Smartsheet Services Privacy Notice

Last Updated: May 17, 2019

This notice applies with respect to personal data we process when you sign up for or use the Services.

Scope

Personal Data We Collect

How We Use Personal Data

How We Share Personal Data

Integrations; Notifications; Linked Websites

Mobile Application

Choices Relating to Your Use of the Services

Who We Are

Your Choices

Your Rights

Personal Data Retention

How We Protect Personal Data

Children

International Transfers and Privacy Shield Notice

Changes to this Notice

How to Contact Us

English Version Controls

 


 

Scope

Content Out of Scope. Our Services permit customers to share and manage information by uploading and submitting ‘content’ that can be shared, stored, and accessed through the Services. This notice does not cover that content, including any personal data contained in it. Customers control the nature of the content and are the data controllers. We are a data processor of such content, which means we only use it as directed by customers.  

Sharing With Other Users of the Services. Some of the features and functionality of the Services involve disclosure of your personal data to other users of the Services; for example, your name, email address, and profile image may be displayed when a user views collaborators on a “sheet” and users may see the history details on a sheet (e.g., your email, access/edits, date and time stamp, etc.). Customers, as data controllers, control the disclosure of content with other users of the Services. We, as a data processor, follow instructions from customers with respect to how their content is shared with other users of the Services.

Organizational Users. When you use the Services on behalf of an organization (e.g., your employer), your use is administered and provisioned by your organization in accordance with its own policies regarding the use and protection of personal data. With respect to personal data contained in content, we are collecting and processing your personal data on behalf of your organization, who is the data controller. Smartsheet is not responsible for the privacy or security practices of our customers. We may also share personal data with your organization about your use of the Services that may include technical details (e.g., metadata) relating to your content or usage of the Services. If you have questions about how your data is being accessed or used by your organization, please refer to your organization's privacy policy and direct your inquiries to your organization’s system administrator. Please note that if you lose access to your account (e.g, change of employment), you may lose access to content associated with that account.

 

Personal Data We Collect

We collect personal data directly from you, from third parties, and automatically when you use the Services. We collect this personal data for the purposes outlined below in ‘How We Use Personal Data’. If we cannot collect this data, we may be unable to on-board you as a customer or provide the Services to you. See this table for categories of personal data we collect.

 

How We Use Personal Data

We will only use your personal data if we have a lawful basis to do so, as illustrated by this table. Specifically, we use your personal data at your instruction or as follows:

Provision of Services. To provide and operate our Services, fulfill your orders and requests, process your payments, for bug and error reporting and resolution, to perform upgrades and maintenance, and for similar purposes. This may include the use of machine or deep learning technologies, as described in the Analytics and Improvement paragraph below.

Customer Support. To communicate with you about your use of the Services; to respond to your communications, complaints and inquiries; to provide technical support; and for other customer service and support purposes.

Personalization. To tailor content we send or display to you in order to offer location customization (e.g., setting a default language) and to otherwise personalize your experience using the Services.

Identifying Customer Opportunities. To assess potential customer opportunities as they relate to engaging new users, meeting the demands of our customers, and enhancing particular users’ experiences (e.g., engaging with customer user groups).

Analytics and Improvement. To better understand how our users access and use the Services, and for other research and analytical purposes (e.g., to evaluate and improve the Services and develop additional products, services, and features). We may use machine or deep learning technologies for these purposes which may allow us to provide users predictive tips and other features (e.g., suggestions for column types or text).

Protect Legal Rights and Prevent Misuse. To protect the Services and the rights of users and other individuals; to prevent unauthorized access and other misuse; and where we believe necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our terms of use or this notice. We may use machine or deep learning technologies for these purposes (e.g., for fraud prevention or detection).

Comply with Legal Obligations. To comply with the law or legal proceedings; for example, we may disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement requests.

General Business Operations. Where necessary for the administration of our general business, accounting, recordkeeping, and legal functions.

 

How We Share Personal Data

We will not sell your personal data to a third party or allow a third party to use personal data we provide for its own marketing purposes. We may share information about you with your consent, at your request (including when you use 'Integrations or Notifications'), or as follows:

To Your Organization. If you use Smartsheet on behalf of an organization (e.g., your employer), that organization may (i) access information associated with your use of the Services including usage and other data (e.g., who has accessed, shared, amended, created, edited, or deleted content), and the contents of the communications and files associated with your account; (ii) control and administer your account, including controlling privacy-related settings (e.g., in-app profile settings including choices relating to displaying a profile image); and (iii) access and control content (as noted above, content is outside the scope of this notice).

