Hardware products with iQ4 Privacy Policy
-
Covered Products (the "SMART Board")
- SMART Board RX series display
- SMART Board MX (V5) series display
- SMART Board MX (V5) Pro series display
- SMART Board QX (V2) Pro series display
- SMART Board M Pro series display
- SMART AM60 appliance
About iQ4
iQ4 is an all-in-one Android™ (a trademark of Google LLC) experience for SMART Board® interactive displays by SMART Technologies ULC. You have one-touch access to a full suite of SMART education and third-party applications without connecting to an external computer. These applications include a powerful whiteboard, a built-in web browser, wireless screen sharing, and more. The iQ4 experience provides a simple, fully integrated experience between personal devices and interactive displays.
Upon your SMART Board’s startup, you are asked to agree to Google’s Privacy Policy. You are also asked to choose a language and a region (USA or Germany) that will tell your Board where to store your data if you log in using your SMART account. You do not need to log in and you may store your data locally on your Board.
Introduction
The following information explains our privacy policy (“Policy”) and practices of SMART Technologies ULC regarding the collection, use and disclosure of your personal information. This Policy makes clear what information we collect from you, how we use and disclose it, and how you can help manage it. SMART is devoted to making sure your privacy rights are respected and personal data is collected and used in accordance with the current and applicable privacy and data protection laws.
SMART supports numerous privacy laws, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). SMART is committed to helping our customers work under these and other stringent regulations and we continue to add in-region solutions. We currently offer American and European data storage for user-created Content and we are satisfied our out-of-region user data processors provide appropriate safeguards for the data they handle. Our SMART Boards and iQ4 are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Therefore, the Children's Online Privacy Protection Act (COPPA) does not apply.
By using iQ4, you are agreeing to this Policy and consenting to SMART's collection, use, and disclosure of your personal information as necessary for the identified purposes or as otherwise identified herein.
Android™
The Android operating system is open-source software by Google LLC. While SMART Boards® currently have their updates usually provided by SMART, there are times (GMS certified for example) when Android connects to Google servers directly. If you’re using an Android device with Google apps, your device periodically contacts Google servers to provide information about your device and connection to Google services. This information includes things like your device type and operator name, crash reports, which apps you've installed, and, depending on your device settings, other information about how you’re using your Android device. By using Android and Google Play Store you are agreeing to Google’s terms and privacy policy.
Opting out or removing personal information and data retention
We do not sell your data, and we do not share personal data with third parties without your permission. A list of the third parties with whom we share data to provide our services to you are detailed below. Data is not shared between sub-processors unless explicitly stated.
SMART will only keep personal data for as long as required to provide the service, or as required for tax and legal reasons. SMART adheres to a document retention policy to ensure this. SMART will respond to customer requests to delete personal data within 30 days.
You may request deletion of your SMART account at any time by emailing privacy@smarttech.com or contacting our support department. Inactive accounts are deleted after two (2) years. All data stored locally on iQ can be deleted by you at any time by resetting it to factory settings.
If you would like to request that your personal information be provided to you for your review, be removed from our services, or be updated, please contact privacy@smarttech.com. In some cases, we may not be able to remove the information or continue to provide services following removal of such information, in which case we will let you know if we are unable to do so and why.
Right of Notification
If SMART becomes aware of a personal data breach, it shall without undue delay, and where feasible, no later than 72 hours after having become aware of it, notify the affected customer and the supervisory authority (if it was for data where SMART was the Data Controller) in accordance with Article 33 of the GDPR, unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. SMART’s communication of a breach shall be in clear and plain language and contain a minimum of:
- Contact details of the Data Protection Officer or other contact person,
- A description of the nature of the breach,
- Likely consequences of the breach,
- Advice on steps data subjects can take to protect themselves, and
- The measures SMART has taken or proposes to take to address the breach
Data Security
SMART's business processes are designed and applied to appropriately safeguard your personal information, having regard to the sensitivity and use of that information. Nevertheless, such security measures may not prevent all loss, misuse, or alteration of personal information provided to SMART, and SMART is not responsible for any damages or liabilities relating to any such security failures. By using our services, you understand that there is a risk that data and communications, including email and other electronic communications, may be accessed by unauthorised third parties when communicated over the Internet. The foregoing does not affect any liability which cannot be excluded or limited under applicable law.
