to use the functions made available to you by the user. We may also analyze the actions you have taken in the application. In connection with the creative preview page, we will delete your personal information after three (3) months from the last interaction with the preview page(s) you have accessed and in other cases as per our standard data management cycle. You may receive notifications about actions taken in the application (e.g. if there is activity in the creative preview page you have access to) or if a user has specifically added you to receive notifications from the application.

All processing under this section is based on our legitimate interests in maintaining, evaluating and improving our services, including to provide customers with agreed services, ensuring security and availability of the services, to help us understand how our services are used and how campaigns perform, for resource management, and to gain insights which help us dedicate our resources and efforts better.

The personal data may be shared, as necessary to perform the services as agreed, to other users and the online advertising platform partners, as well as our suppliers participating in service production, development and quality control.

To the extent needed to produce the services, including to allocate our support resources, your data are transferred outside the European Union and the European Economic Area (“EU/EEA”), including but not limited to, the United States of America, Brazil, Australia, Japan, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers outside the EU/EEA are performed subject to Standard Data Protection Clauses adopted or otherwise approved by the EU Commission. The applicable Standard Data Protection Clauses are made available for review upon request.

Please note that online advertising platforms and our customers (your employer) may also transfer and share the same data as data controllers in accordance with their respective privacy policies.

YouTube & Google User Data

We make use of YouTube API Services and Google Ad Accounts when providing our clients with YouTube and Google Ads based services, which involves processing of Google User Data and certain other data, part of which also can be used to identify a data subject directly or indirectly (personal data).

Please note that by using our YouTube based services, the customers are also agreeing to be bound by the YouTube Terms of Service. Please see the Google Privacy Policy to learn how Google treats your personal data and protects your privacy in their services.

We process the Google User IDs shared by the relevant customer to authenticate each user’s right to access the customer’s Google Ad Account, Google Display & Video 360, YouTube, and Campaign Manager 360, as applicable, and to provide and maintain authorized access. 0Auth integration is currently available from Ad-Lib’s application for Google Ads, Google Display & Video 360 and YouTube. We store the Google User ID as long as the user has access to our customer’s account, and for a reasonable time thereafter as required to maintain and demonstrate diligence of our business and data security, including to investigate any potential misuse where necessary. We process the related personal data on the basis of legitimate interests related to the data security, customer and business relationships between us and the affected data subjects. We also process Google Service Account IDs and tokens to authenticate each user’s right to access Campaign Manager 360 from Ad-Lib’s application but such data cannot be used to identify any individual user and should not contain any personal data.

We process YouTube channel ID and title (i.e. Authorized Data) in order to enable the authorized users to pick the channel when they upload a video to YouTube, based on the right the user has granted us to access YouTube API Services, and until such access right is revoked. The users can easily revoke our access to their data from our service, or via the Google security settings page. If personal data is included in the Authorized Data, processing is based on our legitimate interests described above.

For clarity, we do not collect any personal data from the users’ devices.

We process the relevant customer’s “Google Ads” data through Google Ads API, for purposes of reporting to provide insights and understand of the performance of Google Ads campaigns and individual ads, to maintain the customer relation and for administrative purposes, such as invoicing. If applicable, we also process relevant customer's Google DV360 and Campaign Manager data through Google API for the same purposes. However, all aforementioned data is aggregated and should not include any personal data.

Personal data is shared on as needed basis with our data processors (for purposes controlled by us).

Personal data may be transferred outside the European Union and the European Economic Area, including but not limited to, the United States of America, Brazil, Australia, Japan, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers are performed subject to standard data protection clauses adopted by the European Commission in accordance with the GDPR, which are made available to the data subject upon request.