To Resellers. If you sign up for certain products or services (e.g., free trials) and you are located outside the United States, we may share your personal data with a Smartsheet reseller so they can contact you about our products, services, and offers. We will disclose such sharing when you sign up for the applicable product or service, and will, where required by law, obtain your consent or allow you to opt-out from such sharing. If you purchase Services through a reseller (regardless of location), we may share certain information about your account and feature usage with the reseller (or their affiliate) in furtherance of their relationship with you. Resellers are independent data controllers of your personal data.

Payment Processors. If you use a third party to facilitate your payment obligations, we will share certain account-usage and billing-related information about your account with such third party for billing and business administration purposes. Payment processors are independent data controllers of your personal information.

To Our Service Providers. We use third party service providers to process your personal data to assist us in business and technical operations. Smartsheet has data processing agreements with such service providers limiting their use of and access to personal data to specific purposes. They provide services relating to, for example, customer relationship management, communication, fraud detection and prevention, billing, customer support, internet and connectivity, marketing, security, training, and user experience.

To Infrastructure Processors. We use third parties for some of the infrastructure used to host personal data we process, including cloud providers. Smartsheet has data processing agreements with such service providers limiting their use of and access to personal data to specific purposes.

To Affiliates. If you purchase one of our affiliate’s services through Smartsheet, we may share your personal data with the affiliate to provision and service your account.

In Transactions Involving Third Parties. We may make services, software, and content provided by third-parties available for use on or through the Services; if you engage with a third party provider of such features, you will be notified or otherwise made aware of personal data being shared related to those transactions with that third-party.

As Required by Law. We release information about you if we believe we must do so to comply with the law or a subpoena, bankruptcy proceeding, or similar legal process.

To Protect Rights. We may disclose information about you, such as your name, contact information, and billing information, to enforce our agreements with you or to protect the rights and safety of Smartsheet, our customers, our users, and the general public, or as evidence in litigation in which we are involved.

As Aggregate and Anonymized Information. We may share aggregate or anonymized information about you with our third party service providers for our internal business purposes which may include marketing, advertising, research, or similar purposes.

In a Business Transaction. If Smartsheet is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred to the acquiring entity as part of the transaction (provided that we inform the buyer it must use your personal data only for the purposes disclosed in this notice), and may also be reviewed as part of the due diligence review for the transaction. For example, we may need to provide a list of all customer accounts and payment histories.

 

Integrations; Notifications; Linked Websites

Integrations. Our Services may provide access via connectors and integrations (‘integrations’) to your third party accounts such as Tableau, Slack, or Facebook. Integrations can be used to pull and/or push information from/to the Services, and to enable the applicable third party to receive notifications, such as sheet updates, from the Services. Any information you authorize to be transferred from the Services to an integration is governed by the third party’s privacy statement, not this one. We encourage you to carefully read the privacy statement of any third party you authorize to receive information from the Services.

Sending Notifications. Our Services allow you to send notifications (e.g., update requests) to other individuals through email, SMS, and other third-party messaging platforms (e.g., Slack, Facebook Messenger, and Microsoft Teams). Any information you authorize to be transferred from the Services is governed by the third party’s privacy statement, not this one. We encourage you to carefully read the privacy statement of any third party you authorize to receive information from the Services.

Links to Other Websites. Our Services include features which allow you to link to other websites with privacy practices that may differ from ours. Any information you submit to a website not belonging to Smartsheet is governed by that site’s privacy statement, not this one.

 

Mobile Application; Geolocation Data

If you choose to download the Smartsheet mobile application (‘mobile app’), we may receive additional personal data from your mobile device, in accordance with your preferences. The mobile app may have access to your device’s camera or its geographic location, depending on the features you enable in the Services. Through your device settings, you have the ability to configure what functionality (e.g., your device’s camera or mobile location) the mobile app can access and we will only access this information at your request. The mobile app may also gather information related to your use of the mobile app (e.g., device identification, login credentials, language, and time zone); device event information (e.g., crashes, system activity, and hardware settings); and information regarding your interaction with the mobile app, which we may use to provide and improve the mobile app. If you use the services on behalf of an organization, information obtained by the mobile app may be accessible to your organization. For additional information about your use of the mobile app, see the Mobile End User License Agreement.

 

Choices Related to Your Use of the Services

In addition to “Your Rights” described here, you have the following choices in relation to your use of the Services:

Closing Your Account. If you wish to close your account, you may do so by logging in and using the Account Administration settings or by submitting this form. If you shared any content or information through our Services with other users, it will continue to be accessible to those users.

Correcting Your Account. If you are not using the Services on behalf of your organization, you may log in and use the Account Administration settings or submit this form to access or update your account profile information. If you are an organizational user, you may login log in and use the Account Administration settings or contact an administrator on your account to access or update account profile information. If you have questions about how to withdraw a consent you had provided, please complete this form.