Privacy Policy

05/22/2018

What is GDPR?

The General Data Protection Regulation is Europe’s new privacy law.

It raises the bar for the protection of personal data, which is any data that can be linked to an individual.

What does this mean to the average person or organization in simple terms? The GDPR imposes new rules on companies, government agencies, nonprofits, and other organizations. It imposes those rules, regardless of location, on organizations that offer goods and services to people in the European Union (EU) or that collect and analyze data tied to EU residents.

The average person will have more explicit rights under GDPR to know who stores, processes, and has access to their personal data. Under GDPR, EU residents can request access to, rectification of, and deletion of their data.

Why did the EU put GDPR into place? In Europe, privacy is a fundamental right, and the EU is dedicated to protecting it. The EU’s operational philosophy is built on the concept that personal data belongs to the individual. This is different than how the United States operates, where information collected on an individual is seen as the property of the organization that collects it.

Data breaches have become part of our everyday life. And Europe wants to lead the way internationally to require companies to be more principled and transparent around data use and invest in security and data protection. Any company or agency collecting or utilizing personal information may do so only if they have a lawful basis to process the information.

The GDPR applies to anyone who provides goods or services to residents in Europe. Other countries are considering similar laws with some variations, as some countries consider GDPR overly prescriptive.

Data Protection Authorities in the member states, as well as the European Data Protection Board, will monitor GDPR compliance. It takes effect May 25, 2018. It has been made clear that there will be no enforcement grace period, as companies received two years’ notice to prepare for the new regulations.

The GDPR requires enhanced security, data protection, appropriate technical and organizational measures, transparency, record keeping, accountability, and supporting data subject requests. It also requires a 72-hour personal data breach notification by data controllers to the authorities. Responsibility for data protection will be shared within organizations and with vendors, establishing a shared responsibility model.

Introduction

This Privacy Notice explains how SMART Recovery, USA (“SMART Recovery, USA ”, “we” or “us”) collects and processes your Personal Data. Each time you use our Site, the current version of the Privacy Notice will apply. Accordingly, whenever you use our Site, you should check the date of this Privacy Notice (which appears at the top) and review any changes since the last version. This Privacy Notice is applicable to all Site visitors, registered users, and all other users of our Site.

“Personal Data” is any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

By visiting [www.example.com] or using our mobile application, (together the “Site”), you acknowledge that you have read and understood the processes and policies referred to in this Privacy Notice.

Who We Are

For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”), the Data Controller is SMART Recovery, USA, registered in Maryland with a registered address: SMART Recovery Central Office, 7304 Mentor Ave., Suite F, Mentor, OH 44060, USA

Our nominated representative for the purposes of the GDPR is Mark Ruth, Executive Director, Smart Recovery, USA.

Our Data Protection Officer is Miguel Gomez, Managing Director, Transom-Group, who can be contacted by sending an email to mgomez@transom-group.com and cc to: markruth@smartrecovery.org; or by post to: Transom Group Latin America Av. Parque Chapultepec #408 Int 12C; Col. Colinas del Parque, SLP, SLP

How to contact us

If you have any questions or concerns about this Privacy Notice, please contact us using the Contact Us section on our Site.

Alternatively you can contact us by phone at 440.951.5357 by sending an email to information@smartrecovery.org or by mail to SMART Recovery, 7304 Mentor Ave., Ste. F. Mentor, OH 44060

How we collect personal data

Personal Data that you give us

We may collect and process the following Personal Data:

  • Fulfill orders and complete transactions;
  • Provide you with products and services that you request;
  • Communicate with you about your account, respond to your inquiries and send you information as you have requested;
  • Communicate with you about changes to our policies
  • Send you newsletters, promotions, and other communications;
  • Add to or change our products, services and operations;
  • Detect, investigate, and prevent activities that may violate our policies or be illegal; and
  • Perform statistical, demographic, and marketing analyses of users of the Site and Site usage, including analysis of which content or images users click on or hover over.

Personal data we collect from you

With regard to each of your visits to the Site we will automatically collect the following information:

  • IP address
  • Time of visit

Non-Personal Data

We collect information that is sent to us automatically by your web browser and we may use this information to generate aggregate statistics about visitors to our Site, including, without limitation:

  • IP addresses
  • Browser type and plug-in details
  • Device type (e.g., desktop, laptop, tablet, phone, etc.)
  • Operating system
  • Local time zone

We may use non-Personal Data for various business purposes such as providing customer service, fraud prevention, market research, and improving our Site. Please check your web browser if you want to learn what information your browser sends or how to change your settings.

Cookies

Like many websites, our Site uses cookies to distinguish you from other users of the Site. This helps us to analyze the use of the Site to customize and improve the content and the layout of the Site.

When you first access the Site, you will receive a message advising you that cookies are in use. By continuing to browse the Site, you agree to our use of cookies as described in this Privacy Notice.

You do not have to accept our cookies and can block them by activating the setting on your browser that allows you to refuse all or some cookies. You may also delete them after they have been placed on your hard drive. If you do not accept or delete our cookies, some areas of the Site that you access may take more time to work, or may not function properly. For more information about cookies, visit: http://www.allaboutcookies.org.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

  • Strictly necessary cookies
  • Analytical/performance cookies
  • Functionality cookies
  • Targeting cookies
  • Third-party cookies

You can find more information about the individual cookies we use and the purposes for which we use them in the table.

The table below explains the types of cookies we use on our websites and why we use them.

policy-2018

 

“Do not track” signals

We do not respond to web browser“ do not track” signals. As such, your navigation of our Site may be tracked as part of the gathering of quantitative user information described above. If you arrive at our Site by way of a link from a third party site that does respond to “do not track” requests, the recognition of any “do not track” request you have initiated will end as soon as you reach our Site.

How we use your personal data

We will only process your Personal Data, including sharing it with third parties, where (1) you have provided your consent 

which can be withdrawn at any time, (2) the processing is necessary for the performance of a contract to which you are a party, (3) we are required by law, (4) processing is required to protect your vital interests or those of another person, or (5) processing is necessary for the purposes of our legitimate commercial interests, except where such interests are overridden by your rights and interests.

When we share and who can access your personal data

We may share your Personal Data for the purposes described in this Privacy Notice with:

a member of our group partners, suppliers and sub-contractors analytics and search engine providers that assist us in the improvement and optimization of our Site trusted third-party companies and individuals if SMART Recovery, USA  or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.

We will only transfer your Personal Data to trusted third-parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.

Selling your personal data

We will not sell your Personal Data to third parties for their use without your consent.

Children and privacy

Our Site is not directed to children under the age of 13, if you are not 13 years or older, do not use our Site. We do not knowingly collect Personal Data from children under the age of 13. If we learn that Personal Data of persons less than 13 years-of-age has been collected through our Site, we will take the appropriate steps to delete this information.

In accordance with each state’s law, minors under the age of 18 residing in their residential state may remove or request and obtain removal of content and information that they post on the website or app. In order to remove or to request and obtain removal of such content and information, the user must contact us at christif@smartrecovery.org with the subject line Privacy policy for minors

Security and storage

Security

Although we use security measures to help protect your Personal Data against loss, misuse or unauthorized disclosure, we cannot guarantee the security of information transmitted to us over the internet.

Transfer of personal data outside of the European Economic Area (“EEA”) and International users

We will not transfer Personal Data, relating to individuals within the European Economic Area (“EEA”), to third parties

(i.e., those outside of our group), located outside of the EEA without ensuring adequate protection under European law.

Where a third party is located in a country not recognized by the EU Commission as ensuring an adequate level of protection, we will take appropriate steps, such as implementing standard contractual clauses recognized by the EU Commission, to safeguard your Personal Data.

We will share your Personal Data with members of our group outside of the EEA, including our ultimate holding company Smart Recovery International, Inc. and Smart Recovery, USA based in Mentor, Ohio, which is based in the United States, for the purposes described in this Privacy Notice. For transfers to Smart Recovery International, we utilize standard contract clauses recognized by the European Commission. If you would like to obtain a copy of the standard contract clauses, please contact us using the Contact Us section on our Site.

We are headquartered in the United States. Your Personal Data may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants, or service providers who are located worldwide. If you are visiting our Site from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States where our servers are located, and our central database is operated. By using our Service, you consent to any transfer of this information.

How long we store your personal data

We will store your Personal Data, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the Personal Data is processed. We may retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it. Consistent with these requirements, we will try to delete your Personal Data quickly upon request.

We will retain your information for as long as your account is active or as needed to provide you with our Site. If you wish to cancel your account or request that we no longer use your information to provide you service, contact us at information@smartrecovery.org. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We maintain one or more databases to store your Personal Data and may keep such information indefinitely as it relates to our certification training programs.

Where we store your personal data

All information you provide to us is stored on our secure servers.

Any payment transactions will be encrypted [using SSL technology

Unfortunately, the transmission of information via the internet is not completely secure.

Storage (U.S. law specific)

States The Personal Data that you provide to us is generally stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that once your Personal Data is submitted through our Site, it will be transferred to our servers in the United States and that the United States currently does not have uniform data protection laws in place

CC

Correction and removal

If any of the information that we have about you is incorrect, or you wish to have information (including Personal Data) removed from our records, please contact us at information@smartrecovery.org

Opting Out

Additionally, if you prefer not to receive marketing messages from us, please let us know by clicking on the unsubscribe link within any marketing message that you receive, or by sending a message to us at information@smartrecovery.org

Your European Rights

You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you (before collecting your Personal Data) if we intend to use your Personal Data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Data. You can also exercise the right by contacting us using the Contact Us section on our Site.

Under European data protection law, in certain circumstances, you have the right to:

  • Request access to your Personal Data
  • Request correction of your Personal Data
  • Request erasure of your Personal Data
  • Object to processing of your Personal Data
  • Request restriction of processing your Personal Data
  • Request transfer of your Personal Data
  • Withdraw your consent

In addition, where you believe that SMART Recovery, USA has not complied with its obligations under this Privacy Notice or European law, you have the right to make a complaint to an EU Data Protection Authority, such as the UK Information Commissioner’s Office.

You can exercise any of these rights by contacting us using the Contact Us section on our Site.

Your Californian Rights

FOR RESIDENTS OF CALIFORNIA ONLY. Section 1798.83 of the California Civil Code requires select businesses to

disclose policies relating to the sharing of certain categories of your Personal Data with third parties. If you reside in California and have provided your Personal Data to Company, you may request information about our disclosures of certain categories of Personal data to third parties for direct marketing purposes. Such requests must be submitted to us at one of the following addresses: information@smartrecovery.org

Attn: California Privacy Rights
c/o SMART Recovery, USA
7304 Mentor Ave. Ste. F
Mentor, OH 44060

Your rights

Correction and removal

If any of the information that we have about you is incorrect, or you wish to have information (including Personal Data) removed from our records, please contact us at information@smartrecovery.org

Opting Out

Additionally, if you prefer not to receive marketing messages from us, please let us know by clicking on the unsubscribe link within any marketing message that you receive, or by sending a message to us at information@smartrecovery.org

Changes to this Privacy Notice

If we make any material changes to this Privacy Notice or the way we use, share or collect personal Data, we will notify you by revising the “Effective Date” at the top of this Privacy Notice, prominently posting an announcement of the changes on our Site, or sending an email to the email address you most recently provided us (unless we do not have such an email address) prior to the new policy taking effect.

Any changes we make to our Privacy Notice in the future will be posted on this page and, where appropriate, notification sent to you by e-mail. Please check back frequently to see any updates or changes to this Privacy Notice.

Example Scenarios

PDF 08/19/2024

Identifying Unhelpful Thinking Styles Example Scenario