SMART Board GX Zero (the “GX Zero”) Privacy Policy
Introduction
The following information explains our privacy policy (the “Policy”) and practices of SMART Technologies ULC (together with its subsidiaries, collectively "SMART", “we” or “us”) regarding the collection, use and disclosure of your personal information. This Policy makes clear what information we collect from you, how we use and disclose it, and how you can help manage it. SMART is devoted to making sure your privacy rights are respected, and personal data is collected and used in accordance with the current and applicable privacy and data protection laws.
SMART supports numerous privacy laws including the European Union’s General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). We currently offer American and European data storage for user created content and are satisfied our out-of-region user data processors provide appropriate safeguards for the data they handle. The GX Zero is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Therefore, the Children's Online Privacy Protection Act (COPPA) does not apply to the GX Zero. If you become aware that a child under the age of 13 has provided any personal data to us while using the GX Zero please email us at privacy@smarttech.com and we will investigate the matter and, if appropriate, delete the personal data.
By using the GX Zero, you agree to this Policy and consent to SMART's collection, use and disclose your personal information as necessary for the identified purposes or as otherwise identified herein.
About GX Zero
The SMART Board® GX Zero is a series of operating system free advanced interactive flat panel displays designed to revolutionize collaboration and engagement in both educational and business environments. With just one cable you can easily connect your laptop, room computer or one of SMART's OPS (open pluggable specification) modules to convert static files into interactive sessions.
Opting out or removing personal information and data retention
We do not sell your data, and we do not share personal data with third parties without your consent. A list of the third parties we share data to provide our services to you are detailed below.
SMART will only keep personal data for as long as required to provide the service, or to comply with statutory requirements. When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws.
You may request deletion of your SMART account at any time by e-mailing privacy@smarttech.com or contacting our support department. SMART will respond to customer requests to delete personal data within 30 days. Inactive unpaid accounts are deleted after two (2) years. All data stored locally on the GX Zero can be deleted by you at any time by resetting it to factory settings.
If you would like to request that your personal information be provided to you for your review, be removed from our services, or be updated, please contact privacy@smarttech.com.
Your rights
Subject to applicable law, including exceptions, you have the following rights with regard to the personal data that we collect about you:
- right to ask what personal data we have about you and how we use;
- right to request a copy of the personal data that we hold about you;
- right to request that we correct or amend your personal data;
- right to request deletion of your personal data; and
- right to ask us to stop or limit how we process your personal data.
To protect your privacy and security, we may need to verify your identity before acting on certain requests, to the extent permitted by law. If someone is making the request on your behalf (like an authorized agent) and they don’t provide proof of authority (such as a power of attorney), we may ask for additional evidence, like written authorization, or contact you directly to confirm the request.
If you would like to exercise your rights regarding your personal data, you can do so by:
- emailing your request to us at: privacy@smarttech.com
- contacting us by postal mail at:
+1.403.245.0333
Notification of Breach
If SMART becomes aware of a personal data breach, it shall without undue delay, and where feasible, no later than 72 hours after having become aware of it, notify the affected customer and the supervisory authority (if it was for data where SMART was the Data Controller) in accordance with Article 33 of the GDPR, unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. SMART’s communication of a breach shall be in clear and plain language and contain a minimum of:
- Contact details of the Data Protection Officer or other contact person,
- A description of the nature of the breach,
- Likely consequences of the breach,
- Advice on steps data subjects can take to protect themselves, and
- The measures SMART has taken or proposes to take to address the breach
Data security
SMART's business processes are designed and applied to appropriately safeguard your personal information, having regard to the sensitivity and use of that information. Nevertheless, such security measures may not prevent all loss, misuse or alteration of personal information provided to SMART, and SMART is not responsible for any damages or liabilities relating to any such security failures. By using our services, you understand that there is a risk that data and communications, including e-mail and other electronic communications, may be accessed by unauthorized third parties when communicated over the Internet. The foregoing does not affect any liability which cannot be excluded or limited under applicable law.
If you have any questions or concerns regarding the security measures applied to collection, use or disclosure of your personal information please contact us.
If you are using a service that involves third party elements, please review the policies of such third-party service providers as they relate to security and data protection.
Changes to the policy
We reserve the right to update this Privacy Policy from time to time to reflect changes to our products and services, operations, or to meet new legal and regulatory requirements. Any material amendments will be communicated to customers 30 days in advance and become binding once posted online.
Data Types
It is important to remember that customers and users are two distinct groups:
Customers are typically an organization (e.g., district, school, company) and not a personally identifiable individual. The identifiable information we require is from the customer for transactional purposes. The customer shall not provide SMART with personally identifiable information unless permissible by law and the customers’ policies.
Users (e.g., teachers, students) are generally not the ones who purchased or set up the GX Zero (e.g., IT administrators) and only access our software, such as Lumio because the customers’ IT administrator has granted them access. As such, SMART’s exposure to personally identifiable information only comes from how the customer operates when providing e-mail addresses and names of users to SMART and from user created Content. If you have a concern as a user about your PII you must demand the customer (your organization) provide only non-identifiable information to SMART and you as a user must only create Content with no PII in it.
We collect two types of data, depending on your interaction with us:
“Non-Personal Data” means aggregated non-identifiable information, which may be made available or gathered via your access to and interactions with our services. We are not aware of the identity or other identifiers of the individual from which the Non-Personal Data is collected. The Non-Personal Data being collected may include aggregated usage information, as well as technical information transmitted by your device, such as the type of browser or device, type of operation system, device settings and technical software data, etc.
“Personal Data” or “Personal Information” means individually identifiable information, namely information that identifies a natural person (not a corporation) or may, with reasonable effort, be used to identify a natural person.
We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person's health (“Special Categories of Personal Data”).
Required data that SMART processes for customers
| Processor | Country Data is Processed/Stored | Purpose | Data Collected/Processed |
|---|---|---|---|
| Blue Ocean Contact Centers, Inc. | Canada |
Live Customer Support |
All Callers (identifiable):
|
| Call Miner | Canada |
Support Optional. Processing for telephone interactions (option to opt-out of call recordings), required for e-mail. Call Miner is a sub-processor providing omnichannel interaction analytics powered by AI and machine learning. Call Miner analyzes customer support interactions, including recorded calls and e-mails, which are temporarily stored in CallMiner. The metadata is retained in CallMiner for analysis of the customer experience and trending information regarding the interactions between agent and customer. |
Identifiable:
|
| Gainsight, Inc. | USA |
Customer Communications Required if you opt-in to receive marketing communications. Applicable only to North American Customers. We use Gainsight, which is a customer relationship management (CRM) tool, for e-mail (name, e-mail address, company information) marketing to individuals and organizations. |
Identifiable account and purchase information |
| Google, LLC | USA |
Marketing & Support Required if you opt-in to receive marketing communications. Used to create a lookalike audience who may be interested in SMART because they are similar to individuals that have already expressly opted in to receive certain communications, such as marketing, SMART solutions, events and special offers. Required if you use the optional method of on-line customer support via Google Forms. Only used for processing of support forms. Google Forms are also used when a purchaser is engaged with our Field Services (i.e., onsite support). |
Identifiable contact information |
| HubSpot Germany GmbH | Germany |
Required customer communications. Required. We use HubSpot, which is a customer relationship management (CRM), for certain communications, such as customer transactional e-mails, outreach, and training. |
Identifiable account and purchase information |
| USA |
Marketing Required if you opt-in to receive marketing communications. |
Identifiable contact information |
|
| Meta Platforms, Inc. | USA |
Marketing Required if you opt-in to receive marketing communications. |
Identifiable contact information |
| Microsoft, Inc. | Canada |
Processing, Back-Office
Required for our enterprise resource planning (ERP) system, which is software to manage the day-to-day business activities such as accounting, procurement, project management and supply chain operations, as well as our e-mail (Outlook), Confluence, PowerBI® (data visitation), Azure DevOps, and SharePoint® (document management), as well as all the other standard Microsoft Office software titles, like Word, Excel, and PowerPoint. |
Identifiable account and purchase information |
| Outreach Corporation | USA |
Marketing Required if you opt-in to receive marketing communications. |
Identifiable account and purchase information |
| Salesforce.com, Inc | USA |
Ordering, Marketing, Channel Support Required order information (product, quantity, price and tax, delivery). Required for our customer relationship management (CRM). Required to allow our authorized distributors and resellers to work together with SMART. Basic customer and purchase information is shared between SMART and its authorized distributors and resellers. |
Identifiable account and purchase information |
| SMART Authorized Distributors, Resellers and SMART’s Regional Office(s) | Global |
Ordering and Support |
Identifiable account information
Order information
|
| Snowflake, Inc. | Canada |
Processing, Back-Office Required. Snowflake aggregates and centralizes SMART’s customer data from multiple sources (Salesforce, Microsoft Dynamics, HubSpot, Oracle/OBIEE, Pivotal). Required for processing and back-office. |
Identifiable account and purchase information |
Contact us
If you have any questions or concerns related to this Privacy Policy or the processing of your Personal Data, you may contact our privacy team as follows: