Ask a Question

Privacy Policy

Last Updated: 16 October, 2025

1. Introduction

Smash Interviews (“we,” “us,” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use smashinterviews.co.uk (the “Site”).

This policy is written in compliance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)

Data Controller:
Donesa Group Ltd
Email: info@donesa.co.uk

2. Information We Collect

2.1 Personal Information You Provide

Account Registration:

  • Full name (first and last name)
  • Email address
  • Username
  • Password (encrypted and never stored in plain text)

Subscription/Payment Information:

  • Billing name
  • Payment card details (processed and stored by Stripe – we never see full card details)
  • Billing address (if provided)
  • Transaction history

User-Generated Content:

  • Interview questions you submit
  • Company names and job roles you mention
  • Tips and advice you provide
  • Profile information (optional bio)

Communications:

  • Messages you send us
  • Support ticket information
  • Survey responses (if you participate)

2.2 Information Collected Automatically

Usage Data:

  • Pages visited on our Site
  • Questions viewed
  • Search queries
  • Time spent on pages
  • Referring websites
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Operating system
  • Screen resolution

Technical Data:

  • IP address
  • Cookie identifiers
  • Session IDs
  • Geographic location (city/region level based on IP)
  • Date and time of access

Content Access Tracking:

  • Number of questions viewed (for free user limits)
  • Number of answers viewed (for free user limits)
  • Questions saved/favorited
  • Submission history

2.3 Information from Third Parties

Stripe (Payment Processor):

  • Payment confirmation
  • Subscription status
  • Transaction metadata

Email Service (Amazon SES / SMTP):

  • Email delivery status
  • Bounce/complaint notifications

3. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

3.1 Contract Performance (Art. 6(1)(b) GDPR)

Processing necessary to provide our services:

  • Creating and managing your account
  • Processing subscription payments
  • Delivering premium content
  • Providing customer support

3.2 Legitimate Interests (Art. 6(1)(f) GDPR)

Processing for our legitimate business interests:

  • Preventing fraud and abuse
  • Improving our services
  • Analyzing usage patterns
  • Security monitoring
  • Marketing to existing customers (with opt-out)

3.3 Legal Obligation (Art. 6(1)(c) GDPR)

Processing required by law:

  • Tax and accounting records
  • Responding to legal requests
  • Compliance with payment regulations

3.4 Consent (Art. 6(1)(a) GDPR)

Processing with your explicit consent:

  • Marketing emails (you can opt-out anytime)
  • Optional cookies (analytics, preferences)
  • Newsletter subscriptions

4. How We Use Your Information

4.1 Service Delivery

  • Create and manage your account
  • Process subscription payments
  • Provide access to interview questions and answers
  • Track content limits for free accounts
  • Send service-related emails (welcome, password reset, subscription updates)

4.2 Service Improvement

  • Analyze usage patterns to improve content
  • Identify popular questions and companies
  • Fix bugs and technical issues
  • Develop new features

4.3 Communication

  • Send important account notifications
  • Respond to support inquiries
  • Send subscription renewal reminders
  • Send security alerts (account changes, login from new device)

4.4 Marketing (with your consent or legitimate interest)

  • Send promotional emails about new features
  • Newsletter with interview tips (opt-in)
  • Product updates and announcements
  • You can opt-out at any time

4.5 Security and Fraud Prevention

  • Detect and prevent unauthorized access
  • Monitor for suspicious activity
  • Prevent content scraping and abuse
  • Rate limiting and brute force protection
  • IP-based abuse detection

4.6 Legal Compliance

  • Comply with legal obligations
  • Enforce our Terms of Use
  • Respond to legal requests
  • Protect our rights and users

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device that help websites function and provide analytics.

