Privacy Policy

1. Who is the Data Controller? 2. What personal data do we collect and how do we process such data? 3. What are the principles and legal bases of processing? 4. What is the purpose and legal basis of each processing? 5. What about marketing communication? 6. How long is your data retained? 7. What are your rights and how can you exercise them? 8. With whom we might share personal information? 9. Transfer of data outside of the European Economic Area (E.E.A.) 10. How is your data secure? 11. Children’s privacy 12. What about social media data? 13. Data Breaches 14. Changes to this Policy

Our Company gives priority to respecting your personal data and takes reasonable measures in order to comply with the applicable laws on the protection of your personal data. The following terms consist an integral part of the terms of use that govern the website as a whole and apply to the users thereof. This Privacy Policy applies in principle to the personal data, as defined in the European General Data Protection Regulation (GDPR), of natural persons (“you” or “your”) located in the European Economic Area, i.e. EU member countries and also Iceland, Liechtenstein and Norway, as well as Switzerland, and, upon its withdrawal from the European Union, the United Kingdom. The EU General Data Protection Regulation (GDPR), Greek Law 4624/2019 for the Protection of Personal Data and Measures for the Implementation of the GDPR and applicable Swiss data protection laws, in particular the Federal Act on Data Protection (FADP), constitute the respective legal framework.

1. Who is the Data Controller?

1.1. The company under the name "SmarterChains SA", Rue de Lausanne 36, 1201 Geneve, Switzerland, with tax registration number CHE-347.879.117, Tax Authority of Geneva, Switzerland, tel. no. +41 22 342 45 81, and email address info@smarterchains.com (hereinafter referred to as the “Company”, “we”, “us”, “our”) is the Data Controller. We are a data controller of your personal data if you are a prospective or current customer, a vendor, a visitor or user of our website (aforementioned categories of data subjects may overlap).

However, please note that with regard to personal data collected through our Services, we serve as a Data Processor. When acting as a data processor, we have certain obligations including only processing personal data at our customers’ instructions reflected in the applicable Master Services Agreement, providing assistance with fulfillment of rights requests, and implementing appropriate security for personal data. We will forward any inquiries, complaints, or requests received from data subjects with respect to the Services to the appropriate customer and await instructions before taking any action.

1.2. Data Protection Officer (DPO) details: dpo@smarterchains.com

1.3. Contact details: For any matter concerning this privacy policy and the processing of your personal data, you can contact us in the following ways:

A) By telephone at 0041 22 342 45 81, 0030 214 444 9325, Monday to Friday 9.30-13.30

B) By e-mail to info@smarterchains.com

C) By post at Rue de Lausanne 36, 1201 Geneva, Switzerland

1.4. Our EU representative is:

Vasilis Karamalegos

Solonos 53, Athens 106 72 Greece

Tel. 0030 214 444 9325

2. What personal data do we collect and how do we process such data?

Your personal data includes any information that allows, by itself or in combination with other, your unique identification. All personal data is processed with your consent and acceptance of the terms of use of each of our services.
We collect for instance, your full name, your job title, your email address and your social media profile. This is information that you enter when you contact us, information you state when you sign up in our website to create a user account, information you enter when you apply to schedule an assessment, information you share with us upon sharing a post from our blog, information you enter upon submitting your application to participate in the 1st CPG Factory of the Future Benchmarking Study®, or when you sign up voluntarily to receive marketing communication (newsletters), or to update your preferences, as well as information regarding the operation of the website, for instance information that the Company collects automatically (such as your ip address, your operating system, your browser type and version, etc., when entering and navigating our webpages) or by using cookies. In addition, please note that it is possible to collect data as aggregated and only statistical data, taking all the necessary safeguards so that your identification is not possible.
This information is registered in electronic media, such as your equipment or terminal identifiers, computer, smartphone, tablet, web browser history, log files, cookies, etc.
Moreover, we may process your personal data when you contact our offices or our customer service staff, depending on the nature of the call, by recording the content of your calls and your communication with our employees, having been notified about this recording and after you have provided a valid consent to such recording, for one of the following purposes:

i. processing necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract
ii. processing is necessary for our compliance with our legal obligations
iii. processing is necessary in order to protect the vital interests of you or of another natural person that participates in the call
iv. processing is necessary for reasons of public interest.
Please note that we may share certain personal data, when entering into commercial partnerships with third parties, for the fulfillment of such partnership.

We also inform you that process of your data is possible when we receive documents, requests, orders, court applications, warrants, etc. of third parties, such as supervisory, prosecutional, judicial, tax authorities, for investigating crimes and your protection against fraud or for combating all forms of crime and infringements of rights.

