Smartsheet Offerings Privacy Notice
This Offerings Privacy Notice (“Notice”) covers how Smartsheet processes information about you when you use or interact with one of our applications (the “Offerings”).
Integrations; Notifications; Forms; Linked Websites
Choices Relating to Your Use of the Services
Scope
Our Offerings permit users to share and manage information by uploading and submitting “content” that can be shared, stored, and accessed through the Offerings. This Offerings Notice does not cover that content, including any personal data contained within such content, nor does it cover the use of any third party integrations with the Offerings (as discussed further below). Users control the nature of the content and are the controllers of the content. We are a processor of such content, which means we only use it as directed by customers through their use of the Offerings. We engage third party service providers to process such content on our behalf or in connection with providing the Offerings. For information relating to such third party service providers, please visit our subprocessor page.
Sharing With Other Users of the Offerings. Some of the features and functionality of the Offerings involve disclosure of your personal data to other users of the Offerings; for example, your name, email address, and profile image are displayed when a user views the sharing information on a container, such as a sheet, report, or dashboard; views the history details on a container (e.g., your email, access/edits, date and time stamp, etc.); or accesses your in-application profile. Organizations and other users, as data controllers, control the disclosure of content with other users of the Offerings. When acting as a data processor, we follow instructions from customers, including their users, with respect to how their content is shared with other users of the Offerings.
Organizational Users. When you use the Offerings on behalf of an organization (e.g., your employer) or in connection with your organization's domain (i.e., you are registered using your employer's domain), your use is subject to your organization’s policies regarding the use and protection of personal data. With respect to personal data contained in the content, we are collecting and processing content on behalf of your organization, who is the data controller. As such, your organization’s system administrator has the ability to access any content, including any personal data contained within content. Smartsheet is not responsible for the privacy or security practices of our customers. We also share personal data with your organization about your use of the Offerings that includes technical details (e.g., metadata) relating to your content or usage of the Offerings. If you have questions about how your data is being accessed or used by your organization, please refer to your organization's privacy policy and direct your inquiries to your organization’s system administrator. Please note that if you lose access to your account (e.g, change of employment), you may lose access to content associated with that account.
Personal Data We Collect
We collect personal data when you use the Offerings through the use of technologies such as electronic communication protocols, cookies (see our Cookie Notice), widget buttons, or tools. We are a data controller of this personal data. We collect this personal data for the purposes outlined below in "How We Use Personal Data." If we cannot collect this data, we are unable to on-board you as a customer or organizational user or provide the Offerings to you. See this table for categories of personal data we collect.
How We Use Personal Data
We will only use your personal data if we have a lawful basis to do so, as illustrated by this table. Specifically, we use your personal data at your instruction or as follows:
Provision of the Offerings. To provide services and operate our Offerings, fulfill your orders and requests, process your payments or other Offerings-related transactions, notify you when you or others interact with you through an Offering, for bug and error reporting and resolution, to perform upgrades and maintenance, and for similar purposes. This includes the use of machine or deep learning technologies, as described in the Analytics and Improvement paragraph below.
Customer Support. To communicate with you about your use of the Offerings; to respond to your communications, complaints, and inquiries; to provide technical support; and for other customer service and support purposes.
Personalization. To tailor content we send or display to you in order to offer location customization (e.g., setting a default language or region) and to otherwise personalize your experience using the Offerings.
Identifying Customer Opportunities. To assess potential customer opportunities as they relate to engaging new users, meeting the demands of our customers, and enhancing particular users’ experiences (e.g., engaging with customer user groups).
Marketing Communications. For in-application marketing bulletins in order to share information about special offers, promotions, and events or to otherwise contact you about Smartsheet products or information we think may interest you, in accordance with your marketing preferences.
Analytics and Improvement. To better understand how our users access and use the Offerings, to tailor our content and Offerings to users’ needs and interests, and for other research and analytical purposes (e.g., to evaluate and improve the Offerings and develop additional products, services, and features). We use machine or deep learning technologies for these purposes which allow us to provide users with predictive tips and other features (e.g., suggestions for column types or text).
Protect Legal Rights and Prevent Misuse. To protect the Offerings and our rights (including any intellectual property rights) along with the rights of users and other individuals; to prevent unauthorized access and other misuse; and where we believe necessary to investigate, prevent, or take action regarding potential or actual security incidents, illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our terms of use or this notice. We use machine or deep learning technologies for these purposes (e.g., for fraud prevention or detection).
Comply with Legal Obligations. To comply with the law, subpoena, or other legal proceedings or process; for example, we will disclose information in response to lawful requests by public or governmental authorities, including responding to national security or law enforcement requests.
General Business Operations. Where necessary for the operation and administration of our general business, accounting, recordkeeping, and legal functions.
How We Share Personal Data
We will not sell your personal data to a third party or allow a third party to use personal data we provide for its own marketing purposes. We share information about you with your consent, at your request (including when you use 'Integrations or Notifications'), or as follows:
At Your Direction. If you choose to use certain products and features, such as sending electronic communications from the Offerings, including but not limited to email notifications, update requests, confirmations, at-mentions or other in-application features. By using these electronic communications, your personal data (e.g. your name, your email address, and possible other personal data contained within the content being sent) will be shared with your intended third party recipients. We, as a data processor, follow instructions from customers and their users with respect to how content, including any personal data therein, is shared with others.
To Your Organization. If you use Smartsheet on behalf of an organization (e.g., your employer) or in connection with your organization's domain, that organization can (i) access information associated with your use of the Offerings including usage and other data (e.g., who has accessed, shared, amended, created, edited, or deleted content), and the contents of the communications and files associated with your account; (ii) control and administer your account, including controlling privacy-related settings (e.g., in-app profile settings including choices relating to displaying a profile image); and (iii) access and control content (as noted above, content is outside the scope of this notice).
To Resellers. If you sign up for certain products or services (e.g., free trials) and you are located outside the United States, we will share your personal data with a Smartsheet reseller so they can contact you about our Offerings. We will disclose sharing of your personal data with resellers, and will, where required by law, obtain your consent or allow you to opt out from such sharing. If you purchase Offerings through a reseller (regardless of location), we will share certain information about your account and feature usage with the reseller (or their affiliate) in furtherance of their relationship with you. Resellers are independent data controllers of your personal data, a full list of resellers is available here.
To Payment Processors. We use third parties (e.g., Stripe) to assist in processing payments from customers. Smartsheet has data processing agreements with such payment processors limiting their use of and access to personal data. If you use an additional third party (i.e., PayPal) to facilitate your payment obligations, we will share certain usage and billing-related information about your account with such third parties for billing and business administration purposes. Payment processors are independent data controllers of your personal data, please see their respective privacy notices for more information.
To Our Service Providers. We use third party service providers to process your personal data to assist us in business and technical operations. Smartsheet has data processing agreements with such service providers limiting their use of and access to personal data to specific purposes. They provide services relating to, for example, customer relationship management, communication, fraud detection and prevention, billing, customer support, internet and connectivity, marketing, security, training, and user experience.
To Infrastructure Processors. We use third parties for the infrastructure used to host personal data we process, including cloud providers. Smartsheet has data processing agreements with such service providers limiting their use of and access to personal data to specific purposes.
To Affiliates. If you purchase one of our affiliates’ services through Smartsheet, we will share your personal data with the affiliate to provision and service your account.
In Transactions Involving Third Parties. We will make services, software, and content provided by third parties available for use on or through the Offerings; if you engage with a third party provider of such features, you will be notified or otherwise made aware of personal data being shared related to those transactions with that third party.
As Required by Law. We may disclose your personal data if we believe we must do so to comply with the law or a subpoena, bankruptcy proceeding, or similar legal process.
To Protect Rights. We will disclose your personal data, such as your name, contact information, and billing information, to enforce our agreements with you or to protect the rights and safety of Smartsheet, our customers, our users, and the general public, or as evidence in litigation in which we are involved.
As Aggregate and Anonymized Information. We will share aggregate or anonymized information about you with our third party service providers for our internal business purposes, which will include marketing, advertising, research, or similar purposes.
In a Business Transaction. If Smartsheet is involved in a dissolution, reorganization, financing, public offering of securities, merger, acquisition, or sale of all or a portion of its assets, your information will be transferred to providers, advisors, accountants, attorneys, the acquiring entity, or other third parties as part of the transaction (provided that we inform such individuals that they must use your personal data only for the purposes disclosed in this notice), and will also be reviewed as part of the due diligence review for the transaction (e.g., we need to provide a list of all customer accounts and payment histories).
Integrations; Notifications; Forms; Linked Websites
Connectors and Integrations. Our Offerings will provide access via connectors and integrations (“integrations”) to your third party accounts such as Microsoft, Tableau, Slack, or Facebook. Integrations can be used to pull and/or push information from or to the Offerings, and to enable the applicable third party to receive notifications, such as sheet updates, from the Offerings. Any information you authorize to be transferred from the Offerings to an integration is governed by the third party’s privacy statement, not this one. We encourage you to carefully read the privacy statement of any third party you authorize to receive information from the Offerings.
Sending Notifications. Our Offerings allow you to send notifications (e.g., update requests) to other individuals through email, SMS, and other third party messaging platforms (e.g., Slack, Facebook Messenger, and Microsoft Teams). You may update your preferences with respect to notification delivery through the Offerings’ personal settings. Any information you authorize to be transferred from the Offerings is governed by the third party’s privacy statement, not this one. We encourage you to carefully read the privacy statement of any third party you authorize to receive information from the Offerings.
Forms. Our Offerings include a feature that allows users to publish online forms which allow individuals to submit data to the Offerings. While the data contained and provided by an individual falls in the “content” category that is out of scope for this notice, Smartsheet collects usage data (e.g., IP address, submission date and time, browser type, etc.) that could be considered personal data, for: Analytics and Improvements; Protecting Legal Rights and Preventing Misuse; and to Comply with Legal Obligations, as further outlined in “How We Use Personal Data."
Links to Other Websites and Third Party Content. Our Offerings include features which allow you to link to other websites and embed (e.g., iframes) content from third party sources with privacy practices that may differ from ours. Any information you submit to a website not belonging to Smartsheet or any of its affiliates is governed by that site’s privacy statement, not this one.
Mobile Application; Geolocation Data
If you choose to download certain Offerings, for example, the Smartsheet mobile application (“mobile app”), we will receive additional personal data from your mobile device, in accordance with your preferences. The mobile app may have access to your device’s camera or its geographic location depending on the features you enable in the Offerings (e.g., mobile barcode scanning). Through your device settings, you have the ability to configure what functionality (e.g., your device’s camera or mobile location) the mobile app can access and we will only access this information at your request. The mobile app will also gather information related to your use of the mobile app (e.g., device identification, login credentials, language, and time zone); device event information (e.g., crashes, system activity, and hardware settings); and information regarding your interaction with the mobile app, which we use to provide and improve the mobile app. If you use the Offerings on behalf of an organization, information obtained by the mobile app will be accessible to your organization. For additional information about your use of the mobile app, see the Mobile End User License Agreement.
Choices Related to Your Use of the Offerings
In addition to “Your Rights” described here, you have the following choices in relation to your use of the Offerings:
Closing Your Account. If you wish to close your account, you may do so following these instructions or by contacting Support. If you used the Offerings on behalf of your organization or in connection with your organization’s domain, any information you shared into the Offerings will continue to be accessible to your organization’s system administrator. If you share any content or information through our Offerings with other users, it will continue to be accessible to those users.
Correcting Your Account. If you are not using the Offerings on behalf of your organization, you may log in and use the Account Administration settings or submit this form to access or update your account profile information. If you are an organizational user, you may login and use the Account Administration settings or contact an administrator on your account to access or update account profile information. If you have questions about how to withdraw a consent you had provided, please complete this form.