PRIVACY POLICY

Who we are

Clean Smarts is a cloud-hosted software service ("Services") for janitorial service companies that is accessible through your web browser at admin.cleansmarts.com ("Site") or our mobile apps ("App" or "Apps") and is operated by GABSmarts Technology LLC, a company headquartered in Texas, USA ("Clean Smarts", "we", "us", "our").

Clean Smarts helps janitorial or other service companies monitor their workforce, manage work requests, and monitor the quality of services and communication they provide to their clients.

Users of the Site and Apps

There are several ways that users engage with our Site or Apps.

A "Company" is a company or organization that has registered with us to use our services.

An "Administrator" is a representative of a Company or an individual who registers with us to use our Services.

A "Company User" is a person who is employed by or entered into a contract with a Company to perform cleaning or other services.

A "Customer" is a client of a Company.

A "Visitor" is any person visiting the Site or App who does not have an account with us as an Administrator, Company User, or Customer.

"Personal Information" is information that identifies or can be used to identify an Administrator, Company User, or Customer, directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, email address, mobile phone number, preferred language, or other demographic information.

Administrator Privacy

WHAT PERSONAL INFORMATION DO WE COLLECT FROM ADMINISTRATORS AND WHAT IS IT USED FOR?

Account Information

We collect information you provide to us when you submit requests for a demo or to be contacted by our sales staff. If you consent to start a trial or begin using the software, we store your name, phone number, company name, and e-mail address as part of your Company and Administrator profile. By giving us your Personal Information, you consent to our use of the Personal Information in accordance with our Terms of Service and this privacy policy. Upon registering with us, you will be asked to provide a password.

We use your name and e-mail address when we communicate with you to bill or collect money from you, alert you to system outages or maintenance, and provide customer support. Your name is also used in the Services to associate you with actions you take in the system such as fulfilling supply requests, closing issues, or sending messages.

We use your mobile telephone number to authenticate your check in requests that are submitted via phone IVR technology or SMS text.

Your name, e-mail address, phone number, language preference, and time sheet detail is available to users who a) have user-information module access and b) have supervisory responsibilities for any location that you have been directly granted access to.

Device, Browser, File, and HTTP Request Information

We automatically collect mobile device operating system and version information to help us manage push notifications. We also use browser cookies to know when you have logged into your account. We collect originating IP addresses and request header information in our logs to help us understand how our Services are being used. We also use metadata provided in picture or video or other file uploads to establish when files were actually created.

Geolocation

When you check into a location where your Company provides services to Customers, and if you have enabled your mobile device to provide such information though our App, we collect latitude, longitude, altitude, and accuracy readings along with a timestamp of when that information was provided.

LAWFUL BASIS FOR DATA PROCESSING

We process Personal Information about you as a data controller as described in this section, where such processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests typically include: improving, maintaining, providing, and enhancing our technology, products and services; ensuring the security of the Services; and for our marketing activities.

Company User Privacy

WHAT PERSONAL INFORMATION DO WE COLLECT FROM COMPANY USERS AND WHAT IS IT USED FOR?

Account Information

An Administrator may provide Personal Information about you to us through the Services. For example, they may provide us with certain contact information or other Personal Information about you such as your name, e-mail address, and mobile phone number. Upon registering with us, you will be asked to provide a password.

We use your name and e-mail address to alert you to system outages or maintenance, and provide customer support. Your name is also used in the Services to associate you with actions you take in the system such as fulfilling supply requests, closing issues, or sending messages.

We use your mobile telephone number to authenticate your check in requests that are submitted via phone IVR technology or SMS text.

Your name, e-mail address, phone number, language preference, and time sheet detail is available to users who a) have user-information module access and b) have supervisory responsibilities for any location that you have been granted access to.

Device, Browser, File, and HTTP Request Information

We automatically collect mobile device operating system and version information to help us manage push notifications. We also use browser cookies to know when you have logged into your account. We collect originating IP addresses and request header information in our logs to help us understand how our Services are being used. We also use metadata provided in picture or video or other file uploads to establish when files were actually created.

Geolocation

When you check into a location where your Company provides services to Customers, and if you have enabled your mobile device to provide such information though our App, we collect latitude, longitude, altitude, and accuracy readings along with a timestamp of when that information was provided.

LAWFUL BASIS FOR DATA PROCESSING

Your Company may use your name and the locations and hours you worked in order to uphold their legal obligations to pay payroll and other taxes and compensate you according to labor and wage laws.

Your Administrator or other Company Users with supervisory responsibilities may use the times and geolocation when you check into a location to work or may contact you via e-mail, text, or telephone. Such usage has a lawful basis of legitimate interests that your Company has in operating its business and fulfilling contractual obligations to your Company's Customers.

Customer Privacy

WHAT PERSONAL INFORMATION DO WE COLLECT FROM CUSTOMERS AND WHAT IS IT USED FOR?

Account Information

An Administrator may provide Personal Information about you to us through the Services. For example, they may provide us with certain contact information or other Personal Information about you such as your name, e-mail address, and mobile or office phone number. Upon registering with us, you will be asked to provide a password.

We use your name and e-mail address to alert you to system outages or maintenance, and provide customer support. Your name is also used in the Services to associate you with actions you take in the system such as fulfilling supply requests, closing issues, or sending messages.

Your name, e-mail address, phone number, language preference, and time sheet detail is available to Administrators and Company Users who a) have user-information module access and b) have supervisory responsibilities for any location that you have been granted access to.

Device, Browser, File, and HTTP Request Information

We automatically collect mobile device operating system and version information to help us manage push notifications. We also use browser cookies to know when you have logged into your account. We collect originating IP addresses and request header information in our logs to help us understand how our Services are being used. We also use metadata provided in picture or video or other file uploads to establish when files were actually created.

LAWFUL BASIS FOR DATA PROCESSING

Your Company may collect your Personal Information under the lawful basis of legitimate interests. Your Company operates as a data controller in its relationship to you in order to fulfilling its contractual obligations to you.

Clean Smarts as a Data Processor

For Personal Information we collect and process about Customers through the Services, we act as a data processor on behalf of Companies. In such cases, if you are a Customer and want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your Personal Information is handled by Clean Smarts as a processor on behalf of our Companies, you should contact the Company's Administrator providing services and refer to their separate privacy policies.

If you no longer want to be contacted by a registered Company through our Services, please contact the Company or Administrator directly to update or delete your data. If you contact us directly, we may remove or update your information within a reasonable time and after providing notice to the Company of your request.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.

Your Data Protection Rights

You may have the following data protection rights:

To access, correct, update or request deletion of Personal Information. We takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. As an Administrator, Company User, or Customer, you can manage many of your individual account and profile settings within the App, or you may contact us directly by emailing us at [email protected] Customers and Company Users may contact their account Administrator to access, correct, update, or request deletion of Personal Information. You have the right to "be forgotten", which requires the permanent deletion of data and must be handled by Clean Smarts directly. Please direct permanent deletion requests to [email protected]

In addition, individuals who are residents of the EEA can object to processing of their Personal Information, ask to restrict processing of their Personal Information or request portability of their Personal Information. You can exercise these rights by contacting us at [email protected]

Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.

The right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.

Security

Our Site and App are scanned on a regular basis for security holes and known vulnerabilities in order to make your use of the Site or App as safe as possible.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

Users will be notified of any breach of our security within 72 hours of discovery.

Data Processors and Third Parties

We provide Personal Information to data processors as part of our Services:

  • Google. We use Google cloud services to display maps with location markers on the Site and the App and to translate messages and other text into users' preferred languages. Google's data processing agreement under the EU GDPR regulations is available here.
  • DigitalOcean. Digital Ocean is an infrastructure-as-a-service provider and hosts our application, databases, and file storage in data centers in New York City, NY, USA (US region); London, UK; and Amsterdam, NL (European region). Users in Europe, Asia, and Africa are routed to our European region, and no Personal Information is transferred from one data center region to another. Digital Ocean's processing agreement under the EU GDPR regulations is available here.
  • Cloudflare. Cloudflare is our content delivery network provider and hosts cached request information so that it can be retrieved quickly. Cloudflare also routes requests to the appropriate data center based on your location. Cloudflare's data processing agreement under the EU GDPR regulations is available here.
  • Mailgun. Mailgun is our e-mail delivery provider. Your e-mail address and the contents of any e-mails sent to you are provided to Mailgun in order to deliver e-mails to you. Mailgun's data processing agreement under the EU GDPR regulations is available here.
  • Stripe. Stripe is our payment processor. Your e-mail address is provided to Stripe in order for us to send bills and receive payment from you. Your full credit card number and details are not submitted to Clean Smarts. We do, however, receive from Stripe and store the last four digits of your credit card and the type of card used so that we can track invoiced amounts. Stripe's data processing agreement under the EU GDPR regulations is available here.
  • Nexmo. Nexmo provides telephone and SMS services in order to allow users to check into locations and to allow Administrators or Company Users to communicate with other Company Users or Customers. Nexmo's data processing agreement under the EU GDPR regulations is available here.

We do not sell or trade your Personal Information to outside parties. We do not include or offer third-party products or services on our website.

Data Retention

We retain Personal Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved.

When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us at [email protected]

Last Edited on 2018-06-13