3. What are the principles and legal bases of processing?

The Company and its trained staff apply all Processing Principles set in GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability). The Company protects and safeguards all your Rights regarding the use of your Personal Data (information, access, rectification, erasure, restriction of processing, portability, objection and non-automated individual decision-making, including profiling).

The legal bases of collection and processing are the following:

  • Your consent → to sign up and create a user account, to receive your assessment, to receive communication from the Company for customer service purposes, to receive direct marketing communication from the Company

    When you give us your consent to any of the above, you may withdraw it at any time for the future by contacting the Company, as well as by unsubscribing at the corresponding hyperlink in the contact email.

  • Our legitimate interest →to identify you where necessary -and to your advantage for the avoidance of fraud or security breach-, to develop our business activity and to manage and optimize our technical systems, as well as to effect commercial collaborations, to adopt tools / means of customer service, prior and following our contractual relationship, as well as to manage any of your issues/requests in the best possible way based on your needs for your benefit as is reasonably expected, for the security of your User Account, for direct marketing communication with you -if you are our customer-, and for statistical analysis and processing of aggregated data to improve our products and services, without identifying a particular subject and without prejudice to the rights and freedoms of the data subjects.

    When the legal basis is the legitimate interest, you have the right to object to the above processing on a case-by-case process. It should be noted, however, that the Company is entitled to invoke compelling and legitimate reasons for continuing such processing (e.g. tax obligations, resolution of disputes, etc.).

  • The performance of a contract that the Company undertakes to fulfill towards you, within the context of our contract for the provision of our services.
  • Compliance with the company's legal obligation to comply with tax obligations and provisions as well as other legal requirements during the performance of the contract.

4. What is the purpose and legal basis of each processing?

Purpose of ProcessingLegal Basis of Processing
Signing upCreation and Management of your User Accounta) Your consent to sign up to our website and create a User Account.
b) The legitimate interest of our company in securing your account and identifying you where necessary
To execute contracts to which you are a party or to take steps to enter into such contracts at your request and other legal documentationa) performance of the contract
b) Compliance with our legal obligation
Website operation including information securitya) The legitimate interest of our company for technical excellence and safety by combating cyber attacks and defending against malicious programs
b) The legitimate interest of our company in the development of our business activity and in the management and optimization of the technical systems by tracking Website and Services usage.
Customer service, management of your requests/queries, communicationa) compliance with the Company's legal obligation to adopt customer service tools / means
b) the legitimate interest of the company in optimizing its customer service
c) your consent to receive communication by the Company for customer service
d) performance of the contract
To conduct a study, including to provide you with a study reporta) the legitimate interest of the company to evaluate the results of the study to improve its product and services
b) performance of the contract
Services demonstrationa) performance of the contract
b) The legitimate interest of the Companyto set up demonstrations for prospective or existing customers pursuant to their request
Statistical analysis including:- Evaluation and improvement of business processes- Research and analysis for better understanding of the needs of the Company’s customers- Assessment for the launch of new services etc.The legitimate interest of the Company to improve its product and services

Note: Processing of any optional information you fill in, is based on your prior consent to us by filling in these details.

5. What about marketing communication?

Purpose of ProcessingLegal Basis of Processing
Direct Marketing Communication.Your prior consent.- You may choose to receive marketing communication from us at an email address that you provide to us.- You can withdraw your consent at any time by communicating at the Company's details, as well as by unsubscribing at the corresponding hyperlink in the contact email.
Direct Marketing Communication to customers of the Company who have bought a product or service from us and the marketing communication is related to the promotion of similar products or services or other similar advertising purposes.The legitimate interest of the CompanyYou may object at any time to such processing and request to opt-out by clicking the unsubscribe link at your e-mail or by communicating at any of our Company's contact details.

Note 1: In order to continuously improve the content of our newsletters, we count and store the opening rates and clicks, i.e., if you open our emails, what is the content of the emails that you open, as well as if and why our emails may not have been delivered. We may also use this data for statistical purposes. These processing operations are based on our legitimate interest in optimizing our communication with you. You can always disable this processing by communicating at any of our Company's contact details.

Note 2: In the event that for any reason any technical tools that we provide are delayed in responding to your request for removal from our marketing recipients list, please contact us immediately with the other contact details so that we can promptly satisfy your request.

