Smooth Operations

Privacy Policy

Last updated: 2026-06-05

Smooth Operations is committed to protecting your personal data. This policy explains what data we collect through this website, why we collect it, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Luxembourg data protection law of 1 August 2018.

1. Data controller

The data controller responsible for this website is Smooth Operations S.à r.l., registered in Luxembourg.

Contact for any data protection question or request: info@smoothoperations.lu.

2. Data we collect

We only collect personal data that you actively submit through the contact form on this website. Specifically:

  • Name
  • Email address
  • Organisation
  • Service you are interested in
  • Free-text message (optional)
  • Language of the page at the time of submission
  • Submission timestamp

3. Why we collect it (legal basis)

We process this data on the basis of your consent (Article 6(1)(a) GDPR), which you give by ticking the consent box on the contact form, and on the basis of taking steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).

The data is used solely to respond to your enquiry. We do not use it for marketing, profiling, or automated decision-making.

4. How long we keep it

Contact form submissions are retained for two (2) years from the date of submission and then deleted automatically. If you ask us to delete your data sooner, we will.

5. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected (rectification)
  • Have your data deleted (right to erasure)
  • Receive your data in a portable format
  • Object to processing or restrict it
  • Withdraw your consent at any time, without affecting prior processing

6. How to exercise your rights

Send an email to info@smoothoperations.lu from the address you used in the form, briefly describing your request. We will respond within thirty (30) days. We may ask for proof of identity if there is any doubt.

7. Right to lodge a complaint

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the Luxembourg supervisory authority, the Commission nationale pour la protection des données (CNPD): https://cnpd.public.lu

8. Cookies

This website uses only strictly necessary, technical cookies — no tracking, advertising, or analytics cookies are set. Because no consent is legally required for strictly necessary cookies, we display a single informational banner rather than a consent prompt.

9. Sub-processors and data transfers

To operate the website and store your contact form submission, we rely on the following sub-processors. All process personal data in EU regions and have signed data processing agreements (DPAs) with us:

  • Supabase Inc. (US-incorporated) — database hosting in Frankfurt, Germany. DPA in place. Standard Contractual Clauses (SCCs) cover any incidental US support access.
  • Netlify Inc. (US-incorporated) — static site hosting and serverless functions on EU edge nodes. DPA in place. SCCs in place.

10. Data security

Connections to this website are encrypted (HTTPS). Contact form submissions are encrypted in transit and at rest. Access to the underlying database is limited to authorised personnel and protected by row-level security policies that allow inserts only — no public read access.

11. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or in applicable law. The current version date is shown at the top of this page.