If you have any questions or concerns regarding the security measures applied to the collection, use, or disclosure of your personal information, please contact us.
If you are using a service that involves third-party elements, please review the policies of such third-party service providers as they relate to security and data protection.
Encryption
iQ cloud services use several state-of-the-art security measures, including the same end-to-end 256-bit TLS encryption used by all major banks. We encrypt all your credentials and separate them from your personally identifiable information. We do not store any of your login credentials, including passwords, as these are managed by our single-sign-on (SSO) providers.
Data Types
We collect two types of data, depending on your interaction with us:
“Non-Personal Data” means aggregated non-identifiable information, which may be made available or gathered via your access to and interactions with our services. We are not aware of the identity or other identifiers of the individual from which the Non-Personal Data is collected. The Non-Personal Data being collected may include aggregated usage information, as well as technical information transmitted by your device, such as the type of browser or device, type of operating system, device settings and technical software data, etc.
“Personal Data” or “Personal Information” means individually identifiable information, namely information that identifies a natural person (not a corporation) or may, with reasonable effort, be used to identify a natural person.
For avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.
We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, or data concerning a person's health (“Special Categories of Personal Data”).
It is important to remember that customers and users are two distinct groups:
Customers are typically an organisation (e.g. local authority, school, company) and not a personally identifiable individual. The identifiable information we require is from the organisational purchaser for transactional purposes. The customer should not be providing SMART with personally identifiable information unless permissible by law and the customer’s policies.
Users (e.g. teachers, students) are generally not the ones who purchased or set up the account (i.e. IT administrators) and users are only accessing Lumio because the customer’s administrator has granted them access. As such, SMART’s exposure to personally identifiable information only comes from how the customer operates when providing email addresses and names of users to SMART and from user-created Content. If you have a concern as a user about your PII, you must demand that the customer provide only non-identifiable information to SMART and you as a user must only create Content with no PII in it.
Required data that SMART processes for customers
Processor | Country where data is processed/stored | Purpose | Data collected/processed |
---|---|---|---|
SMART Technologies ULC | Canada | Required. When a SMART Board® interactive display with iQ is used it automatically reports the following categories of non-PII back to SMART so we can determine if the product needs an automatic update (over the air (OTA)) and from what server to deliver that update from. |
All users (anonymous):
|
Blue Ocean Contact Centers, Inc. | Canada | Live customer support | All callers (identifiable):
|
Hubspot, Inc. | Germany | Required customer communications |
All customers (identifiable):
|
Third-party sub-processors for non-signed-in users
Processor | Country where data is processed/stored | Purpose | Data collected/processed |
---|---|---|---|
Amazon Web Services, Inc., Amazon Web Services EMEA SARL | USA or Germany |
Optional usage analytics; data is stored and processed prior to being sent to MixPanel. Can be turned off within product. |
All users (anonymous and can be turned off):
|
Crashlytics (Google LLC) | USA |
Optional crash data. Can be turned off within product. |
All users (possibly identifiable if user agrees to be contacted and enters email address, but can be turned off):
|
Google LLC, Google Germany GmbH | USA or Germany | Required when accessing GMS-certified applications on iQ4. Android connects to Google servers directly and depending on your Android privacy settings may provide information about your device and connection to Google services in accordance with Google’s Privacy Policy and Terms. |
All users (identifiable but optional use):
|
Hubspot, Inc. | Germany | Optional (express opt-in) marketing communications |
People who expressly opted in to marketing communications:
|
Mixpanel, Inc. | USA |
Optional usage analytics and visualisation. Can be turned off within product. |
All users (anonymous and can be turned off):
|
MongoDB, Atlas | United States or Germany | Required for data processing |
All users:
|
Third-party sub-processors for signed-in users to SMART Board®, iQ Whiteboard, or Files Library application
Processor | Country where data is processed/stored | Purpose | Data collected/processed |
---|---|---|---|
Amazon Web Services, Inc., Amazon Web Services EMEA SARL | USA or Germany |
Optional usage analytics; data is stored and processed prior to being sent to MixPanel. Reports can be turned off within product. Required for storage. We offer both an American and European data storage option. |
Usage analytics
All users (anonymous and can be turned off):
Guests (anonymous):
|
Crashlytics (Google LLC) | USA |
Optional crash data. Reports can be turned off within product. |
All users (possibly identifiable if user agrees to be contacted and enters email address. Can be turned off):
|
Google LLC, Google Germany GmbH | USA or Germany and Belgium (Firebase) |
Google Cloud Datastore Google Firebase Google Memcache Google Single-Sign-On (SSO) Google Drive integration |
Signed-in students (identifiable):
Guests (anonymous):
|
Hubspot, Inc. | Germany | Optional (express opt-in) marketing communications |
People who expressly opted in to marketing communications:
|
Microsoft, Inc., Microsoft Deutschland GmbH | USA or Germany |
Optional and only used if you use Microsoft as your single sign-on (SSO) provider to access Lumio. Microsoft provides SMART with required account details. |
Students (identifiable):
|
Mixpanel, Inc. | USA |
Required for product improvement and service monitoring. Mixpanel allows us to analyse how our de-identified users interact with Lumio. It is designed to identify trends, understand common aggregated usage behaviour, and help us make better decisions on how to improve the usability and features of our product. This data is also used to track how long it takes our servers to complete actions like opening files, which helps us measure service health and up/downtime. |
All users (anonymous):
|
MongoDB, Inc., MongoDB Deutsche GmbH | USA or Germany |
Required. We use MongoDB Atlas for SMART ID mappings (Lumio teacher activation) and session management. |
Signed-in students & teachers:
|
Radix | USA or Germany (uses AWS) |
Optional remote management (allows remote controlling and configuration). |
All customers (identifiable):
If user is signed in via Google Mobile Services (GMS) then the following Google data is shared with Radix:
|
Redis Ltd., Redis EMEA Ltd. | USA or Germany |
Required short-term shared cache, required for Lumio session management. |
Guests, students, teachers:
|
Sentry.io (Functional Software, Inc.) | USA |
Required automatic error reporting: If a SMART application encounters an issue, the application automatically sends the following anonymous information to Sentry.io. Optional self-error reporting: After automatic error reporting is complete, users are given the option to provide their name, their email address, and additional information about the error. Users are also asked if they wish SMART to follow up with them. This optional personal information is stored in Salesforce (located in the United States) and shared with our customer support team. |
Guests, students, teachers: Automatic error reporting (anonymous):
|
Splunk Inc. | USA |
Required metadata including system logs and performance. |
All users (anonymous):
|
Third-party content providers like YouTube® (Google LLC) | Depends on third-party providers |
Optional content or activity a teacher may add to a lesson. We cannot control what data a third party directly collects when a teacher or student decides to include it in a lesson. By using YouTube videos or other YouTube API clients (uses YouTube API Services), you are agreeing to be bound by YouTube’s Terms of Service and Privacy Policy. |
Guests, students, teachers:
|
Changes to the Privacy Policy
We reserve the right to change this Privacy Policy from time to time, at our sole discretion. The most recent version of the Privacy Policy will always be posted on the website and the update date will be reflected in the “Last modified” heading. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Any material amendments to the Privacy Policy will become effective within 30 days upon the display of the modified Privacy Policy. We recommend you review this Privacy Policy periodically to ensure that you understand our most up-to-date privacy practices.
In the event of a conflict or variance between this Privacy Policy and the GDPR’s standard contractual clauses (“SCCs”) the provisions of (in order of precedence) shall prevail: (i) SCCs; (ii) this Privacy Policy.
HAVE A QUESTION FOR US? We would love to hear from you: