Last Updated: November 11, 2021

Your privacy is important to Smarsh. This Privacy Policy (“Policy”) describes how Smarsh and its U.S. and EU subsidiaries (collectively, “We”, “Our”, “Us”) collect, use, process, and disclose personal information. We may update this Policy from time to time. We will post the updated Policy at this link and will provide notice on the Site when we make material changes to the Policy.

This Privacy Policy applies to the collection and processing of personal information by Smarsh from: (i) visitors to the Smarsh websites (including www.smarsh.com and other subdomains that form our corporate web presence) (“Website”), (ii) visitors to, and users of, Smarsh branded corporate social media pages (“Smarsh Social Media”), and (iii) attendees of events, webinars, or contests related to Smarsh (“Smarsh Events”). For more specific information about the scope of this Privacy Policy, please read the full Privacy Policy below.

This Privacy Policy DOES NOT APPLY to the processing of data, including personal information, collected and retained by Smarsh on behalf of our clients in connection with the provision of software services to such clients and their respective users, agents, and employees. If you are, or become, one of our clients, we collect, use, delete and disclose data captured by our services, including personal information, in accordance with the applicable service agreement. When you use our services, the terms of the applicable service agreement between Smarsh (or an affiliate of Smarsh) and you (or your employer) will govern the collection, use, deletion, and disclosure of all data generated, captured, and retained in such service.

If you are an employee of one of our Clients and your data, including personal information, is being collected and retained pursuant to a service agreement between Smarsh and your employer, such service agreement governs the collection, use, and destruction of all such data collected by Smarsh, including your personal information. If this situation is applicable to you and you wish to inquire about the collection, use, and destruction of your personal information pursuant to such service agreement, please direct any questions or requests to your employer, as your employer is the party controlling the collection, use, and destruction of your personal information and Smarsh is only acting as the processor of such personal information. For more information on how Smarsh protects Client Data and Client Confidential Information, please go here - Smarsh's Information Security Program. For more information on Smarsh’s standard service agreement, please go here – Smarsh’s General Terms.

This Policy Governs Personal Information We Collect Via
  • Our corporate website www.smarsh.com (the “Site”);
  • third-party sources such as lead generation tools, data providers and social media platforms (“Third-party Sources”);
  • tradeshows, conferences or conventions (“Events”); and;
  • Our products and services including Smarsh Central (“Services”).

We are the data controller for the personal data We collect from the above list of places.
This Policy does not apply to the proprietary data We capture and archive on behalf of Our customers, or to individual persons with whom Our customers communicate. Our customers enter into a services agreement with Us that governs the collection, processing and storage of such proprietary data.

With respect to Our customer relationships, the customer is the data controller and this Policy does not apply to individuals with whom Our customers communicate. The customer’s / data controller’s privacy policy and privacy practices govern those relationships. This Policy does not apply to any third-party services, third-party websites or third-party platforms (such as social media platforms) that We do not control. Such third-party services’, third-party websites’ or third-party platforms’ respective privacy policies and privacy practices govern those services.

In response to the “Schrems II” decision issued by the Court of Justice of the European Union, Smarsh withdrew from the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, effective November 13, 2020.

California Consumer Privacy Act

We comply with the California Consumer Privacy Act (“CCPA”), effective January 1, 2020, which affords California residents new rights with respective to their personal information. These rights, limited by the statute and explained below, are as follows:

  • 1. The right to request disclosure of a California resident’s business’ data collection and sales practices in connection with the requesting consumer, including the categories of personal information collected, the source of the information, the use of the information and, if the information is disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;
  • 2. The right to request a copy of the specific personal information collected about a California resident during the 12 months before their request.
  • 3. The right to have such information deleted (with certain exceptions);
  • 4. The right to request that a California resident’s personal information not be sold to third parties, if applicable; and
  • 5. The right not to be discriminated against because a California resident exercised any of the new rights.
  • Information relevant to California residents covered under the CCPA is included in this Policy.

Information relevant to California residents covered under the CCPA is included in this Policy.

We do not knowingly collect personally identifiable information from children under 17 years of age.

