1. Introduction
Smartool (“we,” “us,” or “our”) is committed to safeguarding the privacy and security of your personal information. This Privacy Policy governs the collection, use, disclosure, and protection of data related to our products (commercial ice cream machines, ice makers, snow cone machines) and services. By accessing our website, purchasing products, or engaging with our support team, you consent to the practices described herein.
2. Scope and Applicability
This policy applies to:
- Customers and visitors of www.smartoolusa.com.
- Users interacting with our sales, support, or social media channels.
- Business partners and distributors.
3. Data Controller Information
Smartool operates as the data controller for personal information processed under this policy.
📍 Registered Address:
30 N Gould St Ste N, Sheridan, WY 82801
📧 Data Protection Officer: [email protected]
4. Types of Data Collected
We may collect and process the following categories of data:
- Personal Identifiers: Name, email, phone number, billing/shipping address.
- Commercial Data: Purchase history, warranty registrations, transaction records.
- Technical Data: IP address, device type, browser, cookies, usage patterns.
- Customer Support Data: Service requests, repair records, communication logs.
- Marketing Preferences: Opt-ins for newsletters, promotions, or surveys.
5. Legal Basis for Processing
We process data under the following lawful grounds:
- Contractual Necessity: To fulfill orders, provide warranties, and deliver customer support.
- Legitimate Interests: Improving products, fraud prevention, and marketing our services.
- Consent: For non-essential cookies or promotional communications (withdrawable at any time).
6. How We Use Your Information
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Order processing and shipping | Identifiers, Commercial | Contractual |
| Technical support and warranties | Identifiers, Support Data | Contractual/Legitimate Interests |
| Website analytics and optimization | Technical, Usage | Legitimate Interests |
| Marketing communications (email/SMS) | Identifiers, Preferences | Consent |
| Compliance with legal obligations | All categories | Legal Requirement |
7. Data Sharing and Third Parties
We disclose information only as necessary to:
- Service Providers: Payment processors (e.g., Stripe, PayPal), logistics partners (FedEx, UPS), and IT infrastructure providers.
- Legal Authorities: To comply with subpoenas, court orders, or regulatory requirements.
- Business Transfers: In mergers, acquisitions, or asset sales, with confidentiality safeguards.
Third-Party Links: Our website may include links to external sites (e.g., social media). We are not responsible for their privacy practices.
8. International Data Transfers
Data may be transferred to and processed in countries outside your jurisdiction, including the U.S. and the EU. We ensure safeguards such as:
- Standard Contractual Clauses (SCCs) for EU/UK data transfers.
- Compliance with the EU-U.S. Data Privacy Framework (DPF) where applicable.
9. User Rights and Choices
Depending on residency, you may exercise the following rights:
- Access/Portability: Request a copy of your data in a structured format.
- Correction: Update inaccurate or incomplete information.
- Deletion: Erase data under specific conditions (e.g., withdrawal of consent).
- Opt-Out: Unsubscribe from marketing emails via the “unsubscribe” link or by contacting us.
- Restrict Processing: Limit how we use your data (e.g., during a dispute).
- Object: Challenge processing based on legitimate interests.
CCPA-Specific Rights (California Residents):
- Right to know categories of data collected and disclosed.
- Right to opt out of “sales” or “sharing” of personal information (we do not sell data).
- Right to non-discrimination for exercising privacy rights.
To Submit Requests:
📧 Email: [email protected]
📞 +1 (213) 578-5666
We will verify your identity and respond within 45 days (extensions permitted under law).
10. Data Security Measures
We employ technical and organizational safeguards, including:
- Encryption: SSL/TLS for data transmission, AES-256 for stored sensitive data.
- Access Controls: Role-based permissions and multi-factor authentication.
- Audits: Regular vulnerability assessments and penetration testing.
- Employee Training: Annual privacy and security compliance programs.
Incident Response: In the event of a data breach, we will notify affected users and regulators as required by law (e.g., within 72 hours under GDPR).
11. Data Retention
We retain personal data only as long as necessary for:
- Fulfilling contractual obligations (e.g., warranty periods).
- Compliance with tax, consumer, or product safety laws (typically 7 years).
- Resolving disputes or enforcing agreements.
Anonymized data may be retained indefinitely for analytics.
12. Cookies and Tracking Technologies
Our website uses:
- Essential Cookies: Enable core functions (e.g., shopping cart).
- Analytics Cookies: Google Analytics to track traffic and engagement.
- Advertising Cookies: Retargeting via platforms like Meta and Google Ads.
Manage Preferences: Adjust settings via our Cookie Consent Banner or browser configurations.
13. Children’s Privacy
Our services are not directed to individuals under 16. We do not knowingly collect minors’ data. Contact us immediately if you believe a child has submitted information unintentionally.
14. Policy Updates
Material changes will be communicated via email or website notices 30 days prior to effect. Minor updates will reflect a revised “Last Updated” date.
15. Contact Information
For privacy-related inquiries, complaints, or to exercise your rights:
📞 Support: +1 (213) 578-5666
📧 General: [email protected]
📍 Mailing Address:
Attn: Privacy Office
Smartoolusa
30 N Gould St Ste N Sheridan, WY 82801
16. Dispute Resolution
Complaints may be filed with your local data protection authority. For U.S. residents, disputes may be resolved through binding arbitration under AAA rules.
Version: 2025-R1 | 📆 Last revised: [03/31/2025]