Hardware products with iQ4 Privacy Policy

  • Covered Products (the "SMART Board")

    • SMART Board RX series display
    • SMART Board MX (V5) series display
    • SMART Board MX (V5) Pro series display
    • SMART Board QX (V2) Pro series display
    • SMART Board M Pro series display
    • SMART AM60 appliance

About iQ4

iQ4 is an all-in-one Android™ (a trademark of Google LLC) experience for SMART Board® interactive displays by SMART Technologies ULC. You have one-touch access to a full suite of SMART education and third-party applications without connecting to an external computer. These applications include a powerful whiteboard, a built-in web browser, wireless screen sharing and more. The iQ4 experience provides a simple, fully integrated experience between personal devices and interactive displays.

Upon your SMART Board’s start up you are asked to agree to Google’s Privacy Policy. You are also asked to choose a language and a region (USA or Germany) that will tell your Board where to store your data if you log-in using your SMART account. You do not need to log-in and you may store your data locally on your Board.

Introduction

The following information explains our privacy policy (“Policy”) and practices of SMART Technologies ULC regarding the collection, use and disclosure of your personal information. This Policy makes clear what information we collect from you, how we use and disclose it and how you can help manage it. SMART is devoted to making sure your privacy rights are respected and personal data is collected and used in accordance with the current and applicable privacy and data protection laws.

SMART supports numerous privacy laws including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). SMART is committed to helping our customers work under these and other stringent regulations and we continue to add in-region solutions. We currently offer American and European data storage for user created Content and we are satisfied our out-of-region user data processors provide appropriate safeguards for the data they handle. Our SMART Boards and iQ4 are not directed to children under the age of 13 and we do not knowingly collect personal information from children under 13. Therefore, the Children's Online Privacy Protection Act (COPPA) does not apply.

By using iQ4, you are agreeing to this Policy and consenting to SMART's collection, use and disclosure of your personal information as necessary for the identified purposes or as otherwise identified herein.

Android

The Android operating system is open-source software by Google LLC. While SMART Boards® currently have their updates usually provided by SMART, there are times (GMS certified for example) when Android connects to Google servers directly. If you are using an Android device with Google apps, your device periodically contacts Google servers to provide information about your device and connection to Google services. This information includes things like your device type and carrier name, crash reports, which apps you have installed and, depending on your device settings, other information about how you are using your Android device. By using Android and Google Play Store you are agreeing to Google’s terms and privacy policy.

Opting out or removing personal information and data retention

We do not sell your data and we do not share personal data with third parties without your permission. A list of the third parties we share data to provide our services to you are detailed below. Data is not shared between sub-processors unless explicitly stated.

SMART will only keep personal data for as long as required to provide the service or as required for tax and legal reasons. SMART adheres to a document retention policy to ensure this. SMART will respond to customer requests to delete personal data within 30 days.

You may request deletion of your SMART account at any time by e-mailing privacy@smarttech.com or contacting our support department. Inactive accounts are deleted after two (2) years. All data stored locally on iQ can be deleted by you at any time by resetting it to factory settings.

If you would like to request that your personal information be provided to you for your review, be removed from our services or be updated, please contact privacy@smarttech.com. In some cases, we may not be able to remove the information or continue to provide services following removal of such information, in which case we will let you know if we are unable to do so and why.

Right of Notification

If SMART becomes aware of a personal data breach, it shall without undue delay and where feasible, no later than 72 hours after having become aware of it, notify the affected customer and the supervisory authority (if it was for data where SMART was the Data Controller) in accordance with Article 33 of the GDPR, unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. SMART’s communication of a breach shall be in clear and plain language and contain a minimum of:

  1. Contact details of the Data Protection Officer or other contact person,
  2. A description of the nature of the breach,
  3. Likely consequences of the breach,
  4. Advice on steps data subjects can take to protect themselves and
  5. The measures SMART has taken or proposes to take to address the breach

Data Security

SMART's business processes are designed and applied to appropriately safeguard your personal information, having regard to the sensitivity and use of that information. Nevertheless, such security measures may not prevent all loss, misuse or alteration of personal information provided to SMART and SMART is not responsible for any damages or liabilities relating to any such security failures. By using our services, you understand that there is a risk that data and communications, including e-mail and other electronic communications, may be accessed by unauthorised third parties when communicated over the Internet. The foregoing does not affect any liability which cannot be excluded or limited under applicable law.