6. How long is your data retained?

  • We will retain your personal data for as long as you continue to interact with us and it is necessary to fulfill the processing purposes described above (for instance, if you are signed up to receive marketing communication from us, etc.). We retain your data until you request its deletion, unless retention is imposed on the basis of a statutory obligation (e.g. tax purposes). In any case, the data is deleted immediately after the purposes for which it is retained are fulfilled, while some data is retained anonymized or pseudonymized for statistical analysis purposes.
  • Your contact data for the purpose of marketing communication shall be retained for three (3) years from your last contact with us or until your consent has been withdrawn. Please note that, this does not apply to data that is required to retain for the performance of a contract and / or to fulfill our statutory obligations (e.g. tax obligations).

7. What are your rights and how can you exercise them?

Our website users may exercise certain rights regarding their personal data processed by us. Please see the table below for more details. Your rights can be exercised at the Company's contact details.

Right of informationWe must provide you with all the necessary information regarding the processing of your personal data, including as to what data are being processed, for what purposes, how long the data will be stored, in a concise, transparent, easy to understand and easily accessible format, using clear and plain language.
Right of accessYou have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed and, where that is the case, you have the right of access to such personal data and obtain a copy of the Data undergoing processing. This information may include what data we have, why we use it, to whom we notify it, whether we transfer it abroad, how we protect it, how long we retain it, what rights you have, how you can submit a complaint or from where we took your data.
Right to rectificationYou have the right to verify the accuracy of your data and request from us the rectification of inaccurate personal data concerning you and the completion of incomplete information about you
Right to erasureYou have the right, under certain circumstances, to request the erasure of your personal data. In particular, you can request to erase your personal data:
  • at any time when they are no longer needed for the purposes for which they were collected or
  • if they have been illegally processed
We can retain your data if processing of your personal data is necessary:
  • to comply with a legal obligation
  • to fulfill another legitimate purpose or other legal basis; or
  • for the establishment, exercise or defense of legal requirements of our Company.
Right to restriction of processingYou have the right, under certain circumstances, to obtain from us the restriction of your processing. In particular, you may request to restrict your personal data when:
  • their accuracy is being questioned so that we can verify their accuracy or
  • processing is illegal, but you do not want it to be deleted or
  • it is no longer necessary for the purposes for which it was collected, but we still need it for the establishment, exercise or defense of legal requirements, or there is another legitimate processing purpose or other legal basis.
Right to object to processingYou have the right to object, at any time to processing of personal data concerning you, which has as its legal basis the legitimate interest of the Company or performance of a task carried out for reasons of public interest. We, in that case, shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as data subject or for the establishment, exercise or defense of legal claims.
Right to obtain human intervention in automated individual decision-making processingYou have the right to request from us to not be subject, if applicable, to a decision process based solely on automated processing including profiling, which produces legal effects concerning you or significantly affects you.
Right to data portabilityYou have the right to request from us to receive your personal data in a structured, commonly used and machine-readable or to be transmitted to another controller without hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, or a contract which the User is part of or on pre-contractual obligations thereof.However, this right concerns only the data provided by the subject and not data obtained by the controller based on the data provided to the controller by the subject
Right to withdraw consentYou have the right at any time to withdraw your consent whenever consent is the legal basis for processing your personal information. Withdrawal is valid for the future.
Right to lodge a complaintYou have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable law. You may find a list of all EEA countries data protection authorities and their contact details here and for Switzerland here.However, we would appreciate if we are offered the opportunity to deal with your concerns before you approach the data protection authority and so please contact us before, using the contact information mentioned in the present Privacy Policy.

Note: We reserve the right to ask you for proof of your identity, if you are applying for the exercise of your rights. These requests can be exercised free of charge and we will reply as soon as possible. In general, we reply to valid requests within one (1) month of their receipt, but if the request requires more time then we will inform you accordingly (within one month). In any case, you should give specific and true details and / or facts in order to be able to reply to and / or satisfy your request accurately, otherwise we reserve the right to make any errors that are beyond our control. We also reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive and we may refuse requests that are abusive or inaccurate or generally illegal.

8. With whom we might share personal information?

Our personnel may receive and process your personal data for the purposes of processing described in this Policy.

We may share personal data and information we collect about our users with third parties in the context of the general operation and functioning of our website and always in a way that guarantees that your personal data and the information that we collect about you is not subject to any unlawful processing, i.e. processed for purposes other than the following purposes.

When transmitting your personal data, we always ensure the highest possible level of security. As a result, your data will only be transmitted to service providers and co-operating companies, which are carefully selected and bound by a contract in advance. Indicatively, such affiliated companies are:

  • third-party subcontractors and/or our service providers who may provide on behalf of SmarterChains technical, operational and marketing services, such as but not limited to hosting, IT and technical support, newsletter delivery services, data analysis or other support services from time to time, strictly for the purpose of providing their services to us, appointed, if necessary, as our Data Processors.
  • our consultants (including financial, legal and other consultants) within the context of our Company’s lawful operation.
  • special successors: In the event that our company undergoes a business transition such as a merger, joint venture, acquisition by another company or sale of the whole or part of the Company assets, including personal information may be transferred to the successor entity/ in case of such change. If material changes to our privacy practices will occur as a result of the business transition, we will notify you and other users of the business transition prior to transferring your personal information.

Also, if you are accessing websites of third parties, affiliates or no-affiliates of our Company through our website, our Company has no involvement in the collection and processing of your data, which is effected by the third-party webmasters of the websites you enter. Therefore, you are invited to consult the respective privacy policy on the website you are visiting.

Furthermore, we will also respond to requests for personal data where required to do so by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.

9. Transfer of data outside of the European Economic Area (E.E.A.)

The Company generally maintains your personal data within the European Economic Area (EEA). Please note also that the European Commission has recognized Switzerland as providing adequate protection (2000/518/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland). The effect of such a decision is that personal data can flow from the EU (and Norway, Liechtenstein and Iceland) to Switzerland without any further safeguard being necessary. In others words, transfers to the country in question will be assimilated to intra-EU transmissions of data.

Any transfer of your personal data from the EEA, Switzerland or the United Kingdom to the USA shall be effected under the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.

Where data is to be transmitted to third countries outside the European Economic Area for which no European Commission’s adequacy decision is available or to International Organizations, all the appropriate safeguards provided for in the applicable data protection legislation regarding transfers to third countries are taken.

10. How is your data secure?

You should not disclose your User Account details (username, password) to any third parties and you should protect it from any unauthorized access to it.

We take and maintain appropriate technical and organizational security measures designed to prevent and reduce the risk of unauthorized access, disclosure, modification, or accidental destruction of personal information appropriate to the nature of the information concerned. The data you submit to us are managed exclusively by specifically authorized personnel of the Company acting under its control and according to its orders, or those of the recipients, where appropriate. In order to conduct the processing, we select persons with corresponding professional qualifications that provide sufficient guarantees in terms of technical knowledge and personal integrity to maintain confidentiality. Where applicable, we use encryption and other technologies that can assist in securing the information you provide. We also require our processors to comply with strict data privacy and security requirements. While we take reasonable steps to protect your personal data, as the security of information depends in part on the security of the computer you use to communicate with us and the security you use, you accept the inherent security implications of dealing on-line over the Internet and will not hold us or our data processors responsible for any data breach unless it is due to our negligence. In any case, the security of your data in the website’s environment is subject to reasons beyond the company’s sphere of influence, as well as reasons resulting from technical or other failure of the network that is not controlled by the Company, or reasons of force majeure or events of chance.

For the best possible protection of your personal data outside the limits of our control, your device should be protected (such as by updated antivirus systems) and your internet service provider should take appropriate measures for the security of network data transmission (such as, anti-spam filtering).

11. Children’s privacy

We will not knowingly collect, any personal information from any person under the minimum legal age depending the relevant data protection legislation limits on the country of his/her residence. If you are younger than the minimum legal age please do not use or provide any information on this website or through any of its features, and do not give any information about you to us, including your name, your address, your phone number or your e-mail address.

If we find that we have collected or received personal data from a child younger than the minimum legal age we will delete such information, unless consent or authorization has been given by the child’s guardian.

If you post, comment, indicate interest, or share personal information, to any social network, or other such shared fora, please be aware that any personal information you submit can be read, viewed, collected, or used by other users of these social networks, and could be used for purposes that neither you nor we have control over.

12. What about social media data?

We have pages on social media platforms, such as Facebook, LinkedIn, YouTube, or Twitter, where you can visit and communicate with us. If you use a social media plugin set on our website, for instance in our Blog, information can be transferred directly from your device to the social media provider. We have no influence on the data collected by the plugin. If you are logged in to the social network, a link can be established between your user account there and the use of our website.

If you interact with the plugins, for instance by clicking on "Like", "Follow" or "Share", or by writing a comment, this information may automatically appear in your profile on the social network. Please note that plugins may send your IP address to social media providers, even if you are not logged in.

If you post, comment, indicate interest, or share personal information, to any social network, or other such shared fora, please be aware that any personal information you submit can be read, viewed, collected, or used by other users of these social networks, and could be used for purposes that neither you nor we have control over.

13. Data Breaches

We will report any unlawful data breach of this website to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen.

14. Changes to this Policy

We reserve the right to amend this Policy, for example to comply with the new requirements imposed by applicable laws, directives, or technical requirements or in the event of revision of our procedures or practices.

Last updated on 13.12.2019

Bring the Smart Transformation
to your Organization