5.2 Types of Cookies We Use

Essential Cookies (Always Active):

  • Authentication cookies (keep you logged in)
  • Security cookies (CSRF protection)
  • Session management
  • Load balancing
  • These cannot be disabled without breaking functionality

Functional Cookies (Optional):

  • Remember your preferences
  • Save search filters
  • Language preferences
  • Site theme (if applicable)

Analytics Cookies (Optional – SpeedyCache):

  • Track page views and user behavior
  • Measure site performance
  • Identify popular content
  • We use these to improve the site

Performance Cookies (Optional):

  • Cache frequently accessed content
  • Improve loading times
  • Optimize server performance

5.3 Third-Party Cookies

Stripe (Payment Processing):

  • Fraud detection
  • Payment security
  • Required for payment processing

Amazon SES (Email Delivery):

  • Email tracking (opens, clicks)
  • Delivery confirmation
  • Required for reliable email delivery

5.4 Managing Cookies

You can control cookies through:

  • Browser settings: Most browsers allow you to refuse cookies
  • Opt-out links: In marketing emails
  • Cookie consent banner: When you first visit

Note: Disabling essential cookies will prevent you from using the Site.

5.5 Do Not Track

We respect Do Not Track (DNT) browser signals for non-essential tracking.

6. Data Sharing and Disclosure

6.1 We DO NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Service Providers We Share Data With

Stripe (Payment Processing):

  • What we share: Name, email, payment amount
  • Purpose: Process subscription payments
  • Location: USA (Stripe Privacy Shield certified)
  • Their policy: stripe.com/gb/privacy

Amazon SES / GoSMTP (Email Delivery):

  • What we share: Email address, name
  • Purpose: Send transactional and marketing emails
  • Location: EU/USA data centers
  • Their policy: aws.amazon.com/privacy

Hosting Provider:

  • What we share: All website data
  • Purpose: Website hosting and infrastructure
  • Their policy:  PRIVACY LINK

SpeedyCache (Performance):

  • What we share: Anonymous usage data
  • Purpose: Site caching and performance
  • Location: Varies by configuration

6.3 Legal Disclosures

We may disclose your information:

  • To comply with legal obligations
  • To respond to court orders, subpoenas, or legal processes
  • To protect our rights, property, or safety
  • To prevent fraud or illegal activity
  • With law enforcement if required
  • In connection with business transfers (mergers, acquisitions)

6.4 Aggregated/Anonymous Data

We may share aggregated, non-personally identifiable data:

  • Number of users
  • Popular companies/questions
  • Usage statistics
  • Industry trends

7. Data Retention

7.1 How Long We Keep Your Data

Active Accounts:

  • Account data: Retained while account is active
  • Usage data: 2 years
  • Payment records: 7 years (legal requirement for tax/accounting)

Closed Accounts:

  • Personal data deleted within 90 days of account closure
  • Submitted questions remain (anonymized – per Terms of Use license)
  • Transaction records kept for 7 years (legal requirement)
  • Anonymized usage data may be retained indefinitely

Marketing Data:

  • Email addresses: Until you unsubscribe + 30 days
  • Marketing preferences: Until you opt-out

7.2 Data Deletion

You can request data deletion at any time (see Section 10: Your Rights).

8. Data Security

8.1 Security Measures

Technical Safeguards:

  • SSL/TLS encryption for all data transmission (HTTPS)
  • Password hashing with bcrypt (never stored in plain text)
  • Database encryption at rest
  • Regular security updates and patches
  • Firewall protection
  • DDoS protection

Access Controls:

  • Role-based access control (RBAC)
  • Two-factor authentication for admin accounts
  • Audit logs for sensitive operations
  • Limited employee access to personal data

Application Security:

  • Input sanitization and validation
  • SQL injection prevention (prepared statements)
  • XSS (Cross-Site Scripting) protection
  • CSRF (Cross-Site Request Forgery) tokens
  • Rate limiting on login attempts (brute force protection)
  • Session management and timeout

Payment Security:

  • PCI DSS compliant via Stripe
  • No full card details stored on our servers
  • Tokenized payment processing
  • Secure payment gateway (Stripe Checkout)

8.2 Data Breach Notification

In the event of a data breach:

  • We will notify the ICO within 72 hours (if required)
  • We will notify affected users without undue delay
  • We will provide details of the breach and mitigation steps

8.3 Your Responsibility

  • Keep your password secure
  • Use a strong, unique password
  • Do not share your account
  • Log out from public/shared devices
  • Report suspicious activity immediately

9. International Data Transfers

9.1 Data Location

Your data is primarily stored in:

  • Hosting servers: UK Datacenter
  • Database: UK Datacenter

9.2 Transfers to Third Countries

Some service providers (Stripe, AWS) may transfer data outside the UK/EEA:

  • USA (Stripe): Stripe is Privacy Shield certified and uses Standard Contractual Clauses (SCCs)
  • AWS (if used): AWS GDPR-compliant data processing agreement
  • All transfers comply with UK GDPR Article 45-46 requirements

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

10.1 Right of Access (Art. 15)

  • Request a copy of all personal data we hold about you
  • We will provide this within 30 days

10.2 Right to Rectification (Art. 16)

  • Correct inaccurate or incomplete personal data
  • Update your profile at any time via Account Settings

10.3 Right to Erasure / “Right to be Forgotten” (Art. 17)

  • Request deletion of your personal data
  • Exceptions: Data required for legal compliance (e.g., payment records for 7 years)
  • Submitted questions may remain anonymized per Terms of Use

10.4 Right to Restriction of Processing (Art. 18)

  • Limit how we use your data in certain circumstances
  • Example: While disputing data accuracy

10.5 Right to Data Portability (Art. 20)

  • Receive your data in a machine-readable format (CSV, JSON)
  • Transfer your data to another service

10.6 Right to Object (Art. 21)

  • Object to processing based on legitimate interests
  • Object to direct marketing (opt-out anytime)

10.7 Rights Related to Automated Decision-Making (Art. 22)

  • We do NOT use automated decision-making or profiling

10.8 Right to Withdraw Consent

  • Withdraw consent at any time (for marketing, optional cookies)
  • Does not affect lawfulness of processing before withdrawal

10.9 How to Exercise Your Rights

Contact us at: hello@smashinterviews.co.uk

Include:

  • Your full name
  • Email address associated with your account
  • Specific request (access, deletion, etc.)
  • Proof of identity (to prevent unauthorized access)

Response Time: Within 30 days (may extend to 60 days for complex requests)

11. Children’s Privacy

11.1 Age Restriction

  • Our Site is intended for users aged 18 and over
  • We do not knowingly collect data from children under 18
  • If we discover we have collected data from a child under 18, we will delete it immediately

11.2 Parental Rights

If you believe your child under 18 has provided us with personal data, contact us immediately at hello@smashinterviews.co.uk

12. Marketing Communications

12.1 Types of Communications

Transactional Emails (Cannot Opt-Out):

  • Account creation confirmation
  • Password reset requests
  • Subscription renewal notices
  • Payment receipts
  • Security alerts

Marketing Emails (Can Opt-Out):

  • New features and updates
  • Interview tips and advice
  • Special offers and promotions
  • Newsletter (if subscribed)

12.2 Opting Out

You can opt-out of marketing emails by:

  • Clicking “Unsubscribe” in any marketing email
  • Updating preferences in Account Settings
  • Emailing hello@smashinterviews.co.uk

You will continue to receive essential transactional emails.

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy to reflect:

  • Changes in laws or regulations
  • New features or services
  • User feedback
  • Security improvements

13.2 Notification

We will notify you of material changes by:

  • Email to your registered address
  • Prominent notice on the Site
  • Updating the “Last Updated” date at the top

13.3 Continued Use

Continued use after changes constitutes acceptance. If you do not agree, please stop using the Site and close your account.

14. Complaints and Regulatory Authority

14.1 Contact Us First

If you have concerns about how we handle your data, please contact us first: Email: hello@smashinterviews.co.uk

14.2 Information Commissioner’s Office (ICO)

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113
Website: ico.org.uk
Report concerns: ico.org.uk/make-a-complaint

15. Contact Information

For questions about this Privacy Policy or your personal data:

Data Controller:
Donesa Group Ltd
United Kingdom

Email: info@donesa.co.uk
Website: donesa.co.uk

Data Protection Queries:
Email us with “Data Protection” in the subject line for priority handling.

16. Definitions

Personal Data: Any information relating to an identified or identifiable individual
Processing: Any operation performed on personal data (collection, storage, use, etc.)
Data Controller: The entity that determines how and why personal data is processed (us)
Data Processor: Third parties that process data on our behalf (Stripe, AWS, etc.)
Data Subject: The individual whose personal data is processed (you)

By using Smash Interviews, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: 16/10/2025
Version: 1.0

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by