Effective Date: October 1, 2025

Privacy is important to Smarsh Inc. (“Smarsh”). This Privacy Policy (“Privacy Policy”) describes who we are, what Personal Information (defined below) we gather from you and how we plan to use, share, and protect that Personal Information, and how you can exercise your data protection rights. All users of our Website, Smarsh Social Media, and participants of Smarsh Events (“Users”) must read and agree to our Privacy Policy to ensure they are fully informed about how Smarsh collects, processes, and stores Personal Information. For the purposes of this Privacy Policy, the Website, Smarsh’s Social Media, and Smarsh Events are the “Services”.

For a helpful, quick summary of our privacy practices, please read Smarsh’s Privacy Policy - Quick Summary (below) and Smarsh’s Cookie Disclosure (found here - Smarsh’s Cookie Disclosure). You can also bookmark Smarsh’s Email Preference Dashboard (found here – Smarsh’s Email Preference Dashboard) to manage your email preferences.

If you have any specific questions about our Privacy Policy, please send an email to privacy@smarsh.com.

PRIVACY POLICY - QUICK SUMMARY

This Quick Summary provides a summary of Smarsh’s Privacy Policy. If you wish to find more detailed information with respect to any of the questions answered in this Quick Summary, please read the Privacy Policy - More Information Section that is located below this Quick Summary.

Does this Privacy Policy apply to me?

This Privacy Policy applies to the collection and processing of Personal Information by Smarsh from visitors and users of (i) our website (www.smarsh.com) (“Website”), (ii) our corporate social media pages (for example, LinkedIn, Facebook, or other similar service) (“Smarsh Social Media”), and (iii) attendees and participants of events, webinars, or contests related to Smarsh (“Smarsh Events”). For more detailed information, please make sure that you read our entire Privacy Policy. This Privacy Policy does not apply to the processing of Personal Information by Smarsh on behalf of our clients in connection with the provision of services to such clients via a separate, direct agreement.

Definitions & What is Personal Information?

Generally, “Personal Information” means any information relating to a natural identified or identifiable person or household, such as name, email, residential address, phone number, device ID, or zip code.

Who is Smarsh?

Smarsh is a New York Corporation and a software company. While Smarsh’s headquarters are in Portland, Oregon, Smarsh has offices, affiliates, and subsidiaries throughout the United States, as well as in Canada, Costa Rica, India, Israel, Germany, Northern Ireland, Singapore, and the United Kingdom (for the purposes of this Privacy Policy, “Smarsh”, “we”, “us” and “our” shall refer to Smarsh and its affiliates and subsidiaries).

For more information about Smarsh, please see our “About Us” page – About Us - Smarsh.

What Personal Information is Smarsh collecting under this Privacy Policy?

Smarsh may passively (automatically) collect Personal Information when you use our Website or your social media accounts through the use of automated methods, such as tracking cookies or data analytics tools.

Smarsh may directly collect Personal Information from you when you sign up for events, participate in webinars, request information from Smarsh about its services, or participate in in-person meetings.

How do you use my Personal Information under this Privacy Policy?

Generally, we collect Personal Information to provide better services or functionality to you. For example, we use data analytics tools to improve and optimize our Website. We leverage automated cookies to tailor our marketing and sales activities to provide better, more focused, content to you. Our Website intake forms collect certain Personal Information in order to respond to your request(s) for information, or to provide future updates with respect to our services, products, or upcoming events. We also use your Personal Information when we need to comply with a legal obligation, upon your consent, to perform under a contract with you, or in connection with our legitimate business interests.

When, and with whom, do you share my Personal Information under this Privacy Policy?

We may share your Personal Information with our affiliates, our third-party service providers, our business partners, or with any competent law enforcement or regulatory body for our own internal business purposes.

How do you protect my Personal Information?

Smarsh uses commercially reasonable technical and organizational measures to protect your Personal Information from unauthorized access, use, or disclosure. To learn more about Smarsh’s information security program in general, please go here – Smarsh’s Information Security Program.

Still, no system can be guaranteed to be 100% secure. If you have questions about the security of your Personal Information, or if you have reason to believe that the Personal Information that we hold about you is no longer secure, please contact us immediately by sending an email to privacy@smarsh.com or as otherwise described in this Privacy Policy.

