Privacy Policy
Last updated: December 2024
At SmartPrints UK, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
SmartPrints UK is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@smartprintsuk.com.
2. Information We Collect
We collect different types of information depending on how you interact with our service:
2.1 Information You Provide
- Account Information: Email address, name, and authentication details when you create an account via Clerk
- Activity Data: Child's first name, age group, and topic preferences you enter to generate activities
- Payment Information: Billing details processed securely through Stripe (we do not store full card numbers)
- Communications: Information you provide when contacting our support team
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on service
- Device Information: Browser type, operating system, device identifiers
- Log Data: IP address, access times, referring URLs
- Cookies: See our Cookie Policy for details
3. How We Use Your Information
We use your personal data for the following purposes:
Service Delivery
To generate personalised educational activities and provide our core service
Account Management
To create and manage your account, authenticate your identity
Payment Processing
To process subscription payments and manage billing
Communication
To send service updates, respond to inquiries, and provide support
Service Improvement
To analyse usage patterns and improve our service
Legal Compliance
To comply with legal obligations and protect our rights
4. Legal Basis for Processing (UK GDPR)
We process your personal data under the following legal bases:
- Contract Performance: Processing necessary to provide our service and fulfil our contractual obligations to you
- Legitimate Interests: Processing for our legitimate business interests, such as improving our service and preventing fraud, where these interests are not overridden by your rights
- Consent: Where you have given explicit consent for specific processing activities, such as marketing communications
- Legal Obligation: Processing necessary to comply with our legal obligations
5. Data Sharing and Third Parties
We share your data with trusted third-party service providers who assist us in operating our service. These providers are contractually obligated to protect your data:
We do not sell your personal data to third parties. We may disclose your information if required by law or to protect our rights and safety.
6. International Data Transfers
Some of our third-party service providers are located outside the UK. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or transfers to countries with adequate data protection laws.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account Data: Retained while your account is active, plus 30 days after deletion request
- Activity History: Retained for 12 months for your convenience, then automatically deleted
- Payment Records: Retained for 7 years as required by UK tax law
- Usage Analytics: Retained in anonymised form indefinitely
8. Your Rights (UK GDPR)
Under UK data protection law, you have the following rights:
Right of Access
Request a copy of your personal data
Right to Rectification
Request correction of inaccurate data
Right to Erasure
Request deletion of your data ("right to be forgotten")
Right to Restrict Processing
Request limitation of data processing
Right to Data Portability
Receive your data in a portable format
Right to Object
Object to processing based on legitimate interests
To exercise any of these rights, please contact us at privacy@smartprintsuk.com. We will respond within 30 days.
9. Children's Privacy
Our service is designed for use by adults (parents, guardians, educators) on behalf of children. We do not knowingly collect personal information directly from children under 13. The child's first name entered for activity personalisation is stored temporarily and used solely for generating the requested educational content. If you believe we have inadvertently collected information from a child, please contact us immediately.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- SSL/TLS encryption for all data transmission
- Secure authentication through Clerk
- PCI-DSS compliant payment processing through Stripe
- Regular security assessments and updates
- Access controls limiting employee access to personal data
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.
12. Complaints
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
13. Contact Us
For any privacy-related questions or requests:
Privacy Email: privacy@smartprintsuk.com
General Support: support@smartprintsuk.com
Website: smartprintsuk.com