Smartly.io Academy, Learning and Certifications

If you use Smartly.io Academy or any of our other learning resources, we will process the personal data derived from you in that connection, including for example:

  • Basic information (such as name, title, work location and contact information)
  • Login details
  • Feedback and other communications (regardless if via email, telephone, chat, video-calls or by other means) and related data
  • Records of course enrollment and progress, information on downloaded materials and other training data
  • Completed courses, certifications and other qualifications

The personal data is used to provide you with the training resources, track your progress and qualifications, develop our training resources, and to enable you to demonstrate your skills to others.

The personal data may be shared, as necessary to provide the learning resources, to other users and our suppliers providing the learning resources or participating in their production. Achievements recognized through the Smartly.io Certification programme are shared with our digital credential provider (currently Credly) to enable each participant to demonstrate their level of skills and knowledge. Making such validation publicly available from the credential provider’s platform is under your full control. Disclosing the information to the credential provider is based on our, our customers’ and users’ joint legitimate interests to have a set of common standards for the knowledge required to use Smartly.io effectively and to have available reliable tools to verify such knowledge where necessary. We have assessed that there is no risk for rights and freedoms of data subjects to automatically disclose such information to the service provider, as compared to ad hoc manual data transfers and validations such integrated solution especially helps the learners to have their credentials available, in verified and standardized manner, when needed, e.g. when seeking new job opportunities or networking.

We process the training and learning related personal data on the basis of legitimate interests in providing our users and customers with resources supporting the use of our services, and tools to follow and certify their competency.

The personal data is retained based on the criteria of validity of the training. Once the training related information has no value in practice (e.g. the is updated and old completions don’t demonstrate practical skills) or the one year has passed from deactivation of the user, whichever occurs first, the personal data shall be erased or anonymised.

Smartly.io Community

If you use the Smartly.io Community site (“Community”) we will process the personal data derived from or submitted by you in connection with your access to and use of the Community, including for example:

  • Email address and user name
  • Account ID (if you are a Smartly.io advertising platform user)
  • Information you may provide as part of your profile such as job title, social media profile URL, description about yourself, country, company and profile picture
  • Log information

The personal data is used to give you access to the Community, allow you to post and view comments and content in the Community and Smartly.io may also analyze and moderate (in Smartly.io’s discretion) the use of the Community.

We process the Community related personal data in order to perform our contractual obligations between Smartly.io and the users of the Community.

The personal data may be shared, as necessary to provide the Community, to other users and our suppliers such as the third party platform provider and Smartly.io group companies. The data may be shared outside the EU and transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request. Based on your cookie settings in the Community, your personal data may be shared to third parties. Please see the Community Cookie Policy for detailed description of the used cookies, their purposes and to learn how to revoke “cookie-consents” and otherwise manage your preferences.

We retain your Community account data until you have removed your account or we have done the same as per your request. We retain the log information for 12 months after your account has been removed. Note that your posts and content will remain available in the Community even after your account has been removed but appear as coming from “Anonymous”.

Website and Contact Requests

Our websites deploy cookies, which are necessary for the sites to function (e.g. to enable page navigation, access to secure areas of the site, filling in forms, and setting your privacy preferences), and, subject to your consent, also uses other cookies for: content personalization, marketing, provision of media features and analysis of site traffic. Please see our cookie policies for detailed description of the used cookies, their purposes and to learn how to revoke “cookie-consents” and otherwise manage your preferences:

If you decide to contact us through our website (or any other channels, we’re always happy to hear from you), we will use the contact details and other given information to reply and process your request, for example to contact you to provide more information and to arrange a demo if you wish to learn more about our services. The processing is based on its necessity to reply to you and take measures deemed by your request.

Personal data derived from the websites and contract requests are deleted upon request of the contact, if the data is recognized out-dated, if the contact is no longer deemed suitable candidate to our service or has been inactive for over a year.

Such data is not regularly shared or transferred outside the EU, unless you reside outside the EU, in which case the personal data may be transferred to the Smartly.io Group’s office in your area. Such transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.

If you subscribe to our newsletter, request materials available from the website, send us a contact request, or otherwise contact us, we will likely add you to our list of commercial contacts. Please see the section “Newsletter, Marketing and Customer Referral Program” of this Privacy Policy to learn more about personal data processing in that regard. Please note that our services and resources are designed for business customers only (and should not even be interesting to consumers), and thus we presume that everyone contacting us and interested in our services represent a business, not a private individual.

Newsletter, Marketing and Customer Referral Program

If you subscribe to our newsletter or for other materials (such as eBooks available on our websites), we will process the given contact information to send the newsletter or provide the materials. Such processing is based on its necessity to fulfill our legitimate interests to provide the subscribed material(s). The contact information is retained and possibly shared as described below.

We use following information to communicate on and promote our services (as compatible with the original purposes, if data is collected in another occasion):

  • Basic information (such as name, title, company name, work location, contact information and social media profile URLs)
  • Basic business information (such as monthly ad spend and # of ads in the customer’s ad account)
  • Business connections (to our former, current and potential customers and other relevant entities)
  • Expressed interest to our products and services (such as download of specific materials)
  • Participation to our events (please see more on the section “Events” of this Privacy Policy)
  • Communications
  • Marketing preferences (such as subscribed newsletter(s))

The information is obtained from you (e.g. in connection with interaction we have with you, the subscription(s) and website forms, event registrations, demo requests or other contact requests and communications (including on third party platforms, such as LinkedIn), or our cooperation partners (for example, our referral partners may disclose us information on potential customers or organizers of events which we sponsor may disclose us information on participants). Subject to your (cookie) consent, the aforementioned data may be combined with information on online activity data in our website domains. Such data is gathered with cookies, please see our cookie policies (linked above) for detailed description of the used cookies.

The personal data above is used to generate leads, target marketing activities to the contacts representing potential and current customers (for example to help our sales teams to target their efforts to contacts with potential interest in our services) and other stakeholders (including our suppliers and partners), and to retarget and customize our marketing. Naturally, the data is used to provide product and service updates, announce new eBooks and other materials, invite to our events, and otherwise market our products and services and provide related information in different channels, such as emails, phone calls, on social platforms and over display. For example, we may retarget relevant contacts by serving new retail content on LinkedIn based on previous engagement with retail content on Smartly.io Group. In addition, personal data is used, as applicable, for market and customer analysis, reporting and statistical purposes, and to better understand how people interact with Smartly.io Group, including our websites and services.

The processing is based on its necessity to fulfill our legitimate interest to carry out marketing and reach our current and potential customers. You have a right to prohibit use of your contact information in marketing at any time by using the available web-tools (such as the “unsubscribe” button at the end of newsletter) or by sending us a notice (you can find the Contact Information at the very end of this Privacy Policy).

As part of our customer referral program, we process the following personal data of the referee (from our customer database) and the new contact (provided by the referee):

  • Referee’s basic information (such as name, title, company name, and email address)
  • New contact’s basic information (such as full name, company name, and email address)

The personal data above is used to source contacts from our current customers and thereafter to approach the contacts to find out if they are interested in our services. No automated treatment of the new contact's email address will be made other than the referral message. The processing is based on its necessity for us to reach to potential customers. If you have been referred to us as a new contact, you have a right to prohibit use of your contact information in the customer referral program at any time by sending us a notice to marketing@smartly.io.

Personal data stored for marketing purposes are deleted upon request of the contact, if the data is recognized out-dated, if the contact is no longer deemed suitable candidate to our service or has been inactive for over a year.

Personal data may be transferred outside the European Union and the European Economic Area, including but not limited to, the United States of America, Australia, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business or our service providers locate. Such transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.

Events

If you wish to join our seminar, webinar or other business event, we will need to process your personal data. Such data includes the information given by you upon the registration and during the event. The information is used to arrange the event and to pursue our interests in organizing such events. The processing is based on your legitimate interests to participate in our event, and our legitimate interests in arranging your participation in the event and organizing such an event, such as networking, marketing or facilitating discussion on certain topics.

If you provide us with sensitive information related to dietary restrictions or disabilities, we’ll need your consent to process such information. We kindly ask you not to disclose such information unnecessarily.

If you have attended a Smartly.io Group’s event, we will likely contact you for feedback regarding the improvement of the event, our services relating to the event, or to hear your wishes for the following events. This contact is based on our legitimate interest to stay in touch with our contacts and receive meaningful feedback on our events, communications, and services.

Personal data is stored for the purpose of events as long as required to organize the event and take related measures, such as processing feedback, maintaining records for security and invoicing.

Please also see how we may use the collected contact information to keep you informed of interesting future events and of our services (please see further details under the section “Newsletter and Marketing” of this Privacy Policy).

The information on participants are shared with the cooperation partners of the event, if any. If the event is held or event cooperation partners are outside the EU, we’ll transfer the personal data to their respective locations. Such transfers are subject to the adequacy decision of the European Commission or standard data protection clauses adopted by the European Commission in accordance with the GDPR, which are made available to the data subject upon request.

Contracting and Invoicing

If you serve as the representative or other contact of our customer, supplier, partner or other entity we do (or wish to do) business with we’ll need to process the following information:

  • Basic information (such as name, title, company name, work location and contact information)
  • Business connections
  • Communications

You are the main source of information, but the personal data may also be collected from your employees, your colleagues, and our (other) customers, suppliers and partners.

The personal data is used to discuss business opportunities, send notifications related to our services and otherwise communicate with you, contracting, invoicing and making payments. The processing is based on our legitimate interests pertaining to agreements we have (or have had), maintaining relationships, and pursuing our business. In addition, the invoicing related personal data will be used in accounting and reporting, which processing shall be based on our obligations under the law.

The personal data are erased from or anonymized in our systems upon request of the data subject or the party they represent, or if the data is detected irrelevant in our automated or manual system maintenance, or after three years of our latest contact to the data subject, whichever occurs first, with exception of personal data that must be retained for period required in the law, in which case the data shall be retained as long as needed to comply with such requirement.

Please also see the section “Newsletter, Marketing and Customer Referral Program” of this Privacy Policy on how we may use the collected contact information to keep you informed of interesting events in the future and our services.

Data Subjects’ Rights

If we store or use your data for purposes described above, you can always request from us:

  • To access your personal data
  • Rectification or erasure of your data
  • For restriction of processing your data, including object such processing
  • To receive a copy of data about yourself that you’ve shared with us and have that data to be transmitted to another data controller

Where the processing is based on consent, you can withdraw such consent at any time. Please note that the withdrawal will not affect processing performed prior to the withdrawal.

If you wish to exercise your rights, please see our Contact Information at the very end of this Privacy Policy.

If you wish to exercise your rights, please see our Contact Information at the end of this Privacy Policy.

If you believe your rights under the data protection laws are being infringed, you may lodge a complaint with the supervisory authority of your residence in the EU (e.g. in Finland the Finnish Data Protection Ombudsman).

We will not discriminate against you for exercising any of your rights under the CCPA, unless permitted by the CCPA. Specifically, we will not:

  • Deny you access to our goods or services as a result of your exercise of your rights
  • Charge you different prices or rates for such access as a result of your exercise of your rights
  • Provide you a different level or quality for such goods or services as a result of your exercise of your rights
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services as a result of your exercise of your rights

Changes to the Privacy Policy

We may make changes to this Privacy Policy at any time. If changes to Privacy Policy are due to material changes in the processing or further processing, we shall provide the data subjects with necessary information. If you object to any of the changes to this Privacy Policy, you should cease using our services, where applicable.

Contact Information

Data controller: Smartly.io Solutions Oy jointly with its affiliates.You can reach us in all inquiries related to personal data processing at privacy@smartly.io.

Contact Us

Learn More About Our Platform and Service

Get in touch to see how we can help you grow your business online.

Get a platform demo