What are my rights with respect to my Personal Information under this Privacy Policy?

Smarsh provides you with the ability to choose how we collect, use, and share your Personal Information. To manage your communication preferences with respect to marketing, please go here to manage your Email Preferences. You may also wish to correct, update, amend, or delete any of your Personal Information maintained by Smarsh under this Privacy Policy. You may submit a general request to correct, update, amend, or delete your Personal Information by submitting a request through this webform here.

Please note that (i) in some cases, we may not be able to remove your Personal Information, in which case, we will let you know if we are unable to do so and why, and (ii) in order to protect your privacy and security, we will also take reasonable steps to verify your identity, before taking any steps with respect to providing access to, amending, or deleting your Personal Information.

UK & EU individuals

General information about Data Subject Rights is located in the Notice to Certain United States Residents of Data Subject Rights section below. Please go to the Notice to Individuals in the European Economic Area and the UK section if you are located in the EU or are located in the UK.

United States individuals

If you are a resident of certain jurisdictions within the United States, you may be entitled to certain individual rights under specific privacy laws, including but not limited to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”) (collectively, “CCPA”). Please see our Notice to Certain United States Residents of Data Subject Rights section for a description of the rights you may be entitled to and how to exercise them.

How do I get in contact with you?

If you have any questions about how your Personal Information is collected, stored, shared, or used, or if you wish to exercise any of your data rights, or if you have a disability and need to access this Privacy Policy in another format, please contact us using one of the methods below.

EMAIL: privacy@smarsh.com

SUBMIT A REQUEST THROUGH THIS WEB FORMHere.

GLOBAL HEADQUARTERS

Call us: 1-866-SMARSH-1

Write us: Attn: Legal Data Subject Request
851 SW 6th Avenue - Portland, Oregon 97204

EEA & UK:

Call us: +44 (0) 20 3608 1209

Write us: Attn: Legal Data Subject Request
One Canada Square, Level 39 - London, E14 5AB

PRIVACY POLICY - MORE INFORMATION

This Section describes Smarsh’s data collection practices with respect to Personal Information in more detail than in the Privacy Policy - Quick Summary.

PERSONAL INFORMATION SMARSH COLLECTS

Smarsh collects Personal Information from you directly and indirectly. The Personal Information that we collect from you directly may include the following:

Individual Identifiers, such as:

  • Contact Information, when you submit an online form or survey, subscribe to a newsletter, sign up for an event, webinar, or contest, or use our online chat feature, such as name, job title, company name, address, phone number, or email address.
  • Contact Information, when you request information about Smarsh services or products using the Services, such as name, job title, company name, address, phone number, or email address.
  • Event Visitor Information, if you attend a Smarsh sponsored event, we may collect visitor information, such as name, company name, job title, address, email address, location, phone number, and potentially, events in which you participated.
  • Office Visitor Information, if you visit us at our offices, we may collect visitor information, such as name, company name, job title, address, email address, location, phone number, photograph, time and date of arrival and departure.
  • Communications with us, preferences, and other Information you provide to us, such as any messages (including via online chat feature), opinions, and feedback that you provide to us, your user preferences (such as in receiving updates or marketing information), and other Information that you share with us when you contact us directly.

The Personal Information that we may collect from you automatically or indirectly may include the following:

  • Device and geolocation data when you visit our Website, such as your IP address, device type, browser, broad geographic location, and other technical information. We may also collect information about your interaction with our Website, including pages accessed and links clicked.
  • Data captured via cookies when you visit and interact with our Website. For example, Smarsh uses cookies to collect technical and analytical data, like webpages accessed or viewed, your browser type and the language of your browser, or links clicked. For specific information on our cookies, please see our Cookie Disclosure.

If you access the Services through a mobile device, we may also automatically collect Information about your device, your phone number, and your physical location.

The Personal Information that we may collect from you from third parties:

  • Third Party Event Visitor Information. If you attend an event, tradeshow, or conference (or online variation) in which Smarsh participates or to which Smarsh provides content, we may collect or be provided with visitor information, such as name, company name, job title, address, email address, location, phone number, and potentially, events in which you participated.
  • Third-Party Resellers, Referrals, and Partners. We may receive business contact information from our resellers and strategic partners to sell our Services. For example, mailing addresses, job titles, email addresses, phone numbers, and details about the potential customers’ software environment to tailor the purchase of Services.
  • Third-Party Websites and Social Media Sites. Smarsh may collect additional Information about you from third-party websites and Social Media Sites and/or sources providing publicly available information to help us provide Services to you and for marketing and advertising purposes.

This Privacy Policy only applies to Information collected by our Website or through our Social Media Account or Smarsh Event. We are not responsible for the privacy and security practices of those other websites or social media sites, or the Personal Information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other websites or content do not constitute or imply an endorsement or recommendation by us of the linked website, social media platform, and/or content.

HOW SMARSH USES PERSONAL INFORMATION

In most cases, we use your Personal Information to respond to requests made by you, including those to obtain more information about our products or services or services or events using the Services. Collecting Personal Information enables us to better understand those individuals who visit our Website and aids us with improving our Website, its content and functionality, as well as its ease of use.

We may also use your Personal Information for the following business and commercial purposes:

  • To deliver functionality on our Website, including responding to technical problems;
  • To analyze, develop, improve, or optimize the functionality or performance of our Website;
  • To manage the security of our Website and related infrastructure;
  • To comply with applicable laws, rules, and regulations;
  • To respond to your requests for information, such as communications about events, surveys, or contest entries in accordance with your communication preferences;
  • To communicate with you about new contests, promotions or rewards, upcoming events, trade shows or conferences, changes to the Website or the services that Smarsh provides, or other news about products and services in accordance with your communication preferences;
  • To tailor our marketing and sales activities to your company’s interests and to confirm or update your communication and marketing preferences;
  • For general or targeted marketing and advertising purposes, including sending you promotional material or special offers on our behalf or on behalf of our marketing partners and/or their respective affiliates and subsidiaries and other third parties, provided that you have not already opted out of receiving such communications;
  • To provide or improve the Services, including requesting feedback about your experience with the Services, or to conduct research in which you agree to participate;
  • To otherwise fulfill the purpose for which the Information was provided; and
  • To combine or supplement Personal Information about you with other Personal Information that we get from third parties, such as our advertising partners, to provide you with better and more personalized services, or just to better understand your needs.

HOW SMARSH SHARES OR DISCLOSES PERSONAL INFORMATION

We may share or disclose your Personal Information to the following categories of recipients for our business purposes:

  • To third-party service providers that perform certain functions or services on our behalf (such as hosting the Website, managing databases, performing analytics, providing customer service, or sending communications for us). These third-party service providers are authorized to use your Personal Information only as necessary to provide these services to us;
  • To those third-party presenters or sponsors of a Smarsh Event in which you participate;
  • To our partners and affiliates that support our business operations or the provision of services;
  • To a buyer (actual or potential) or its agent(s) in connection with a divestiture, merger, acquisition, sale, or similar transaction, in part or in whole of our business;
  • To any competent law enforcement body, regulatory, government agency, court, or other legal body with valid jurisdiction over Smarsh, where we believe it is necessary (i) to protect your vital rights or the rights of a third party, (ii) as a matter of applicable law or regulation, or (iii) to establish, protect, or exercise our legal rights or the legal rights of our partners, affiliates, or third-party service providers.
  • With your consent, or to fulfill the purpose for which you provided the Information.

DATA RETENTION - PERSONAL INFORMATION

We retain Personal Information we collect from you so long as we need it to provide you the Services and/or comply with our legal obligations (i.e., to comply with applicable laws, tax or accounting reasons, provide services). When we no longer have an ongoing need to maintain your Personal Information, we will delete or anonymize it as required by our record keeping policies.

TRACKING COOKIES & ADVERTISING & ANALYTICS

We and/or certain service providers operating on our behalf may collect Information about your activity, or activity on devices associated with you over time, on our Website and applications, and across non-affiliated websites or online applications. We may collect this Information by using certain technologies, such as cookies, web beacons, pixels, and other similar technologies. Smarsh uses cookies consistent with its Cookie Disclosure. In general, Smarsh uses cookies and analytics tools to:

  • manage content, analyze trends, monitor page visits, and content downloads on our Website;
  • administer our Website, track users’ movements around our Website; and
  • gather demographic information about visitors to our Website and Social Media Accounts.

We may partner with third-party ad networks to either display advertising on our Website or to manage our advertising on other websites. Those ad network partners may use cookies and web beacons to collect non-personally identifiable information about your activities on our Website to provide you with targeted advertising based upon your interests. You can learn more about your rights to opt out of targeted advertising in the Your Choices section below.

Our use of online tracking technologies may be considered a “sale” or “sharing” under certain laws. To the extent that these online tracking technologies are deemed to be a “sale” or “sharing” under certain laws, you can opt out of these online tracking technologies by submitting a request through this webform here, or by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC). Please note that some features of our Website may not be available to you as a result of these choices.

YOUR CHOICES

Marketing Communications. If you do not want to receive marketing and promotional emails from us, you may click on the “unsubscribe” link in the email or visit Smarsh’s Email Preference Dashboard to unsubscribe and opt out of marketing email communications, or get in touch with us using the contact information located in the Contact Us Section herein.

Cookie Preferences. You may change or modify your cookie settings by broadcasting an opt-out preference signal, such as the Global Privacy Control (“GPC”), or by updating your cookie settings on the Website.

THIRD-PARTY WEBSITES & SOCIAL MEDIA WIDGETS

This Website may contain links to websites or content sponsored or provided by third parties as a convenience for our users. Our provision of a link to any other website or location does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our Website, and you will go to another website. During this process, a third party may collect Personal Information from you. We do not control the actions of these third parties, nor do we control, review, or monitor these outside websites or their content. We are not responsible for these third parties, their websites, or their content. The terms of this Privacy Policy do not apply to these third parties or their websites.

Our Website includes certain social media widgets, such as a “share this” button, or “like this” button, and other mini programs that run on our Website. These third-party social media widgets are governed by the privacy policy of the company providing such social media widgets.

CHILDREN

This Website is not intended to provide content to children and Smarsh does not intentionally gather Personal Information about visitors who are under the age of sixteen (16). If you learn that anyone younger than sixteen (16) (or such higher age as applicable under the laws of your jurisdiction) has provided Smarsh with Personal Information, please contact us at privacy@smarsh.com. If we learn that we have collected such Information, we will take steps to delete it as soon as reasonably possible.

INTERNATIONAL TRANSFERS

Smarsh’s global headquarters are located within the United States. Your Personal Information may be transferred to, and processed in, countries other than the country in which you are located. These countries may have data protection laws that are different to the laws of your country. If you are in the European Economic Area or United Kingdom, please note that your Personal Information may be accessed by Smarsh employees and suppliers, transferred, and/or stored outside the European Economic Area and the United Kingdom, including within the United States, and other countries which have different data protection laws that may not be as comprehensive as those in your own country.

SECURITY OF PERSONAL INFORMATION

We use commercially reasonable technical and organizational measures to help protect your Personal Information from unauthorized access, use, or disclosure. However, no data transmitted over the Internet or stored by us, or our third-party service providers can be 100% secure. Therefore, we do not promise or guarantee, and you should not expect, that your Personal Information or private communications will always remain private or secure. We do not guarantee that your Personal Information will not be misused by third parties and are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Information. To learn more about Smarsh’s information security program in general, please go here – Smarsh’s Information Security Program.

NOTICE TO CERTAIN UNITED STATES RESIDENTS OF DATA SUBJECT RIGHTS

We provide the supplemental section below to comply with potentially applicable state privacy laws in the US, such as the California Consumer Privacy Act (all such laws collectively referred to hereafter as “State Privacy Laws”).

To the extent any State Privacy Law applies to the collection of your Information, this supplemental section of our Privacy Policy outlines the rights that you may have, and how you can exercise those rights. Please note that the list of rights described below is meant to be comprehensive and may include rights that you are not entitled to depending on your state of residency. For certain rights, you also may not be entitled to exercise them if you do not provide sufficient information in response to our reasonable requests for you to verify your identity. Lastly, please note that we use the term “Personal Information” below, but, depending on your state of residency, the State Privacy Law applicable to you may use the term “Personal Data” instead.

To exercise the rights described below, see the Exercising Your Rights Section below.