If you have any questions or concerns regarding the security measures applied to collection, use or disclosure of your personal information please contact us.

If you are using a service that involves third-party elements, please review the policies of such third-party service providers as they relate to security and data protection.

Encryption

iQ cloud services uses several state-of-the-art security measures, including the same end-to-end 256-bit TLS encryption used by all major banks. We encrypt all your credentials and separate them from your personally identifiable information. We do not store any of your login credentials, including passwords as these are managed by our single-sign-on (SSO) providers.

Data Types

We collect two types of data, depending on your interaction with us:

“Non-Personal Data” means aggregated non-identifiable information, which may be made available or gathered via your access to and interactions with our services. We are not aware of the identity or other identifiers of the individual from which the Non-Personal Data is collected. The Non-Personal Data being collected may include aggregated usage information, as well as technical information transmitted by your device, such as the type of browser or device, type of operation system, device settings and technical software data, etc.

“Personal Data” or “Personal Information” means individually identifiable information, namely information that identifies a natural person (not a corporation) or may, with reasonable effort, be used to identify a natural person.

For avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data concerning a person's health (“Special Categories of Personal Data”). 

It is important to remember that customers and users are two distinct groups:

Customers are typically an organization (e.g., district, school, company) and not a personally identifiable individual. The identifiable information we require is from the organizational purchaser for transactional purposes. The customer should not be providing SMART with personally identifiable information unless permissible by law and the customer’s policies.

Users (e.g., teachers, students) are generally not the ones who purchased or set up the account (i.e., IT administrators) and users are only accessing Lumio because the customer’s administrator has granted them access. As such, SMART’s exposure to personally identifiable information only comes from how the customer operates when providing e-mail addresses and names of users to SMART and from user created Content. If you have a concern as a user about your PII you must demand the customer provide only non-identifiable information to SMART and you as a user must only create Content with no PII in it.

Required data that SMART processes for customers

Processor Country Data is Processed/Stored Purpose Data Collected/Processed
SMART Technologies ULC Canada Required. When a SMART Board® interactive display with iQ is used it automatically reports the following categories of non-PII back to SMART, so we can determine if the product needs an automatic update (over the air (OTA)) and from what server to deliver that update from.

All Users (anonymous):

  • Model number
  • OS and OS version
  • App build details (version)
  • Brand (SMART)
  • SMART Board Configuration (Legacy, ENT or EDU)
  • Browser
  • Information obtained from partial IP address:
    • City
    • Country
    • Region
  • Screen DPI
  • Screen height and width
  • Timestamp of when data collected
  • Firmware Version (iQ version)
  • Hardware SKU
  • Last Seen (when the last report came)
  • Panel family-type (What model panel the iQ appliance is in)
Blue Ocean Contact Centers, Inc. Canada Live Customer Support All Callers (identifiable):
  • Title
  • First Name
  • Last Name
  • Organisation calling on behalf of
  • Address
  • Shipping Address if parts needed
  • E-mail
  • Phone number
  • Serial number of the product
  • Issue reported
  • Attachments (pictures, e-mails, etc.)
  • Existing incident number (if any)
  • Preferred reseller
  • Comments about service received
  • Call recording (if not opted out of)
HubSpot, Inc. Germany Required customer communications All Customers (identifiable):
  • Contact information (name, e-mail address, address, phone number)
  • Purchase information (product)

Third-party sub-processors for non-signed-in users

Processor Country Data is Processed/Stored Purpose Data Collected/Processed
Amazon Web Services, Ltd., Amazon Web Services EMEA SARL USA or Germany

Optional usage analytics; data is stored and processed prior to being sent to MixPanel.

Can be turned off within product.

All Users (anonymous and can be turned off):
  • See metadata fields below in the MixPanel section
Crashlytics (Google LLC) USA Optional crash data.

Can be turned off within product.
All Users (possibly identifiable if user agrees to be contacted and enters e-mail address but can be turned off):
  • Operating system
  • System platform
  • Browser
  • Browser language
  • Referrer (if from a search engine or another site)
  • Screen resolution
  • Whether cookies are enabled
  • Whether Java is enabled
  • Last page on SMART site seen (handles navigation)
  • E-mail address (optional)
Google LLC, Google Germany GmbH USA or Germany Required when accessing GMS certified applications on iQ4. Android connects to Google servers directly and depending on your Android privacy settings may provide information about your device and connection to Google services in accordance with Google’s Privacy Policy and Terms. All Users (identifiable but optional use):
  • Device type and carrier name
  • Crash reports
  • Other information about how you are using your Android device
HubSpot, Inc. Germany Optional (express opt-in) marketing communications People Who Expressly Opted-In To Marketing Communications:
  • Contact information (name, e-mail address, address, phone number)
  • Purchase Information (product)
MixPanel, Inc. USA

Optional usage analytics and visualization.

Can be turned off within product.

All Users (anonymous and can be turned off):
  • Device Serial Number
  • DP Data Version
  • DP Debug
  • DP Import Version
  • Firmware Version
  • Front IO FW Version
  • HW Part Number
  • HW Revision
  • Library Version
  • FW Version
  • Mainboard FW Version
  • Manufacturer
  • Model
  • Country Code
  • Mp lib
  • NFC FW Version
  • Operating system
  • OS Version
  • Panel Codename
  • Panel Model Name
MongoDB, Atlas United States or Germany Required for data processing All Users:
  • Pseudoanonymous Metadata
  • Pseudoanonymous SMART ID holds mappings between users and entitlements/domains
  • Pseudoanonymous Session Management – For WMB
  • Anonymous data of uploaded images (For Content services)

Third Party Sub-Processors for Signed-In Users to SMART Board®, iQ Whiteboard or Files Library Application

Processor Country Data is Processed/Stored Purpose Data Collected/Processed
Amazon Web Services, Ltd., Amazon Web Services EMEA SARL USA or Germany

Optional usage analytics; data is stored and processed prior to being sent to MixPanel. Reports can be turned off within product.

Required for storage. We offer both an American and European data storage option.

AWS Privacy
AWS GDPR

Usage Analytics

All Users (anonymous and can be turned off):

  • See metadata fields below in the MixPanel section
Storage

Guests (anonymous):

  • Self-chosen display name
  • Created content
Signed-in Students (identifiable):
  • First and last name
  • E-mail
  • Created content
  • SMART user ID
Signed-in Teachers (identifiable):
  • Account information
  • First and last name
  • E-mail
  • Created content
  • SMART user ID
  • Organisation ID
  • Aggregate activity of teachers
Crashlytics (Google LLC) USA

Optional Crash data.

Reports can be turned off within product.

All Users (possibly identifiable if user agrees to be contacted and enters e-mail address. Can be turned off):
  • Operating system
  • System platform
  • Browser
  • Browser language
  • Referrer (if from a search engine or another site)
  • Screen resolution
  • Whether cookies are enabled
  • Whether java is enabled
  • Last page on SMART site seen (handles navigation)
  • E-mail address (optional)
Google LLC, Google Germany GmbH USA or Germany and Belgium (Firebase)

Google Cloud Datastore
Required for login and account administration for SSO login with Google, Microsoft, Salesforce.

Google Firebase
Required for basic functionality (Firebase is a Backend-as-a-Service (BaaS) cloud-computing solution we use for real-time (temporary) automated computer processing).

Google Memcache
Required for sign-in process, short-term shared cache.

Google Single-Sign-On (SSO)
Optional and only used if you use Google as your single-sign-on (SSO) provider to access Lumio. Google provides SMART with the required account details.

Google Drive Integration
Optional and used for browsing and editing Google Drive files in the Files Library.


Signed-in Students (identifiable):
  • First and last name
  • E-mail
  • Profile picture (if set)
  • SMART user ID
  • External user ID
Signed-in Teachers (identifiable):
  • Account information
  • First and last name
  • E-mail
  • Profile picture (if set)
  • SMART user ID
  • External user ID
  • Created content
Firebase

Guests (anonymous):

  • Self-chosen display name
  • Created content
Signed-in Students (identifiable):
  • First and last name
  • SMART user ID
  • Created content
Signed-in Teachers (identifiable):
  • Account information
  • First and last name
  • SMART user ID
  • Created content
HubSpot, Inc. Germany Optional (express opt-in) marketing communications People Who Expressly Opted-In To Marketing Communications:
  • Contact information (name, e-mail address, address, phone number)
  • Purchase Information (product)
Microsoft, Inc., Microsoft Deutschland GmbH USA or Germany

Optional and only used if you use Microsoft as your single-sign-on (SSO) provider to access Lumio. Microsoft provides SMART with required account details.

Students (identifiable):
  • First and last name
  • E-mail
  • Profile picture (if set)
Teachers (identifiable):
  • Account information
  • First and last name
  • E-mail
  • Profile picture (if set)
MixPanel, Inc. USA

Required for product improvement and service monitoring. MixPanel allows us to analyse how our de-identified users interact with Lumio. It is designed to identify trends, understand common aggregated usage behavior and helps us make better decisions on how to improve the usability and features of our product. This data is also used to track how long it takes our servers to complete actions like open files, which helps us measure service health and up/downtime.

All Users (anonymous):
  • Device Serial Number
  • DP Data Version
  • DP Debug
  • DP Import Version
  • Firmware Version
  • Front IO FW Version
  • HW Part Number
  • HW Revision
  • Library Version
  • FW Version
  • Mainboard FW Version
  • Manufacturer
  • Model
  • Country code
  • Mp lib
  • NFC FW Version
  • Operating system
  • OS Version
  • Panel Codename
  • Panel Model Name
  • Panel Part Number
  • Panel Size
  • Panel Subfamily type
  • Pen FW Version
  • Pen Tray FW Version
  • Region
  • Screen DPI
  • Screen Height
  • Screen Width
  • Touch FW Version
  • UTC Event Time
  • Widevine Level
  • Wifi
MongoDB, Inc., MongoDB Deutsche GmbH USA or Germany

Required. We use MongoDB Atlas for SMART ID mappings (Lumio teacher activation) and session management.

Signed-in Students and Teachers:
  • Teacher e-mail
  • SMART User ID
Radix USA or Germany (uses AWS)

Optional remote management (allows remote controlling and configuration).

All Customers (identifiable):

If user is signed in via Google Mobile Services (GMS) then the following Google data is shared with Radix

  • Google Account ID (e-mail address for owner/user)
Redis Ltd., Redis EMEA Ltd. USA or Germany

Required short-term shared cache, required for Lumio session management.

Guests, Students, Teachers:
  • SMART user ID
  • Content ID (unique ID of Lumio file)
Sentry.io (Functional Software, Inc.) USA

Required automatic error reporting: If a SMART application encounters an issue the application automatically sends the following anonymous information to Sentry.io.

Optional self-error reporting: After automatic error reporting is complete, users are given the option to provide their name, e-mail address and additional information about the error. Users are also asked if they wish SMART to follow up with them. This optional personal information is stored in Salesforce (located in the United States) and shared with our customer support team.

Guests, Students, Teachers:
Automatic Error Reporting (anonymous):
  • Lesson ID (no PII)
  • User ID and Session IDs (hashed and salted to maintain anonymity)
  • Request header (application and version, platform, operating system, browser, language, date and time)
  • Bread crumbs (last pages visited and links clicked)
Optional User Error Reporting (identifiable):
  • Name, e-mail address and additional information about the error
Splunk Inc. USA

Required metadata including system logs and performance.

All Users (anonymous):
  • SMART user ID
  • Mapping of IP address to city and country (full IP address not captured)
Guests, Students, Teachers (anonymous):
  • User agent header
Third-party content providers like YouTube® (Google LLC) Depends on third-party providers

Optional content or activity a teacher may add to a lesson. We cannot control what data a third party directly collects when a teacher or student decides to include it in a lesson.

By using YouTube videos or other YouTube API Clients (uses YouTube API Services), you are agreeing to be bound by YouTube’s Terms of Service and Privacy Policy.

Guests, Students, Teachers:
  • Depends on third-party provider
For premium content that SMART provides, we only report anonymous usage to the third-party publisher.

Changes to the Privacy Policy

We reserve the right to change this Privacy Policy from time to time, at our sole discretion. The most recent version of the Privacy Policy will always be posted on the website and the update date will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Any material amendments to the Privacy Policy will become effective within 30 days upon the display of the modified Privacy Policy. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

In the event of a conflict or variance between this Privacy Policy with the GDPR’s standard contractual clauses (“SCCs”) the provisions of (in order of precedence) shall prevail: (i) SCCs; (ii) this Privacy Policy.

HAVE A QUESTION FOR US? We would love to hear from you:

SMART Technologies ULC
Attention: Legal Department
Suite 600 – 214, 11 Ave SW
CALGARY, AB CANADA T2R 0K1
+1.403.245.0333

SMART’s Privacy Office
1012388_1
Last Updated: August 30, 2024