Who we are
Our website address is: https://thesmartshark.com. We are a business services and consulting company. Our services include custom website development, online sales and marketing, and sales training.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
If you use one of our sign-up forms, your information will be added to our email campaign list in Zoho. This information will not be shared with any other businesses or processors. All contact activity will strictly come from Smart Shark using our Zoho account.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
We use Google analytics, Wordfence, and Smartsupp to track site usage via visitor IP addresses. We track hits, referrers, search words and search engines, page traffic, and IP activity. This information is used by us in two ways: 1) to use insights to improve visibility and site navigation, 2) to guard against potential hazardous IP addresses suck as hackers and bots.
Who we share your data with
Your IP address is gathered by our analytics services: Google Analytics, Wordfence, and Smartsupp. Your name and email information is processed by Zoho and utilized exclusively by Smart Shark. We do not share, sell or provide your data to anyone. We respect our visitors – we hate spam and we will not provide your information to spammers!
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
If you use one of our sign-up forms, your contact information will be housed in our Zoho account. Each email we send you will provide you with the ability to unsubscribe at any time.
Additional information
How we protect your data
We have thorough security measures in place on our site. We use a WordPress security plugin called Wordfence that provides the best protection available for websites. Powered by the constantly updated Threat Defense Feed, WordFence Firewall stops our site from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting us quickly in the event our site is compromised. Wordfence uses a Live Traffic view to give us real-time visibility into traffic and hack attempts on our website.
If you use one of our sign-up forms, Zoho has robust security measures in place to protect your contact information. You can read about their security measures here.
What data breach procedures we have in place
Policy Statement
Smart Shark LLC holds a small amount of personal and sensitive data. Every care is taken to protect personal data and to avoid a data protection breach. In the event of data being lost or shared inappropriately, it is vital that appropriate action is taken to minimize any associated risk as soon as possible. This procedure applies to all personal and sensitive data held by Smart Shark and all 3rd party processors.
Purpose
This breach procedure sets out the course of action to be followed by Smart Shark if a data protection breach takes place.
Legal Context
Article 33 of the General Data Protection Regulations
Notification of a personal data breach to the supervisory authority
- In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
- The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
- The notification referred to in paragraph 1 shall at least:
(a) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
(b) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
(c) describe the likely consequences of the personal data breach;
(d) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
- Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
- The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.
Types of Breach
Data protection breaches could be caused by a number of factors. A number of examples are shown below:
- Loss or theft of pupil, staff or governing body data and/ or equipment on which data is stored;
- Inappropriate access controls allowing unauthorized use;
- Equipment Failure;
- Poor data destruction procedures;
- Human Error;
- Cyber-attack;
- Hacking
Managing a Data Breach
In the event that Smart Shark identifies or is notified of a personal data breach, the following steps should followed:
- The person who discovers/receives a report of a breach must inform the Smart Shark’s Data Protection Officer (DPO). If the breach occurs or is discovered outside normal working hours, this should begin as soon as is practicable.
- The DPO must ascertain whether the breach is still occurring. If so, steps must be taken immediately to minimize the effect of the breach. An example might be to shut down a system, or to alert relevant 3rd party processors such as Wordfence, Zoho, Smartsupp, or Google Analytics.
- The DPO must take the appropriate action and conduct any investigation.
- The DPO (or nominated representative) must also consider whether the Police need to be informed. This would be appropriate where illegal activity is known or is believed to have occurred, or where there is a risk that illegal activity might occur in the future.
- The DPO (or nominated representative) must quickly take appropriate steps to recover any losses and limit the damage. Steps might include:
- Attempting to recover lost equipment.
- The use of back-ups to restore lost/damaged/stolen data.
Investigation
In most cases, the next stage would be for the DPO to fully investigate the breach. The DPO should ascertain whose data was involved in the breach, the potential effect on the data subject and what further steps need to be taken to remedy the situation. The investigation should consider:
- The type of data;
- Its sensitivity;
- What protections were in place (e.g. encryption);
- What has happened to the data;
- Whether the data could be put to any illegal or inappropriate use;
- How many people are affected;
- What type of people have been affected (pupils, staff members, suppliers etc) and whether there are wider consequences to the breach.
A clear record should be made of the nature of the breach and the actions taken to mitigate it. The investigation should be completed as a matter of urgency due to the requirements to report notifiable personal data breaches to the Information Commissioner’s Office. A more detailed review of the causes of the breach and recommendations for future improvements can be done once the matter has been resolved.
Notification
Some people/agencies may need to be notified as part of the initial containment. However, the decision will normally be made once an initial investigation has taken place. The DPO should, after seeking expert or legal advice, decide whether anyone is notified of the breach. In the case of significant breaches, the Information Commissioner’s Office (ICO) must be notified within 72 hours of the breach. Every incident should be considered on a case by case basis.
When notifying individuals, give specific and clear advice on what they can do to protect themselves and what Smart Shark is able to do to help them. You should also give them the opportunity to make a formal complaint if they wish. The notification should include a description of how and when the breach occurred and what data was involved. Include details of what you have already done to mitigate the risks posed by the breach
Review and Evaluation
Once the initial aftermath of the breach is over, the DPO should fully review both the causes of the breach and the effectiveness of the response to it. If systemic or ongoing problems are identified, then an action plan must be drawn up to put these right. This breach procedure may need to be reviewed after a breach or after legislative changes, new case law or new guidance.
Implementation
The DPO should ensure that staff are aware of the Smart Shark Protection policy and its requirements including this breach procedure. This should be undertaken as part of induction, supervision and ongoing training. If staff have any queries in relation to the Smart Shark’s Data Protection policy and associated procedures, they should discuss this with the DPO.
What third parties we receive data from
We receive data from Google Analytics, Zoho, Smartsupp, and Wordfence.
What automated decision making and/or profiling we do with user data
Wordfence will automatically block suspicious looking IP addresses from accessing Smart Shark as part of automated security measures.
Upon using one of our sign-up forms, you will be entered into our automated email sequence where you will receive a time triggered email series. We may also use this list for individual contact purposes unrelated to time triggered email campaigns.
Industry regulatory disclosure requirements
We have no industry regulatory disclosures.