We are Smiler B.V. (Smiler). Our Services help you to capture memorable experiences in high quality, by providing you with oneMinute photoshoots. For this purpose, there are Smiler Photographers on various special Locations (such as touristic spots and venues). You can purchase these Photos in various forms afterwards.
For more information about out Services, you can visit our Website: smiler.co.
When you use Smiler, you trust us with the Personal Data captured in the Photos and used to contact you. We’re committed to keeping those Personal Data protected. That starts with helping you to understand our privacy practices. This Privacy Statement describes the Personal Data we process of you and your friends or family as our Customers, how this Personal Data is used and what the rights are regarding this data.
It is up to you to inform your friends, family, or anyone else included in the Photos of the particulars of this PrivacyStatement and the use and storage of the Photos. If people object to being photographed by Smiler, please make sure they will not be included in the (group) Photo.
Smiler acts as Controller within the meaning of the applicable privacy legislation, including the EU General Data Protection Regulation (GDPR).You can contact us through the contact details mentioned at the bottom of this Privacy Statement.
How do we collect and use Personal Data?
We may process the following Personal Data for the purposes mentioned below.
1) Images of the people in the Photos taken during the photoshoot
Purpose(s): We use this information to:
- Meet your request for a photoshoot on the Location;
- Upload the Photos taken during the photoshoot on the Smiler platform, so you can access and buy them
Legal basis: We may process your image, because this is necessary to perform our contract with you – i.e. to take your Photos and enable you to purchase them.
In this scope we have a legitimate interest to also process the images of the other people in the Photos, as we find that taking group Photos is an essential and indispensable part of our Services and is often requested. To protect the rights and freedoms of the other people in the Photos, we ask our Customers and Photographers to be mindful of the other people in the Photo and provide them with the availability to object.
2) Contact information: Name, phone number and country (code) or eMail address.
The Photographer will show you a QR code right after the photoshoot. If you scan this QR code, you will be directed to a Smiler webpage on which you can enter this data via your device. Alternatively, the Photographer can enter this data manually on its own device.
Purpose(s): We use this information to:
- Link the Photos taken during the photoshoot to you;
- Contact you right after the photoshoot to confirm we have received your contact details;
- Send you the link as soon as your Photos are uploaded to the Smiler Platform;
- Send you a number of reminders within a year after the photoshoot, if you have not yet bought your Photos.
Legal basis: We may process these Personal Data, because this is necessary to perform our contract with you – i.e. to provide you with information and a link to your Photos as a part of our Services. As for the reminders, we have a legitimate interest to message you about unpurchased Photos that are still waiting for you. This is also in your favor, because we notice that many Customers tend to purchase their Photos at a later time when reminded about them. If you are certain you don’t want to purchase your Photos, you can request us to delete them and your contact details at anytime. We will also remind you when we are about to delete the Photos.
3) Correspondence data: Personal Data shared in your message, email address (if the correspondence takes place via eMail). If you use the chat function on our Website, Intercom will process various personal data on our behalf, such as your name, contact details, browser settings and earlier correspondence with us. For a full overview of processed data, see this Intercom page.
Purpose(s): We use this information to:
- Correspond with you;
- Help you with your message, question, request or complaint.
Legal basis: We may process these Personal Data, because we have a legitimate interest to do so – i.e. to answer to your message and help you with your question, request or complaint.
4) Payment information: Name and bank account number / IBAN / BIC.
Purpose(s): We use this information to:
- Handle your payment for the Photos;
- Include in our financial administration.
Legal basis: We may process these Personal Data, because we this is necessary to perform our contract with you, i.e. to deliver ourServices. In addition, we have a legal obligation to process include them in our financial administration and comply with tax regulation.
Cookies and similar techniques
Your devices may receive cookies or similar techniques (Cookies) when you use our onlineServices. A Cookie identifies your devices and as such can be deemed Personal Data. Read more on the use of this Personal Data in our Cookie Statement.
How long do we keep the Personal Data?
We store Personal Data for as long as we need it for the above purposes:
Photos and contact information: We will store your Photos and contact details for 400 days after the photoshoot. This allows us to give you enough time and opportunity to purchase your Photos at a later moment. Experience shows that our Customers often want to purchase Photos later on, as a memory to that specific moment/Location. Of course, we will delete your Photos and contact information if you request us to delete them any sooner. Please read more under ‘Privacy rights’. We will also remind you when we are about to delete the Photos.
Correspondence data: We store your data aslong as necessary to deal with your question or complaint. When you contact us via the chat function, Intercom will store the correspondence data for nine (9) months on our behalf.
Payment data: We store these data as long as necessary to complete your purchase and process your payment and keep these data for seven (7) years for tax purposes.
Personal data in our records for the tax authorities: These data are stored for seven (7) years, unless we are legally obliged to retain the data for a longer period.
Do we share your Personal Data with others?
Sharing data with Processors
We use the services of third parties for the processing of Personal Data. These third parties process Personal Data strictly on our behalf and according to our instructions (Processors). These Processors are not allowed to process Personal Data for their own purposes.
The Processors we may use are:
- Amazon WebServices for the storage of the Photos and contact information;
- Intercom for our Customer support services (i.e. chat functions);
- Marketing and analytical tools.
Sharing data with external controllers
For some purposes, we may also (need to) share Personal Data with external parties that process the Personal Data for their own purposes (External Controllers). In this respect, we may share Personal Data with:
- The national tax authorities, in order to comply with our legal obligation to keep a financial administration and pay taxes;
- Our payment providers Mollie and PayPal, which will process your payments for the Photos.
Export of Personal Data outside the European Union
We may transmit Personal Data to parties outside the European Union, if one of our Processors is established outside the European Union. The Personal Data will only be transferred to countries and/or parties that provide an adequate level of protection in accordance with the European data protection standards.
Amendments to this Privacy Statement
We aim to constantly improve our internal procedures, Services and Website. That is why from time to time we can update this Privacy Statement. If we change our Privacy Statement significantly, then we will send you the revised Privacy Statement via the contact details available to us.
Privacy rights and our contact data
As laid down in the GDPR, you and the other people in the Photo have the right to:
- Ask us to rectify or update Personal Data;
- Ask us to remove Personal Data from our systems;
- Ask us for a copy of the Personal Data we process. We can also transmit such copy to another controller when requested;
- Withdraw consent to process Personal Data (where applicable). This only affects the processing activities that are based on consent and does not affect the validity of such processing activities before consent is withdrawn;
- Object to the processing of Personal Data;
- File a complaint with the Dutch Data Protection Authority.
If you have any questions, comments or concerns regarding the manner in which we handle your Personal Data or if you wish to exercise your rights, please contact us through the contact data below:
25 August 2022
All other users
- Data provided by users
- Data created during use of our services
- Data from other sources
Data provided by users. This includes:
- User profile – We collect data when users create or update their Smiler accounts. This may include their name, email, phone number, login name and password, address, profile picture, and photos.
- Demographic data – We may collect demographic data about users, including through user surveys.
- User content – We collect the information users submit when they contact Smiler customer support, provide ratings or compliments for other users, or otherwise contact Smiler.
Data created during use of our services. This includes:
- Location data – We collect precise or approximate location data from a photographer’s mobile device if enabled by the photographer to do so. Smiler collects this data when the Smiler web app is running in the foreground (web app open and onScreen) of their mobile device.
- Transaction information – We may collect transaction information related to the use of our services, including the type of services requested or provided, order details, delivery information, date and time the service was provided, and amount charged.
- Usage data – We collect data about how users interact with our services. This may include data such as access dates and times, features or pages viewed, and type of browser. In some cases, we collect this data through cookies, pixels, tags, and similar tracking technologies that create and maintain unique identifiers. To learn more about these technologies, please see Cookies.
- Device data – We may collect data about the devices used to access our services, including the hardware models, device IP address, operating systems and versions, software and preferred languages.
Data from other sources. This may include:
- User feedback, such as ratings, feedback, or compliments.
How we use personal data
We use your personal data for a number of reasons, in particular:
- Providing services and features – Your personal data helps us to provide, personalize, maintain, and improve our products and services.
- Customer support – Smiler uses the information we collect to provide customer support.
- Research and development – We may use the data we collect for testing, research, analysis, product development, and machine learning to improve the user experience. This helps us to improve and enhance the safety and security of our services, improve our ability to prevent the use of our services for illegal or improper purposes, and develop new features and products.
- Marketing – We may use the data we collect to market our services to our users. This includes sending users communications about Smiler services, features, promotions, surveys, news, updates, and events. We may use the data we collect to personalize the marketing communications that we send, past use of Smiler’s services, and user preferences and settings.
- NonMarketing communications – We may use the data we collect to generate and provide users with receipts; inform them of changes to our terms, services, or policies; or send other communications that aren’t for the purpose of marketing the services or products of Smiler.
- Legal proceedings and requirements – We may use the personal data we collect to investigate or address claims or disputes relating to use of Smiler’s services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.
- Safe payments – We work together with payment service partners, such as Adyen, on all payment transactions. We don't have access to your full payment details, but we may refer to partial information.
Smiler does not sell or share user personal data with third parties for their direct marketing, except with the user’s consent.
How we store and protect personal data
We are committed to safeguarding your personal data against unauthorised usage, modification, publication or deletion of said data. To achieve a high level of protection, we take a variety of both physical and technical security measures. Physical security measures include user protection measures on laptops and computers. Our technical measures include regular website scans to identify security gaps and vulnerabilities.
Your personal data is contained behind secured networks and is only accessible by a limited number of persons with special access rights to such systems. These individuals are specifically required to keep your personal data confidential. All information you exchange with Smiler is encrypted via Transport Layer Security (TLS) technology. Finally, we do not store or have access to your full payment details. Instead, we rely on our PCICompliant payment service partner Adyen to safely store and process this information.
Access your personal data
Cookies are small text files that are placed on your computer or mobile device to collect standard Internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
Smiler strives to not embed cookies with a lifespan longer than one year, although there may be exceptions to this time period. Cookies can be placed on your devices by us or by a third party, such as Google Analytics (Google's official web analytics service). Google Analytics allows us to understand, in aggregate fashion, where visitors land on our website and how they use the site. We cannot disaggregate this data to analyze your individual behavior on our website.
Smiler uses technical, functional, analytical and commercial cookies:
- Technical cookies – These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site.
- Functional cookies – These cookies allow us to remember your preferences, like what language you prefer, or to help you log in automatically.
- Analytical cookies – These cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third party service providers, such as Google Analytics.
- Commercial cookies – These cookies are used for tailoring our emails to your preferences and personalizing online advertisements. Such personalized adverts can also be shown on other websites you visit.
The consent you give us to store and use our and third party cookies can be withdrawn at any time by setting your browser to disable cookies and/or by removing all cookies from your browser. However, please take into account that this may limit your access to certain functions and areas on our platform.
Data Protection Authority
Should you wish to report a complaint or if you feel that Smiler has not addressed your concern in a satisfactory manner, you have the right to report a complaint with the relevant supervisory authority for the protection of personal data. To do so, contact the supervisory authority directly.
Smiler B.V. controls your personal data. Smiler B.V. is a Dutch limited liability company, incorporated under the laws of the Netherlands and registered with the Amsterdam Chamber of Commerce (no. #80689078). Smiler B.V. address is Poortland 66, 1046 BD Amsterdam, The Netherlands.
25 August 2022