Last Updated: November 11, 2021
If you are an employee of one of our Clients and your data, including personal information, is being collected and retained pursuant to a service agreement between Smarsh and your employer, such service agreement governs the collection, use, and destruction of all such data collected by Smarsh, including your personal information. If this situation is applicable to you and you wish to inquire about the collection, use, and destruction of your personal information pursuant to such service agreement, please direct any questions or requests to your employer, as your employer is the party controlling the collection, use, and destruction of your personal information and Smarsh is only acting as the processor of such personal information. For more information on how Smarsh protects Client Data and Client Confidential Information, please go here - Smarsh's Information Security Program. For more information on Smarsh’s standard service agreement, please go here – Smarsh’s General Terms.
This Policy Governs Personal Information We Collect Via
We are the data controller for the personal data We collect from the above list of places.
This Policy does not apply to the proprietary data We capture and archive on behalf of Our customers, or to individual persons with whom Our customers communicate. Our customers enter into a services agreement with Us that governs the collection, processing and storage of such proprietary data.
In response to the “Schrems II” decision issued by the Court of Justice of the European Union, Smarsh withdrew from the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, effective November 13, 2020.
California Consumer Privacy Act
We comply with the California Consumer Privacy Act (“CCPA”), effective January 1, 2020, which affords California residents new rights with respective to their personal information. These rights, limited by the statute and explained below, are as follows:
- 1. The right to request disclosure of a California resident’s business’ data collection and sales practices in connection with the requesting consumer, including the categories of personal information collected, the source of the information, the use of the information and, if the information is disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;
- 2. The right to request a copy of the specific personal information collected about a California resident during the 12 months before their request.
- 3. The right to have such information deleted (with certain exceptions);
- 4. The right to request that a California resident’s personal information not be sold to third parties, if applicable; and
- 5. The right not to be discriminated against because a California resident exercised any of the new rights.
- Information relevant to California residents covered under the CCPA is included in this Policy.
Information relevant to California residents covered under the CCPA is included in this Policy.
We do not knowingly collect personally identifiable information from children under 17 years of age.
General Data Protection Regulation
Additionally, we comply with the General Data Protection Regulation (“GDPR”), effective May 25, 2018, which affords European Union (“EU”) residents new rights with respective to their personal information. These rights, limited by the statute and explained below, are as follows:
- 1. The right to be informed about the collection and use of your personal data;
- 2. The right of access to information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients, the planned duration of storage or criteria for their definition, information about the rights of the data subject such as rectification, erasure or restriction of processing, the right to object, instructions on the right to lodge a complaint with the authorities, information about the origin of the data, as long as these were not collected from the data subject himself, and any existence of an automated decision-taking process, including profiling, with meaningful information about the logic involved as well as the implications and intended effects of such procedures;
- 3. The right to rectification of inaccurate personal data when it becomes identified as inaccurate or incomplete;
- 4. The right to erasure of personal data without undue delay
- 5. The right to restrict processing of their personal data where they have a particular reason for wanting the restriction;
- 6. The right to data portability to obtain and reuse personal data across different services;
- 7. The right to object to the processing of their personal data if it is for direct marketing purposes
- 8. Rights in relation to automated decision making and profiling to a decision based solely on automated processing
Information relevant to EU residents covered under the GDPR is included in this Policy.
We Collect The Following Types Of Personal Information:
We collect: identifiers, commercial information, internet/electronic activity, geolocation, professional or employment related information, and inferences from the foregoing and we have collected those categories of information from individuals (including residents of California) within the prior twelve months. More specifically, We collect:
We Collect Personal Information For The Following Purposes:
We may link, combine or supplement the information you provide Us with other information We receive from Third-party Sources or with cookies. We do this to help understand your needs and provide you with better products and services, to identify you when you return to Our Site or to pre-populate forms. We may use anonymous, aggregated personal information for different purposes, like market analysis, traffic flow analysis and reporting, or to deliver relevant advertising and information based on click stream data. We may also use this information to examine Our traffic in aggregate, to investigate misuse of Our network, its users, or to cooperate with law enforcement.
We May Use Certain Tracking Technologies To Collect Personal Information:
We may use tracking technologies like cookies, clear gifs, web beacons, web bugs, or other similar technologies. We may receive reports based on the use of these technologies by Third-Party Sources that provide us services on an individual as well as aggregated basis. Cookies are used to identify which website or marketing campaign you came from, which areas of the Site you visited and your actions on the Site, and where you go when you leave the Site. Cookies may be “session” cookies and deleted after you leave the Site or “persistent” cookies that are stored. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, which are used to track the online movements of web users. In contrast to cookies, clear gifs are embedded invisibly on web pages, emails or advertisements and track clicks. We use clear gifs to determine whether Our marketing campaigns are successful, such as to determine whether you open an email We send or whether you click on the links within the emails We send. Generally, We use these technologies to:
We may partner with third-parties to manage Our advertising on third-party sites. Our third-party partners may use technologies such as cookies to gather information about your activities on this Site and other sites to advertise to you based upon your browsing activities and interests. If you do not wish to have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking http://www.networkadvertising.org/managing/opt_out.asp or by visiting the relevant ad network (Google Ads is available here: https://www.google.com/settings/ads). There are multiple other resources that allow you to opt out of web tracking at the browser level by following the browser’s instructions. We respect your Do Not Track choices instituted at the browser level.
We Share Information We Collect In The Following Ways:
We do not sell (as that term in generally understood as in for monetary remuneration), rent or lease the information We collect to third parties. Sale under CCPA is a broader concept. Under CCPA a “sale” is providing access to or disclosing personal information to a third party for monetary or other valuable consideration.
We may share your information as follows:
Third-Party Service Providers, Widgets, Websites, Ads And Content May Be Provided Through The Site.
The Site may contain links to websites or content sponsored or provided by third parties. These sites and services may use their own cookies or data tracking technologies to collect data or information from you. We do not control the practices of these third parties or their websites or content. We are not responsible for the privacy practices or the content of these third parties. We do not share the information that you provide Us with these third parties, however, these third parties may obtain information about you if you click on a third-party link. Certain widgets on the Site (such as social media widgets), may collect information about you automatically through cookies and may combine information about your use of Our Site with information they collect in other areas. We have no control over the practices of these widgets and are not responsible for their privacy practices. Please visit the privacy policies of these third parties to learn more about how they collect and use your information. Some of the ads you receive on websites are customized based on predictions about your interests generated from your visits over time and across different websites from an ad network. This is called interest-based advertising and is enabled through your computer browser and browser cookies. These ads are provided based on information owned or controlled by an ad network, and subject to the ad network’s privacy policies. We provide you information on how to opt out of these types of interest-based advertisements in the Notice, Access and Choice section of this Policy. We may use other third-party service providers such as an email service provider to send out emails on Our behalf, a career management platform to collect resumes, or a chat widget that allows Us to communicate with you. We may share your information with these service providers, and others, as necessary for them to perform their functions.
We Use Commercially Reasonably Means To Protect The Security Of Your Personal Information.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. We use commercially reasonable means to protect your personal information, but We cannot guarantee its absolute security.
You Have Choice Regarding Providing Personal Information.
We do not require that you provide information through Our Site, however, if you do not choose to provide information, We may not be able to offer or provide services to you. You may opt-out of receiving promotional emails from Us by following the instructions about opting out in those emails. If you opt-out, We may still send you non-promotional communications, such as emails about your accounts, product notices, or Our ongoing business relations.
Opt Out for California Residents under CCPA. A California resident may opt out of having Smarsh transfer information to third-parties for the purposes of offering products or services by clicking the following link: https://www.smarsh.com/do-not-sell-my-personal-information, which will also be available on the footer of the website. Opting out may prevent us from being able to offer you products and services. If you opt out, We may still send you non-promotional communications, such as emails about your accounts, product notices, or Our ongoing business relations.
You Can Request Access To Your Personal Information, Understand Data Retention And Employ The Right To Be Forgotten.
CCPA and GDPR Personal Information Requests. California and EU residents may request personal information or request erasure of personal information not more than twice in a twelve-month period. Smarsh will need to collect information to verify the identity of the requesting California resident. Smarsh will respond to a request from a California resident within thirty days.A California resident can make a personal information request at https://www.smarsh.com/CCPA-request and https://www.smarsh.com/GDPR-request, call Smarsh at 1-866-SMARSH-1, or, email firstname.lastname@example.org. In some cases, We may be unable to delete your personal information, in which case We will let you know if We are unable to do so and why.
We will retain your information for as long as We determine is necessary. We will retain data We process on behalf of Our Customers for as long as needed to provide services to Our Customer, or for the retention period requested by a particular Customer or as determined by a particular Service.
Right to be Forgotten. You may contact Us at Smarsh, 851 SW 6th Avenue, Ste 800, Portland, Oregon 97204 or email@example.com to access your information that We store and process and to request that We delete or amend your information, or to opt out of your information being shared with third parties. In some cases, We may be unable to delete your personal information, in which case We will let you know if We are unable to do so and why. We will respond to your access request within 30 days.
You Can File A Complaint:
We commit to resolve complaints about Our collection or use of personal information. Individuals with inquiries or complaints regarding Our policy should first contact Smarsh at: firstname.lastname@example.org or to Smarsh Inc., Legal Department, 851 SW 6th Ave., Suite 800, Portland, OR 97204. We will respond to your questions or complaints within 30 days. Following receipt of a complaint, if necessary, We will investigate the issue and provide you with information regarding the investigation and resolution of the complaint.
851 SW 6th Avenue
Portland, Oregon 97204