  • Right to Know and Access Specific Information, and Data Portability. You may have the right to request that we disclose certain information to you about our collection and use of your Information over the past twelve (12) months. Once we receive and confirm a verifiable consumer request from you, we will disclose to you, to the extent permitted and/or required by law:
    • The categories of Information we collected about you, and whether we sell or share your Information to third parties.
    • The specific pieces of Information we hold about you.
    • The categories of personal Information sold within the last twelve (12) months.
    • The categories of sources from which Information about you is collected.
    • Our business or commercial purpose for collecting, selling, or sharing your Information.
    • The categories of third parties with whom your Information is sold, shared, or disclosed for a business purpose.

    • You have the right to request that the Information described above be provided to you in a commonly used, machine-readable format, to the extent technically feasible.

  • Deletion Request Rights. You may have the right to request that we delete the Information that we collected from you, subject to certain exceptions. To the extent that we can delete your Information, once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Information, unless an exception applies.
  • Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate personal Information, you may have the right to request that we correct such inaccurate personal Information taking into account the nature of the personal Information and the purposes of the processing of the personal Information. Once we receive and verify your verifiable consumer request, we will use commercially reasonable efforts to correct your personal Information, if we determine that it requires correcting.
  • Sale and Sharing of Personal Information and the Right to Opt Out. You may have the right to opt out of the processing of your Information for the following purposes:
    • Sale of your Information.
    • Targeted advertising.
    • Sharing of your Information for cross-context behavioral advertising.
    • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

    • The use of online tracking technologies may be considered a “sale” or “sharing” under State Privacy Law. To the extent that these online tracking technologies are deemed to be a “sale” or “sharing” under those laws, you may be able to opt out of these online tracking technologies by submitting a request submitting a request through this webform here or by broadcasting an opt-out preference signal, such as the GPC.

  • Right to Limit Use and Disclosure of Sensitive Personal Information. You may have the right to request that we limit the ways we use and disclose your sensitive personal Information (as defined by State Privacy Laws) to uses which are necessary for us to perform the Services, or deliver the goods reasonably expected by you, or as authorized by law.
  • Right to Non-Discrimination. You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We may not, and will not, treat you differently because of your data subject request activity. As a result of your data subject request activity, we may not and will not deny goods or Services to you, charge different rates for goods or Services, provide a different level quality of goods or Services, or suggest that we would treat you differently because of your data subject request activity.
  • Right to Disclosure of Direct Marketers. You may have a right to the categories and names/addresses of third parties that have received your personal Information for their direct marketing purposes upon simple request, and free of charge.
  • Right to Appeal. You have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit appeals request to us by either:
    • Emailing us: privacy@smarsh.com
    • Calling us: 1-866-SMARSH-1

        • If you are not satisfied with the results of your appeal, you may contact the Attorney General in your state to file a complaint.

        Depending on the State Privacy Law applicable to you, there may be limits on the number of times you may make certain requests outlined above within a twelve (12) month period. In the event you exceed these limits, we may be entitled to charge you a reasonable fee to comply with your request.

      Authorized Agent

      You may use an authorized agent to submit verifiable consumer requests on your behalf provided that the authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require, as permitted and/or required by applicable law: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you; or (2) proof of power of attorney. We may deny a request from an authorized agent that does not submit proper verification proof.

      Notice of Financial Incentive

      As an incentive for providing us with your Information, you may receive a financial benefit in the form of an email coupon, discount, rebate, free sample, promotions, or other similar reward that will be sent to you. This discount may constitute a financial incentive under State Privacy Laws (“Financial Incentive”). The categories of personal Information required for us to provide the Financial Incentives may include personal identifiers such as full name and contact information including email address as well as personal and demographic information you choose to provide.

      To offer these discounts, we may track your personal Information, such as purchase history and other demographic data. You have the right to withdraw from the Financial Incentive at any time by submitting a request to privacy@smarsh.com. Please note that if you request deletion of part or all your personal Information, that could affect your ability to qualify for the discount.

      Reasonable Fee for Request

      To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

      Sensitive Data

      We may process sensitive personal information, sensitive personal data, and/or sensitive data inferences, as those terms are defined by State Privacy Laws. When we process such data, we do so with your consent.

      NOTICE TO INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA AND THE UK

      This section applies only to individuals using the Services from within the European Union (“EU”), the European Economic Area (“EEA”), and the UK, and only if we collect through the Services any information from you that is considered “Personal Data”, as defined in the General Data Protection Regulation (“GDPR”) and the UK Data Protection Act 2018.

      Personal Data includes any information relating to an identified or identifiable natural person, who could be identified either directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one (1) or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (which may include some or all your Information as defined in this Privacy Policy).

      Identity and Contact Details of Controller

      Unless otherwise stated, we are the Data Controller for the Personal Data we process under this Privacy Notice.

      GLOBAL HEADQUARTERS

      Email: privacy@smarsh.com
      Call us: 1-866-SMARSH-1
      Write us: Attn: Legal Data Subject Request
      851 SW 6th Avenue - Portland, Oregon 97204

      EEA & UK:

      Email: privacy@smarsh.com
      Call us: +44 (0) 20 3608 1209
      Write us: Attn: Legal Data Subject Request
      One Canada Square, Level 39 - London, E14 5AB

      2. Your Data Protection Rights

      To the extent the GDPR and Data Protection Act 2018 apply, and we hold your Personal Data in our capacity as a Data Controller as defined under those laws, you may request that we:

      • Restrict the way that we process and share your Personal Data;
      • Transfer your Personal Data to a third party;
      • Provide you with access to your Personal Data;
      • Remove your Personal Data if no longer necessary for the purposes collected;
      • Update your Personal Data so it is correct and not out of date; and/or
      • Object to our processing of your Personal Data.

      You may also revoke your consent for processing of your Personal Data. If you wish to object to the use and processing of your Personal Data or withdraw consent to this Privacy Policy, you can contact us in the following ways:

      Email: privacy@smarsh.com
      SUBMIT A REQUEST THROUGH THIS WEB FORMHere.

      GLOBAL HEADQUARTERS

      Call us: 1-866-SMARSH-1
      Write us: Attn: Legal Data Subject Request
      851 SW 6th Avenue - Portland, Oregon 97204

      EEA & UK:

      Call us: +44 (0) 20 3608 1209
      Write us: Attn: Legal Data Subject Request
      One Canada Square, Level 39 - London, E14 5AB

      The requests above will be considered and responded to in the time period stated by applicable law. Note, certain Personal Data may be exempt from such requests. We may require additional Personal Data from you to confirm your identity in responding to such requests.

      You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us at:

      GLOBAL HEADQUARTERS

      Email: privacy@smarsh.com
      Call us: 1-866-SMARSH-1
      Write us: Attn: Legal Data Subject Request
      851 SW 6th Avenue - Portland, Oregon 97204

      EEA & UK:

      Email: privacy@smarsh.com
      Call us: +44 (0) 20 3608 1209
      Write us: Attn: Legal Data Subject Request
      One Canada Square, Level 39 - London, E14 5AB

      3. Lawful Basis for Processing Your Personal Data

      Smarsh takes care to use your Personal Data carefully and based on our legitimate business interests. Use of Personal Data under certain data protection laws, including GDPR, must be based on legal grounds. Smarsh uses or shares your Personal Data where:

      • Needed to comply with a legal obligation, including responding to a legal request for information, subpoena, warrant, or other request from a competent legal or regulatory authority.
      • You consented to such use. For example, if you provided consent to receive marketing material. You may withdraw your consent at any time as described below.
      • It’s necessary under a contract between you and Smarsh, or because something needs to be completed in order for you to enter into a contract with us (e.g., due diligence).
      • Its use is in accordance with our legitimate interests, such as legitimate business interests, to those interests not overriding your fundamental rights. For example, monitoring our Website, preventing illegal activities, or pursuant to a sale or merger (for the purposes of due diligence or to affect such sale or merger post-closing).

      If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as the possible consequences if you do not provide your Personal Data). If the processing of your Personal Data is based on your consent, the GDPR and Data Protection Act 2018 also allow users the right to access, revoke, or modify your consent at any time. Please see the Exercising Your Rights section below on how to review or modify your consents.

      4. Consent to Transfer

      We are operated in the United States, and we may use service providers based in the United States to operate our business and our relationship with you. Please be aware that information, including your Personal Data, that we collect will be transferred to, stored, and processed in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen. However, Smarsh is committed to protecting your information in accordance with this Privacy Notice and is self-certified under the EU-US Data Privacy Framework, the UK extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework. For more information on Smarsh’s compliance with these frameworks, please visit our DPF STATEMENT.

      5. Retention

      We will retain your Personal Data for as long as needed for the purposes described in this Privacy Policy. More specifically, the time we maintain your Personal Data depends on the following factors:

      • Whether we need the Personal Data to provide the Services. We will maintain any data needed to provide you with the Services, such as contact information and payment or transaction information, for as long as needed for us to provide you with the Services, respond to your questions and requests, and/or administer your account (if applicable).
      • Whether we need the Personal Data to comply with our legal obligations. We may have legal obligations to maintain your Personal Data where a legal or regulatory body may ask for it in the future, for example in response to a data subject request or complaint. This information may include contact information and location information.
      • Whether we need the Personal Data for a legitimate business interest. We may store Personal Data like contact information, cookies, and location information in order to perform analytics, troubleshoot errors, or improve our Services. In any event, we delete the Personal Data when it is no longer needed for our legitimate interest.

      Regardless of our reason for retaining your information, we delete all Personal Data in accordance with our routine record keeping policies.

      EU-US Data Privacy Framework, UK extension to the EU-US Data Privacy Framework, and Swiss-US Data Privacy Framework

      Smarsh is self-certified under the EU-US Data Privacy Framework, UK extension to the EU-US Data Privacy Framework, and Swiss-US Data Privacy Framework. For more information on Smarsh’s compliance with these frameworks, please visit our DPF STATEMENT. If there is any conflict between the terms in this Privacy Policy and applicable Data Privacy Framework principles, the Data Privacy Framework principles shall govern.

      With respect to personal information received or transferred pursuant to the Data Privacy Framework, Smarsh is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

      EXERCISING YOUR RIGHTS

      To exercise any of the rights described above, please submit a verifiable consumer request to us via the methods described below. The verifiable consumer request must:

      • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Information, or an authorized representative; and
      • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

      To help protect your privacy and maintain security, if you request access to or deletion of your Information, we will take steps and may require you to provide certain information to verify your identity before granting you access to your Personal Information or complying with your request. In addition, if you ask us to provide you with specific pieces of Personal Information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose Information is the subject of the request. Only you or your authorized agent may make a verifiable consumer request related to your Personal Information. If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent with written permission to do so and to verify your own identity directly with us (as described above). You may also make a verifiable consumer request on behalf of your minor child.

      EMAIL: privacy@smarsh.com

      SUBMIT A REQUEST THROUGH THIS WEB FORMHere.

      GLOBAL HEADQUARTERS

      Call us: 1-866-SMARSH-1
      Write us: Attn: Legal Data Subject Request
      851 SW 6th Avenue - Portland, Oregon 97204

      EEA & UK:

      Call us: +44 (0) 20 3608 1209
      Write us: Attn: Legal Data Subject Request
      One Canada Square, Level 39 - London, E14 5AB

      We have also appointed a Data Protection Officer (“DPO”) for the EEA and UK. You can contact the DPO at dpo@smarsh.com.

      CHANGES TO THIS PRIVACY POLICY

      This Privacy Policy is subject to occasional revision, and if we make any substantial changes in the way we use your Personal Information, we will take appropriate measures to inform you consistent with the significance of the changes we make. We will obtain your consent to any material changes in the way we use your Personal Information in accordance with applicable data protection laws. Smarsh will investigate and attempt to resolve any complaints that you may have or any disputes regarding our privacy practices and provide you with information regarding the investigation and resolution of the complaint.

      This Privacy Policy is effective as of the date set out at the top of this Privacy Policy.

      HOW TO CONTACT US

      If you have any questions about how your Personal Information is collected, stored, shared, or used, or if you have a disability and need to access this Privacy Policy in another format, please contact us at:

      EMAIL: privacy@smarsh.com

      SUBMIT A REQUEST THROUGH THIS WEB FORMHere.

      GLOBAL HEADQUARTERS

      Call us: 1-866-SMARSH-1
      Write us: Attn: Legal Data Subject Request
      851 SW 6th Avenue - Portland, Oregon 97204

      EEA & UK:

      Call us: +44 (0) 20 3608 1209
      Write us: Attn: Legal Data Subject Request
      One Canada Square, Level 39 - London, E14 5AB