Privacy Policy

Smarsh, Inc. ("Smarsh" or "we") respects and is committed to protecting your privacy. That is why we have adopted this Privacy Policy. This Privacy Policy lets you know how your personal information is processed and used. We promise that we will take steps to use your personal information only in ways that are compatible with this Privacy Policy. The following discloses our Privacy Policy.

Smarsh has been awarded TRUSTe's Privacy Seal signifying that this privacy policy and practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements including transparency, accountability and choice regarding the collection and use of your personal information. TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy policy or practices, please contact us at info@smarsh.com. If you are not satisfied with our response you can contact TRUSTe at: http://watchdog.truste.com/pvr.php?page=complaint. This privacy policy covers data collected at our corporate Web site (the "Site"), www.Smarsh.com, and our Smarsh Management Console.

Smarsh complies with the U.S. - EU and U.S. - Swiss Safe Harbor Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from EU member countries and Switzerland.  Smarsh has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Smarsh’s certification, please visit http://www.export.gov/safeharbor/.

This report consists of 3 sections:

(1) data we collect on our corporate website, www.smarsh.com,
(2) data we collect through our Smarsh Management Console,
(3) section that applies to both areas.

Section 1: Our corporate website:

Personal Information Collection and Use

We may collect personal information from you such as your name, email address, address, and phone number if you complete a form on our site, such as a resume submission or information form. We use this information to respond to your requests.

We may also request your e-mail address or mailing address for the purposes of conducting a survey or to provide additional services (for example, subscriptions to e-mail newsletters, whitepapers, announcement lists or information about conferences and trade shows).

Whenever we request the identity of a visitor, we will clearly indicate the purpose of the inquiry before the information is requested. We maintain a strict "No-Spam" policy that means that we do not intend to sell, rent, or otherwise give your e-mail address to a third-party, without your consent.

If you would like the personal information we have collected from you updated, please contact us as described in the "contact us" section below. If you would like the personal information we have collected from you deleted, please contact us. We will respond to your request within 30 business days.

Tracking Technologies on Our Site

Every computer connected to the Internet is given a domain name and a set of numbers that serve as that computer's "Internet Protocol" IP address. When a visitor requests a page from any Web site within the Smarsh Network, our Web servers automatically recognize that visitor's domain name and IP address. The domain name and IP address reveal nothing personal about you other than the IP address from which you have accessed our site. We use this information to examine our traffic in aggregate, and to investigate misuse of the Smarsh Network, its users, or to cooperate with law enforcement.

See also Will you disclose the information you collect to outside third parties? in Section 3. We do not collect and evaluate this information for specific individuals.

Cookies

From time to time, Smarsh or a third party may send a "cookie" to your computer. A cookie is a small piece of data that is sent to your browser from a Web server and stored on your computer's hard drive. A cookie can't read data off your hard disk or read cookie files created by other Web sites. Cookies do not damage your system. We use cookies to identify which areas of Smarsh's Network of Web sites you have visited or customized, so the next time you visit, those pages may be readily accessible.

Third Party Cookies and Tracking Technologies

We may have third party cookies and tracking technologies on our site. The use of cookies by our tracking utility company is not covered by our privacy statement. We do not have access or control over these cookies.

We may use third-party advertising companies to serve ads on our behalf. These companies may employ cookies to deliver ads. Any information that these third parties collect via cookies is not linked to any personal information collected by us. You may opt-out of Retargeting ads by clicking here.

We also have frames on our site from a service provider partner. In some areas, it may appear you are our site, when you are actually on another site. We do not share your personal information with these partners and are not responsible for their privacy policies.

We recommend that you refer to the privacy policies of these third parties to see how they collect and use your information.

Widgets

Widgets support functions that require you to disclose certain personal information if you choose to participate. This information is collected in many different ways such as: forms, surveys, contests, forums, subscribing or unsubscribing to mailings and correcting or updating personal information and are only used for the purpose for which they were collected.

Agents/Service Providers

We may use other third parties such as an email service provider to send out emails on our behalf, and a career management platform to collect resumes. We use Live Chat to assist you if you have questions while using our site or regarding your order. When you use our website, we may share your personal information with these service providers solely as necessary for them to perform their functions, but they may not use your personally identifiable information for any other purpose.

Section 2: The Smarsh Management Console

Information We Collect in the Smarsh Management Console:

We only collect archival information ("Archival Information") on behalf of our clients ("Clients") that they direct us to collect. This information includes archived communications our clients have asked us to archive, such as emails, texts, social media posts, and other forms of data and electronic communication.

Archival Information is data that we receive from our clients, or from a third party at their direction. In general, Smarsh may collect personal information about several different types of individuals, including: consumers, employees, patients, students, donors, volunteers, business clients, suppliers, and other business partners. Such data may include basic contact information such as name, postal address, e-mail address, and phone number, as well as sensitive personal information such as demographic, employee or financial information. This information is not collected actively, but through our archiving technology. We collect this information solely to perform the service to our Clients.

We also collect Client Information ("Client Information"). Client Information is personal information about people in your organization, such as account managers and users, who may or may not interact with Smarsh. Client Information usually is limited to name, work e-mail address, work phone number, and job title, and we collect it through the e-mail, phone, and written means through which you provide it to us. We use this information to support your account, maintain our business relationship with you, respond to your inquiries, and perform accounting functions. You can update your personal information and password by logging into your Smarsh Management Console and updating your account. If you would like us to delete the personal data we hold about you, we can. We will respond to requests within 30 days of receipt.

Data Retention

We will retain your information for as long as your account is active of as needed to provide you services.  If you wish to cancel your account or request that we no longer use your information to provide you services contact us at info@smarsh.com.  We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Passwords

It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using any computer. You are responsible for all actions taken with your username and password, including any potential fees charged to your account. Therefore we do not recommend that you disclose your password to any third parties. If you choose to share your username and password or your personal information with third parties, you are responsible for all actions taken with your account and therefore you should review that third party's privacy policy. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf.

Notice, Access and Choice:

We operate under the assumption that it is generally our client, the data controller's obligation to notify individuals about the purposes for which you collect and use information about them, how they can contact you with any inquiries or complaints, the types of third parties to which you disclose their information, and the choices and means you offer for limiting your use and disclosure. As the data processor, we make available to you this privacy policy so that you can better understand our data practices and whether they are consistent with privacy notices you have made available to your data subjects. The U.S.-EU Safe Harbor and the U.S.-Swiss Safe Harbor requires that data subjects must have access to personal information about them that an organization holds, and that they be able to correct, amend, or delete that information where it is inaccurate. We operate under the assumption that it is generally the data controller's obligation to provide their data subjects a means of accessing their data. The U.S.-EU Safe Harbor and the U.S.-Swiss Safe Harbor requires that members offer end users a choice to opt out of uses and disclosures of their data that are incompatible with the purposes for which that data was originally collected or subsequently authorized. We operate under the assumption that it is generally the data controller's obligation to obtain from your data subjects the appropriate consent to transfer their data to us and to process their data using our products for defined purposes. As your data processor, we will not share, sell, rent, or trade with third parties for their marketing purposes any Customer Information collected by us, unless you direct us to do so and have the appropriate authorization to do so.

Agents/Service Providers

We may use other third parties to assist us in performing the functions that we are contracted to perform for our clients. These third parties may collect personal information on behalf of our client or us and are prohibited from using your personal information for promotional purposes.

Section 3: The following applies to both the website and Smarsh Management Console:

Security Disclosure:

The security of your personal information is important to us. Multiple safeguards are in place to limit physical access to Smarsh’s geographically-dispersed datacenters. Meanwhile, a number of steps have been taken within the Smarsh Management Console to protect personal information.

We maintain redundant, secure, and high-performance networks and storage infrastructures designed specifically for the high-availability and data protection. Using a combination of hardware, software, and advanced procedures, we strive to ensure all aspects of its message archiving services are secure and that there will be no unauthorized access to messages containing your company's (and your clients') personal information. We manage multiple geographically-dispersed SAS 70 II certified facilities for site redundancy.

We follow generally accepted industry standards to protect the personally identifiable information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Will you disclose the information you collect to outside third parties?

We do not provide your contact information to third party marketers without your permission. Smarsh will disclose personal information, and/or an IP address, when required by law or in the good-faith belief that such action is necessary to:

1. Conform to the edicts of the law or comply with legal process served on Smarsh,

2. Protect and defend the rights or property of the Smarsh Network of sites and related properties, or visitors to the Smarsh Network of sites and related properties,

3. Identify persons who may be violating the law, the Smarsh legal notice and Web site User Agreement, the rights of third parties, or otherwise misusing the Smarsh Network or its related properties,

4. Cooperate with the investigations of purported unlawful activities.

Smarsh uses reasonable precautions to keep the information disclosed to us secure. Smarsh reserves the right to transfer all such information in connection with the sale of all or part of Smarsh's capital stock or assets. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information. We are not responsible for such third party privacy policies or how they treat information about their users.

Minors

Smarsh does not knowingly collect personally identifiable information from children under 13 years of age.

What else should I know about my privacy when online?

The Smarsh Network of Web sites contains many hyperlinks to other Web sites. The Smarsh Web Sites also contain advertisements of third parties. Smarsh is not responsible for the privacy practices or the content of such Web sites or advertisers. Smarsh does not share any of the individual personal information you provide Smarsh with the Web sites to which Smarsh links, except as stated elsewhere within this Privacy Policy, although Smarsh may share aggregate data with such Web sites (such as how many people use our site). Please check with those Web sites to determine their privacy policy.

Please keep in mind that whenever you voluntarily disclose personal information online - for example through e-mail, chat rooms, discussion lists, or elsewhere - that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return.

Ultimately, you are solely responsible for maintaining the secrecy of your personal information. Please be careful and responsible whenever you're online.

Your Consent To This Agreement

By using our Web site, you consent to the collection, use and disclosure of information by Smarsh as specified in this Privacy Policy. From time to time we may make changes to our Privacy Policy. If we decide to materially change our Privacy Policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. Your continued use of the Site after the changes are posted constitutes your agreement to the changes. If you do not agree to the changes, please discontinue your use of the Site. This Privacy Policy is incorporated into and subject to our Terms and Conditions and other terms relative to the Site.

Please send any questions about Smarsh's Privacy Policy to: info@smarsh.com or to Smarsh, Inc., ATTN: CEO, 921 SW Washington Street, Ste. 540, Portland, OR 97205.

We Self-Certify Compliance with:

Updated 03/19/13