1. Introduction Smartool (“we,” “us,” or “our”) is committed to safeguarding the privacy and security of your personal information. This Privacy Policy governs the collection, use, disclosure, and protection of data related to our products (commercial ice cream machines, ice makers, snow cone machines) and services. By accessing our website, purchasing products, or engaging with our support team, you consent to the practices described herein. 2. Scope and Applicability This policy applies to:
    • Customers and visitors of www.smartoolusa.com.
    • Users interacting with our sales, support, or social media channels.
    • Business partners and distributors.
4. Types of Data Collected We may collect and process the following categories of data:
    • Personal Identifiers: Name, email, phone number, billing/shipping address.
    • Commercial Data: Purchase history, warranty registrations, transaction records.
    • Technical Data: IP address, device type, browser, cookies, usage patterns.
    • Customer Support Data: Service requests, repair records, communication logs.
    • Marketing Preferences: Opt-ins for newsletters, promotions, or surveys.
5. Legal Basis for Processing We process data under the following lawful grounds:
    • Contractual Necessity: To fulfill orders, provide warranties, and deliver customer support.
    • Legitimate Interests: Improving products, fraud prevention, and marketing our services.
    • Consent: For non-essential cookies or promotional communications (withdrawable at any time).
6. How We Use Your Information
Purpose Data Categories Legal Basis
Order processing and shipping Identifiers, Commercial Contractual
Technical support and warranties Identifiers, Support Data Contractual/Legitimate Interests
Website analytics and optimization Technical, Usage Legitimate Interests
Marketing communications (email/SMS) Identifiers, Preferences Consent
Compliance with legal obligations All categories Legal Requirement
7. Data Sharing and Third Parties We disclose information only as necessary to:
    • Service Providers: Payment processors (e.g., Stripe, PayPal), logistics partners (FedEx, UPS), and IT infrastructure providers.
    • Legal Authorities: To comply with subpoenas, court orders, or regulatory requirements.
    • Business Transfers: In mergers, acquisitions, or asset sales, with confidentiality safeguards.
Third-Party Links: Our website may include links to external sites (e.g., social media). We are not responsible for their privacy practices.
8. International Data Transfers Data may be transferred to and processed in countries outside your jurisdiction, including the U.S. and the EU. We ensure safeguards such as:
    • Standard Contractual Clauses (SCCs) for EU/UK data transfers.
    • Compliance with the EU-U.S. Data Privacy Framework (DPF) where applicable.
9. User Rights and Choices Depending on residency, you may exercise the following rights:
    • Access/Portability: Request a copy of your data in a structured format.
    • Correction: Update inaccurate or incomplete information.
    • Deletion: Erase data under specific conditions (e.g., withdrawal of consent).
    • Opt-Out: Unsubscribe from marketing emails via the “unsubscribe” link or by contacting us.
    • Restrict Processing: Limit how we use your data (e.g., during a dispute).
    • Object: Challenge processing based on legitimate interests.
CCPA-Specific Rights (California Residents):
    • Right to know categories of data collected and disclosed.
    • Right to opt out of “sales” or “sharing” of personal information (we do not sell data).
    • Right to non-discrimination for exercising privacy rights.
To Submit Requests: 📧 Email: [email protected] 📞 +1 (213) 578-5666 We will verify your identity and respond within 45 days (extensions permitted under law).
10. Data Security Measures We employ technical and organizational safeguards, including:
    • Encryption: SSL/TLS for data transmission, AES-256 for stored sensitive data.
    • Access Controls: Role-based permissions and multi-factor authentication.
    • Audits: Regular vulnerability assessments and penetration testing.
    • Employee Training: Annual privacy and security compliance programs.
Incident Response: In the event of a data breach, we will notify affected users and regulators as required by law (e.g., within 72 hours under GDPR).
11. Data Retention We retain personal data only as long as necessary for:
    • Fulfilling contractual obligations (e.g., warranty periods).
    • Compliance with tax, consumer, or product safety laws (typically 7 years).
    • Resolving disputes or enforcing agreements.
Anonymized data may be retained indefinitely for analytics.
12. Cookies and Tracking Technologies Our website uses:
    • Essential Cookies: Enable core functions (e.g., shopping cart).
    • Analytics Cookies: Google Analytics to track traffic and engagement.
    • Advertising Cookies: Retargeting via platforms like Meta and Google Ads.
Manage Preferences: Adjust settings via our Cookie Consent Banner or browser configurations.
13. Children’s Privacy Our services are not directed to individuals under 16. We do not knowingly collect minors’ data. Contact us immediately if you believe a child has submitted information unintentionally.
14. Policy Updates Material changes will be communicated via email or website notices 30 days prior to effect. Minor updates will reflect a revised “Last Updated” date.
16. Dispute Resolution Complaints may be filed with your local data protection authority. For U.S. residents, disputes may be resolved through binding arbitration under AAA rules.
Version: 2025-R1 | 📆 Last revised: [03/31/2025]