PRIVACY STATEMENT FOR SMARTSIGN2GO DIGITAL SIGNAGE SOFTWARE AS A SERVICE (SaaS)

There are different ways you can use our services – to communicate with your customers, to inform personnel or create new content. You share information with us, for example by creating an account and creating content. As you use our services, we want you to be informed on how we’re using information and the ways in which you can protect your privacy.

Our Privacy Policy explains:

What information we collect and why we collect it.
How we use that information.
The choices we offer, including how to access and update information.

We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses and browsers, then read about this glossary first. Your privacy matters to SmartSign2go so whether you are new or a long-time user, please do take the time to get to know our practices – and if you have any questions contact us.

Principles

At SmartSign2go, we believe that the less information we know about you, the better. After all, it is impossible to lose, misuse, or abuse information we don’t have. To the extent that we have control over your data or data about you, we see ourselves as custodians of that data on your behalf.

We use your data solely to provide you with services in which you enroll. Our business is providing digital signage services to you, the customer. We have no desire or interest to use or transfer the limited data we acquire for any other purposes.

Who We Are

SmartSign2go is a American company located at 2910 #1 Canyon Rd, Wenatchee, WA 98801 USA. You can find SmartSign2go on the internet at SmartSign2go.com. At the URL SmartSign2go.com only information about our service is provided and players and subscriptions can be bought. The actual digital signage service is available from the URL playr.biz.

Information We Collect

We collect information to provide a better user experience to you specifically. From basic stuff like which language you speak and your name and email to identify and contact you, to more complex things like billing information.

We collect the following types of data in the following ways:

Signage Data

Signage Data is data that users enter and upload into our service to use as signage content. This data can only be managed and modified over an HTTPS connection that requires a valid username/password combination to establish. This data is stored on Amazon AWS data servers and is backed up daily, to two different geographical locations on alternate days. The Signage Data is transferred for playback to the players using a HTTP connection since it is considered to be for public consumption when shown on screens. It is possible to protect Signage Data that is transferred to players for playback when using the Pro subscription.

Service data that you give us

For example, we require you to sign up for an account (either a trial or paid) to use our service. When you do, we’ll ask for personal information, like your name, company name and email address. For a paid subscription additional information such as telephone number or credit card.

We retain the right to hold and use Service Data to provide our services, report usage and to provide our payment processors with the information they need to process payments.

Diagnostic data that we get from your use of our services

We collect information about the services that you use and how you use them. This information includes:

Device information
We collect device-specific information (such as operating system version and possibly a unique device identifier). SmartSign2go does not associate this information to any third party services or data. This information may be used to uniquely identify a player in order to show the correct content, to help us support you when you report a problem and to check that the number of concurrently active players does not exceed the number of licensed devices.
Log information
When you use our services or view content provided by SmartSign2go, we automatically collect and store certain information in server logs. This includes:
- details of how you used our service to play back your content.
- Internet protocol address.
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your account. Log information is typically kept for a few weeks to enable "post mortem" analyses of problems and to analyse short term trends.
Location information
When you use SmartSign2go, we may collect and process information about your location. This is only an estimation of your location that is made by from your IP address. This location can be quite inaccurate. The location is used to infer the time zone you are using. This time zone information can easily be overruled by setting the time zone for your company or the player.
Unique application numbers
Certain devices include a unique device/application number when they communicate with our services. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall our Android or ChromeOS app or when that service periodically contacts our servers, such as for automatic updates.
Local storage
We may collect and store information (including non personally identifiable information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
Cookies and similar technologies
We may use cookies or similar technologies to identify your browser or device. We use Google Analytics on our publicly accessible website to analyze the traffic. This information is not linked with information about visits to other sites except the sites and services of our payment providers. The aim of this is to access how successful we are in selling visitors of our website our subscriptions.

Information we collect when you are signed in to SmartSign2go is not associated with any third party service or data sets.

How We Use Information We Collect

We basically use the information that you give us and that we collect to offer you the best experience of our service, improve and extend our services and to protect SmartSign2go and our users.

When you contact SmartSign2go, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

We use information collected from cookies and other technologies to improve your user experience, the overall quality of our services and to help in supporting our users when they report problems or pro actively analysing trends to prevent issues.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

SmartSign2go processes personal information on our servers in several countries around the world. We may process your personal information on a server located outside the country where you live.

Transparency And Choice

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:

Review and control your personal information tied to your SmartSign2go account by using the Settings page (you can find the link to that page at the top of your Dashboard if you are an administrator, if you are not an administrator please contact the administrator within your company).

You may also set your browser to block all cookies, including cookies associated with our service, or to indicate when a cookie is being set by us. However, it’s important to remember that you might see small differences in how our service functions if your cookies are disabled. For example, we may not remember your dashboard status.

Information You Share

Although most users intend to use SmartSign2go to publish/share information with an audience it may not be appropriate in all circumstances to share all the information that SmartSign2go enables you to. SmartSign2go offers means to mitigate this risk but can not prevent its users from unintended sharing of secret or inappropriate content.

Information once shared by SmartSign2go may be forever part of the public domain. This is the inherent flip side of the technology that SmartSign2go is build upon and offers the many benefits that SmartSign2go users can leverage.

For accounts that use a Smart or Full subscription the URL of a SmartSign2go channel is enough to play back the content that is published/shared on that channel. The Pro subscription offers protection against unwanted/unintended play back. This protection has to be configured on the company settings screen.

SmartSign2go may show content from third party services such as Facebook, Twitter, Instagram and other services. To access the information of these third party services an industry standard technology called OAuth2 is used. This technology ensures that the user grants SmartSign2go specific access rights to the content of one specific service. This access right can be revoked at any time by the user by logging into the third party service. This access to a specific service can also be managed in the SmartSign2go Settings screen.

Accessing And Updating Your Personal Information

Whenever you use our services, we aim to provide you with full access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request. A user with limited rights might have to ask a user with administrator rights within its company to change the information for him/her.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

Data Processing Agreement (GDPR)

Data Location and Transfer

SmartSign2go.com (and SmartSign2go.*)

The SmartSign2go.com website contains no Signage nor Service Data. The servers running the website are located in the USA (Shopify/AWS).
Service Data is sent to and stored by data processors; SmartSign2go (playr.biz), Stripe, Cartfunnel, and Shopify

playr.biz

Signage and Service Data is stored on servers running the digital signage service located in the USA (Heroku, Amazon AWS)
Signage and Service Data access is restricted to members of our staff residing in the USA and the EU.

Third-Party Data Processors

Your Secure and Service data are held by third party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. Links to descriptions of relevant policies and certifications of each of these parties are given.

Heroku and Salesforce (Heroku is a subsidiary of Salesforce)

Security: https://www.heroku.com/policy/security
GDPR: https://www.salesforce.com/eu/campaign/gdpr/
Privacy: https://www.salesforce.com/company/privacy/

Amazon AWS

Cartfunnel

Security & Privacy: https://cartfunnel.com/privacy/

Stripe

Security & Privacy: https://stripe.com/privacy

Shopify

Security: https://www.shopify.com/legal/terms
Privacy: https://www.shopify.com/legal/privacy

Google G Suite

Security: https://cloud.google.com/security/
GDPR: https://cloud.google.com/security/gdpr/, as pdf: https://services.google.com/fh/files/misc/google_cloud_and_the_gdpr_english.pdf
Privacy: https://policies.google.com/privacy?hl=en

Klaviyo

Security: https://www.klaviyo.com/terms-of-service
Privacy: https://www.klaviyo.com/privacy

Information We Share

We do not share personal information with companies, organisations and individuals outside of SmartSign2go unless one of the following circumstances applies:

With your consent
We may share personal information with companies, organisations or individuals outside of SmartSign2go when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.
For external payment processing
We provide personal information to our PCI compliant payment providers to enable them to do financial transactions for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. SmartSign2go does not store credit card information and our systems cannot do financial transactions directly. These measures are aimed at protecting our users against fraud.
For legal reasons
We will share personal information with companies, organizations or individuals outside of SmartSign2go if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of SmartSign2go, our users or the public as required or permitted by law.

If SmartSign2go is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

Information Security

We work hard to protect SmartSign2go and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

We encrypt access to our services that require a user account using SSL.
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
We restrict access to personal information to SmartSign2go employees and contractors who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Breach Notification

If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.

When This Privacy Policy Applies

Our Privacy Policy applies to all of the services offered by SmartSign2go.

Our Privacy Policy does not apply to services offered by other companies or individuals, including the companies of our users and products or sites that may be displayed to you on devices used by our users. Our Privacy Policy does not cover the information practices of other companies and organisations who advertise our services, and who may use cookies and other technologies to serve and offer relevant ads.

Compliance And Cooperation With Regulatory Authorities

We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

GDPR

The European GDPR law explicitely refers to a number of rights you as a user have concerning SmartSign2go's handling of personal data.

Data Portability

We want happy customers, not trapped ones. We will not lock you out of your own data. You may export your SmartSign2go data at any time you wish during the life of your account. If you discontinue payment, your account will enter a frozen (read-only) state for a period not less than two months during which you may still retrieve and export your data after you have contacted us via email.

Export is limited to a part of your Signage Data (images, videos).

Your Right to Knowing to What We Know

You have the right to know what we know about you and to see how that data is handled. All Signage and Service data that we have about an account and its users is accessible to the account owner via her/his dashboard. The only data that is not available is the detailed status of the payment process. Any relevant exceptions to those processes will be communicated to you as soon as possible since they mean we did not receive your subscription fee.

You can send requests for information to our support department (support@smartsign2go.com) that we will gladly fulfill, however, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.

Your Right to Have Your Data Erased

As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first end your subscription. After the subscription has been ended, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 72 hours.

Disaster recovery and data availability requirements mean that SmartSign2go has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.

Automated decisions and profiling

SmartSign2go does not use profiling of Users based on Service Data

Changes to our Privacy Policy

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

Version History

January 12th 2020: Expanded detail regarding SmartSign2go service. Updates with regards to GDPR in the paragraphs: Principles, Information we collect, Data processing agreement, Information we share, Information security, GDPR
December 1st 2011: Initial version

PRIVACY STATEMENT FOR OUR ONLINE STORE

----

SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.

SECTION 2 - CONSENT

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at office@smartsign2go.com or mailing us at: SmartSign2go 2910 Number 1 Canyon Road Wenatchee WA USA 98801

SECTION 3 - DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SECTION 4 - SHOPIFY

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

Payment:

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.

SECTION 5 - THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Links

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

SECTION 6 - SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

SECTION 7 - COOKIES

Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.

_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits

_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

_secure_session_id, unique token, sessional

storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

SECTION 8 - AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

SECTION 9 - CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at office@smartsign2go.com or by mail at SmartSign2go

[Re: Privacy Compliance Officer]

[2910 Number 1 Canyon Road Wenatchee WA USA 98801]

----