General Data Protection Regulation

Additionally, we comply with the General Data Protection Regulation (“GDPR”), effective May 25, 2018, which affords European Union (“EU”) residents new rights with respective to their personal information. These rights, limited by the statute and explained below, are as follows:

  • 1. The right to be informed about the collection and use of your personal data;
  • 2. The right of access to information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients, the planned duration of storage or criteria for their definition, information about the rights of the data subject such as rectification, erasure or restriction of processing, the right to object, instructions on the right to lodge a complaint with the authorities, information about the origin of the data, as long as these were not collected from the data subject himself, and any existence of an automated decision-taking process, including profiling, with meaningful information about the logic involved as well as the implications and intended effects of such procedures;
  • 3. The right to rectification of inaccurate personal data when it becomes identified as inaccurate or incomplete;
  • 4. The right to erasure of personal data without undue delay
  • 5. The right to restrict processing of their personal data where they have a particular reason for wanting the restriction;
  • 6. The right to data portability to obtain and reuse personal data across different services;
  • 7. The right to object to the processing of their personal data if it is for direct marketing purposes
  • 8. Rights in relation to automated decision making and profiling to a decision based solely on automated processing

Information relevant to EU residents covered under the GDPR is included in this Policy.

We Collect The Following Types Of Personal Information:

We collect: identifiers, commercial information, internet/electronic activity, geolocation, professional or employment related information, and inferences from the foregoing and we have collected those categories of information from individuals (including residents of California) within the prior twelve months. More specifically, We collect:

  • Information You Provide Us: You may provide Us with your name, email address, address, company, country, phone number or other information. You may provide this information to Us by completing a form or survey, submitting a request for information or content, completing a “contact us” form, entering a contest, subscribing to a newsletter, providing feedback, requesting information about conferences and tradeshows, giving Us a business card, interacting with Us at events, tradeshows, conferences or conventions, or communicating with Us via instant message through the Site. There also may be other, similar ways that you provide Us with information that are not listed above. We will associate the non-identifiable data you provide Us with other personally identifiable information you provide Us.
  • Information We Automatically Collect on the Site:When you visit the Site, click on Our advertisements on other websites, or click on a link to the Site in an email from Us, We will automatically collect information about you through cookies or tracking technologies. As is true of most web sites, We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information We collect about you.
  • Information from Third-party Sources: Information obtained from Third-party Sources like lead generation providers, content sponsors or social media platforms may include marketing or demographic information, your business or contact information, information about you from social media platforms that you use to interact with Us or the Site or other information. We may combine this information with other information you provide to Us or that We automatically collect from you.
  • Archival Information: We collect communications for archival purposes on behalf of and as directed by Our Customers as part of our providing our Services. Archival Information is governed by the services agreement between Us and a Customer. This information may include emails, texts, websites, social media messages or posts, and other forms of data or electronic communications (“Archival Information”) our Customers create. Archival Information includes data about Our Customers and the third parties they correspond with. We do not control or monitor the information Our Customers collect and store through Our services, or their privacy practices or policies. It is Our Customer’s obligation to obtain all necessary consents and to comply with all applicable laws with respect to the Customer’s communications and the use of Our services. Our Customer’s privacy policies or practices apply to: Archival Information, the purposes for which the Customer collects Archival Information, how the Customer may use Archival Information, and what choices the individual may have with respect to Archival Information. Individuals must contact the applicable Customer to correct, amend, or delete applicable Archival Information, or to opt out of any collection, use or disclosure of their information by Our Customer.

  • Customer Information: We also collect information about individuals within Our Customers’ organizations (“Customer Information”). Customer Information is governed by the services agreement between Us and a Customer Customer Information may include information related to the Customer’s account, name, work e-mail address, work phone number, job title or similar kinds of information. We use Customer Information to support the Customer account, maintain Our business relationship with the Customer, respond to Customer inquiries, or perform accounting functions. Customers may update personal information and passwords by logging into the applicable Services and updating their account or by contacting Smarsh through Smarsh Central. Customers may request to to delete their personal information through Smarsh Central. In some cases, We may be unable to delete Customer Information, and in such cases, We will tell you why.

  • Automatically Collected Information in the Services: We collect information automatically in the Services about how Our Customers use the Services (“Automatically Collected Information”). We do this via data collection technologies such as cookies, web beacons, gifs or other tracking technologies, which occurs post-authentication. We collect this information to monitor, support and improve Our services or to provide Customers with certain customized features. We may use Automatically Collected Information to tell Us how Our Customers use Our services, to improve Our services or develop new products, services or features. We may combine this information with other information We collect. We treat Archival Information and Customer Information as confidential and proprietary information of Our Customers, subject to the terms of the service agreement between Us and the Customer. We do not share Archival Information, Customer Information or Automatically Collected Information with third parties unless directed to do so by Our Customer, as may be necessary to provide services to the customer, to Our advisors, channel partners, affiliates, representatives, agents, service providers, in connection with a business transaction (such as a merger or sale), or in response to a court order, subpoena, warrant or to comply with a legal requirement or to cooperate with an investigation. We may disclose Automatically Collected Information or Customer Information for the aforementioned reasons, or to protect Our rights or the rights of Our affiliates, customers, channel partners or service providers. We will retain Archival Information, Automatically Collected Information or Customer Information as necessary to comply with Our legal obligations, resolve disputes, or enforce Our agreements.
We Collect Personal Information For The Following Purposes:
  • To present, operate or improve the Site, including analysis of Site activity;
  • To respond to technical problems;
  • To respond to, process and deliver you communications, requests, surveys, or contest entries;
  • To request feedback about your experience with Our products and services or to learn about your demographics, preferences or interests;
  • To communicate with you about new contests, promotions or rewards, upcoming events, trade shows or conferences, changes to the Site or Our products or services, or other news about products and services (whether offered by Us or Our partners);
  • To provide you with content you request;
  • To customize or personalize your online experience, for example, to pre-populate forms, or to display or provide you with relevant content, advertising or communications;
  • To provide the Services;
  • To enforce or protect any right;
  • To investigate or deter against fraudulent, unauthorized or illegal activity;
  • To otherwise fulfill the purpose for which the information was provided;
  • To update marketing lists and manage databases;

We may link, combine or supplement the information you provide Us with other information We receive from Third-party Sources or with cookies. We do this to help understand your needs and provide you with better products and services, to identify you when you return to Our Site or to pre-populate forms. We may use anonymous, aggregated personal information for different purposes, like market analysis, traffic flow analysis and reporting, or to deliver relevant advertising and information based on click stream data. We may also use this information to examine Our traffic in aggregate, to investigate misuse of Our network, its users, or to cooperate with law enforcement.

We May Use Certain Tracking Technologies To Collect Personal Information:

We may use tracking technologies like cookies, clear gifs, web beacons, web bugs, or other similar technologies. We may receive reports based on the use of these technologies by Third-Party Sources that provide us services on an individual as well as aggregated basis. Cookies are used to identify which website or marketing campaign you came from, which areas of the Site you visited and your actions on the Site, and where you go when you leave the Site. Cookies may be “session” cookies and deleted after you leave the Site or “persistent” cookies that are stored. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, which are used to track the online movements of web users. In contrast to cookies, clear gifs are embedded invisibly on web pages, emails or advertisements and track clicks. We use clear gifs to determine whether Our marketing campaigns are successful, such as to determine whether you open an email We send or whether you click on the links within the emails We send. Generally, We use these technologies to:

  • manage content, analyze trends, monitor page visits and content downloads;
  • administer the site, track users’ movements around the site, and;
  • gather demographic information about Our user base.

We may partner with third-parties to manage Our advertising on third-party sites. Our third-party partners may use technologies such as cookies to gather information about your activities on this Site and other sites to advertise to you based upon your browsing activities and interests. If you do not wish to have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking http://www.networkadvertising.org/managing/opt_out.asp or by visiting the relevant ad network (Google Ads is available here: https://www.google.com/settings/ads). There are multiple other resources that allow you to opt out of web tracking at the browser level by following the browser’s instructions. We respect your Do Not Track choices instituted at the browser level.

We Share Information We Collect In The Following Ways:

We do not sell (as that term in generally understood as in for monetary remuneration), rent or lease the information We collect to third parties. Sale under CCPA is a broader concept. Under CCPA a “sale” is providing access to or disclosing personal information to a third party for monetary or other valuable consideration.

We may share your information as follows:

  • With Our reseller partners, referral partners, channel partners, technology partners, other partners, affiliates, agents, subcontractors, representatives, or services providers;
  • In connection with a divestiture, merger, acquisition, sale, or similar transaction;
  • To protect or enforce Our rights or property, or the rights or property of Our affiliates, channel partners, reseller partners, referral partners, technology partners, other partners, agents, subcontractors, representatives, or services providers;
  • In response to a court order, subpoena, warrant or to comply with a legal requirement or to cooperate with an investigation;
  • To identify persons who may be violating: the law, Our website terms of service, the rights of third parties, or otherwise misusing the Site or its related properties;
  • To Our technology or other third-party service providers such as website hosts, applicant management tools, chat widgets, email marketing campaign and other marketing or sales operations tools, pursuant to written agreements with such providers pursuant to which Our service providers are required to use information solely for the purpose of providing the services, treat information as confidential and provide that any transfers outside of the EEA are subject to standard contractual clauses;
  • With your consent, or to fulfill the purpose for which you provided the information; or
  • As permitted by law.
  • We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Third-Party Service Providers, Widgets, Websites, Ads And Content May Be Provided Through The Site.

The Site may contain links to websites or content sponsored or provided by third parties. These sites and services may use their own cookies or data tracking technologies to collect data or information from you. We do not control the practices of these third parties or their websites or content. We are not responsible for the privacy practices or the content of these third parties. We do not share the information that you provide Us with these third parties, however, these third parties may obtain information about you if you click on a third-party link. Certain widgets on the Site (such as social media widgets), may collect information about you automatically through cookies and may combine information about your use of Our Site with information they collect in other areas. We have no control over the practices of these widgets and are not responsible for their privacy practices. Please visit the privacy policies of these third parties to learn more about how they collect and use your information. Some of the ads you receive on websites are customized based on predictions about your interests generated from your visits over time and across different websites from an ad network. This is called interest-based advertising and is enabled through your computer browser and browser cookies. These ads are provided based on information owned or controlled by an ad network, and subject to the ad network’s privacy policies. We provide you information on how to opt out of these types of interest-based advertisements in the Notice, Access and Choice section of this Policy. We may use other third-party service providers such as an email service provider to send out emails on Our behalf, a career management platform to collect resumes, or a chat widget that allows Us to communicate with you. We may share your information with these service providers, and others, as necessary for them to perform their functions.

We Use Commercially Reasonably Means To Protect The Security Of Your Personal Information.

No method of transmission over the Internet, or method of electronic storage, is 100% secure. We use commercially reasonable means to protect your personal information, but We cannot guarantee its absolute security.

You Have Choice Regarding Providing Personal Information.

We do not require that you provide information through Our Site, however, if you do not choose to provide information, We may not be able to offer or provide services to you. You may opt-out of receiving promotional emails from Us by following the instructions about opting out in those emails. If you opt-out, We may still send you non-promotional communications, such as emails about your accounts, product notices, or Our ongoing business relations.

Opt Out for California Residents under CCPA. A California resident may opt out of having Smarsh transfer information to third-parties for the purposes of offering products or services by clicking the following link: https://www.smarsh.com/do-not-sell-my-personal-information, which will also be available on the footer of the website. Opting out may prevent us from being able to offer you products and services. If you opt out, We may still send you non-promotional communications, such as emails about your accounts, product notices, or Our ongoing business relations.

You Can Request Access To Your Personal Information, Understand Data Retention And Employ The Right To Be Forgotten.

CCPA and GDPR Personal Information Requests. California and EU residents may request personal information or request erasure of personal information not more than twice in a twelve-month period. Smarsh will need to collect information to verify the identity of the requesting California resident. Smarsh will respond to a request from a California resident within thirty days.A California resident can make a personal information request at https://www.smarsh.com/CCPA-request and https://www.smarsh.com/GDPR-request, call Smarsh at 1-866-SMARSH-1, or, email privacy@smarsh.com. In some cases, We may be unable to delete your personal information, in which case We will let you know if We are unable to do so and why.

We will retain your information for as long as We determine is necessary. We will retain data We process on behalf of Our Customers for as long as needed to provide services to Our Customer, or for the retention period requested by a particular Customer or as determined by a particular Service.

Right to be Forgotten. You may contact Us at Smarsh, 851 SW 6th Avenue, Ste 800, Portland, Oregon 97204 or privacy@smarsh.com to access your information that We store and process and to request that We delete or amend your information, or to opt out of your information being shared with third parties. In some cases, We may be unable to delete your personal information, in which case We will let you know if We are unable to do so and why. We will respond to your access request within 30 days.

You Can File A Complaint:

We commit to resolve complaints about Our collection or use of personal information. Individuals with inquiries or complaints regarding Our policy should first contact Smarsh at: privacy@smarsh.com or to Smarsh Inc., Legal Department, 851 SW 6th Ave., Suite 800, Portland, OR 97204. We will respond to your questions or complaints within 30 days. Following receipt of a complaint, if necessary, We will investigate the issue and provide you with information regarding the investigation and resolution of the complaint.

Smarsh
851 SW 6th Avenue
Portland, Oregon 97204
1-866-SMARSH-1
legal@smarsh.com

Prior Versions: