English (Australia)
Notebook Privacy Policy
Thank you for choosing SMART Notebook® collaborative learning software. This privacy policy is applicable to SMART Notebook® and SMART Notebook® Plus (collectively, “Notebook software”). Starting with Version 22, the paid subscription features were renamed as “SMART Notebook Plus”.
This privacy policy for Notebook software forms part of the Terms agreed upon between you and SMART. This policy explains how SMART works with you to protect your information and privacy when using Notebook.
By using Notebook software you are consenting to SMART's collection, retention, use, and disclosure of certain information as necessary to provide Notebook to you. If you do not agree, you must not use Notebook.
Automatic Error Reporting: If Notebook software encounters an issue, the application automatically sends the following anonymous information to SMART’s sub-processor Sentry.io (located in the United States):
- Lesson ID (no PII)
- User ID and session IDs (hashed and salted to maintain anonymity)
- Request header (application and version, platform, operating system, browser, language, date and time)
- Breadcrumbs (last pages visited and links clicked)
Optional user error reporting: After automatic error reporting is complete, users are given the option to provide their name, email address, and additional information about the error. Users are also asked if they wish SMART to follow up with them. This optional personal information is stored in Salesforce (located in the United States) and shared with our customer support team.
It is important to remember that customers and users are two distinct groups:
Typically, a customer is an organisation (e.g. local authority, school, company) and not a personally identifiable individual. The identifiable information we require is from the organisational purchaser for transactional purposes. The customer should not be providing SMART with personally identifiable information unless permissible by law and the customer’s policies.
Our users (e.g. teachers using Notebook) are generally not the ones who purchased or set up the account and users are only accessing Notebook because the customer’s administrator has granted them access. As such, SMART’s exposure to personally identifiable information only comes from how the customer operates when providing email addresses and names of users to SMART and from user-created Content. If you have a concern as a user about your PII, you must demand that the customer provide only non-identifiable information to SMART and you as a user must only create Content with no PII in it.
Still concerned?
Teachers can use SMART Notebook without signing in.
Teachers can choose to share their created content in a number of ways that do not require students to sign in.
You own your data and SMART does not sell it or use it for advertisement purposes. We use your data to provide Notebook to you. Data portability and deletion is managed by the customer, who can request its deletion at any time.
SMART does not advertise or market to minors.
Optional sign-in, and therefore account security, is handled by the world-class providers Google and Microsoft. Both providers support two-step (dual) authentication and enforce strong password creation. Both providers state that you can use their services in compliance with GDPR.
User data is encrypted at rest and in transit.
What about GDPR, CCPA, and FERPA?
User-created Content is not a student or educational record, transcript, marking record, health, or directory information. Notebook is not a learning management system (LMS).
SMART supports the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and numerous other laws including the Family Educational Rights and Privacy Act (FERPA). SMART is committed to helping our customers work under these and other stringent regulations and we continue to add in-region solutions. We currently offer American and European data storage for user-created Content and we are satisfied our out-of-region user data processors provide appropriate safeguards for the data they handle.
Remember, SMART only receives information because you provide it; you are the data controller. In this way, customers and users are obligated to comply with their local laws and are responsible for any obligations they owe to their users with respect to their personally identifiable information.
DATA TYPES
It is important to remember that customers and users are two distinct groups:
- Customers are typically an organization (e.g., district, school, company) and not a personally identifiable individual. The identifiable information we require is from the customer for transactional purposes. The customer shall not provide SMART with personally identifiable information unless permissible by law and the customers’ policies.
- Users (e.g., teachers) are generally not the ones who purchased or set up the account (e.g., IT administrators) and only access Notebook because the customers’ administrator has granted them access. As such, SMART’s exposure to personally identifiable information only comes from how the customer operates when providing e-mail addresses and names of users to SMART and from user created Content. If you have a concern as a user about your PII you must demand the customer provide only non-identifiable information to SMART and you as a user must only create Content with no PII in it.
We collect two types of data, depending on your interaction with us:
“Non-Personal Data” means aggregated non-identifiable information, which may be made available or gathered via your access to and interactions with our services. We are not aware of the identity or other identifiers of the individual from which the Non-Personal Data is collected. The Non-Personal Data collected may include aggregated usage information (meta-data), as well as technical information transmitted by your device, such as the type of browser or device, type of operation system, device settings and technical software data, etc.
“Personal Data” or “personal information” means individually identifiable information, namely information that identifies a natural person (not a corporation) or may, with reasonable effort, be used to identify a natural person.
We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning a person's health (“Special Categories of Personal Data”).
The Customer is responsible for obtaining consent and authorization for a student to use our products and services from their parent or guardian. Where a customer instructs us to collect personal information from children, we collect, use, process and retain such information solely to provide the educational services on behalf of the customer and for the purpose of providing Notebook.
INFORMATION WE COLLECT
We collect and use information to allow us to provide our products and services to you. We collect information from you when you sign up for an account or voluntarily provide additional information.
We also collect information about the navigation pages users visit within Notebook using cookies and third-party analytics tools. This information includes information about the device(s) you use to access the websites including unique device identifiers, IP address, operating system, browser, and cookies. Depending on your device settings, we may also collect information about your geographical location. A list of cookies is provided at the end of this policy.
USE OF YOUR PERSONAL DATA
We use the personally identifiable data we collect solely for the purpose of providing Notebook to you. We may share this data with third-party service providers to provide our services to you. All providers contracted by SMART are contractually bound to keep your personal data secure and use it only for necessary service delivery.
In addition to processing your personal data for the purposes of providing our services and facilitating correspondence, we may also process your data based on legitimate interests/lawful basis. These interests or basis include but are not limited to improving our services, managing our business operations and sending you information about our products, services, and offers that may be of interest to you, provided you have opted in or not opted out of receiving such communications.
We do not sell your data, and we do not share personal data with third parties without your informed consent, which is the purpose of this document. We share your information in accordance with this agreement and a list of the third parties we share data with to provide our services to you are detailed below. Data is not shared between sub-processors unless explicitly stated.
OPTING OUT OR REMOVING PERSONAL INFORMATION AND DATA RETENTION
SMART will only keep personal data for as long as required to provide the service, or to comply with statutory requirements. When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws.
You may request deletion of your SMART account at any time by e-mailing privacy@smarttech.com or contacting our support department. SMART will respond to customer requests to delete personal data within 30 days. Inactive unpaid accounts are deleted after two (2) years. All data stored locally on the Notebook can be deleted by you at any time by resetting it to factory settings.
If you would like to request that your personal information be provided to you for your review, be removed from our services, or be updated, please contact privacy@smarttech.com.
SECURITY
We use widely accepted technical and operational security measures to protect your personal data including 256-bit TLS encryption. Only authorized SMART personnel and third-party service providers listed below are allowed to access this data, and they are required to treat it as confidential.
We do not store your passwords as these are managed by our single-sign-on (SSO) providers and they encrypt all your credentials and separate them from your personally identifiable information.
However, no security measures can guarantee complete protection against loss, misuse, or alteration of personal information. SMART is not responsible for any damages or liabilities resulting from such security failures.
YOUR RIGHTS
Subject to applicable law, including exceptions, you have the following rights with regard to the personal data that we collect about you:
- right to ask what personal data we have about you and how we use;
- right to request a copy of the personal data that we hold about you;
- right to request that we correct or amend your personal data;
- right to request deletion of your personal data; and
- right to ask us to stop or limit how we process your personal data.
To protect your privacy and security, we may need to verify your identity before acting on certain requests, to the extent permitted by law. If someone is making the request on your behalf (like an authorized agent) and they don’t provide proof of authority (such as a power of attorney), we may ask for additional evidence, like written authorization, or contact you directly to confirm the request.
If you would like to exercise your rights regarding your personal data, you can do so by:
- emailing your request to us at: privacy@smarttech.com
- contacting us by postal mail at:
SMART Technologies ULC
Attention: Legal Department
Suite 600, 214-11 Ave SW
Calgary, AB T2R 0K1
CANADA
+1.403.245.0333
NOTIFICATION OF BREACH
If we become aware of a personal data breach, we will without undue delay, and where feasible, no later than 72 hours after having become aware of it, notify you of said breach, unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Our communication of a breach shall be in clear and plain language and contain a minimum of:
- Contact details of the Data Protection Officer or other contact person;
- A description of the nature of the breach;
- Likely consequences of the breach;
- Advice on steps data subjects can take to protect themselves; and
- The measures SMART has taken or proposes to take to address the breach.
COOKIES
To enhance your experience, our web pages and Services use "cookies". Cookies are small text files that are placed on your computer or device. Most web browsers allow some control over cookies through the browser settings. You may accept cookies and then delete them at a later date or upon exiting your browser.
Additionally, some of our online recruitment activities are hosted by third parties. When you access sites operated by these third parties, they may to the extent permitted by applicable law, place their own Cookies or other tracking technologies on your device. We encourage you to read the Privacy Statements of these websites before transmitting any Personal Information to third parties.
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes to our operations, or to meet new legal and regulatory requirements. The updated policy will be posted on our website SMART Tech Privacy Policies.
PRODUCT USER DATA COLLECTED AND PROCESSED
This section outlines what data is collected, used, and disclosed from the two types of Notebook users:
- SMART Notebook Users (not signed in, no sharing)
- Signed-In SMART Notebook Plus Users
Deletion requests for users’ data are controlled by the customer. If you are accessing Notebook through your school, you should make your deletion request to them. If you are a minor, SMART reserves the right to provide access to your account to your parents, guardian, or other authorised adult (teacher, school administrator) if required by law.
The term “identifiable” used in the below charts does not necessarily mean personally identifiable information.
SMART Notebook® Users (not signed in; no online sharing)
The basic version is free software designed for use with a SMART Board® interactive display. It comes with many features that you can use to create and edit lessons. You can use it without an Internet connection. On older versions a watermark appears on each lesson page if the computer on which you are running the basic version is not connected to a SMART Board. Starting with Version 22 of SMART Notebook, the software may not operate with a non-SMART Board.
| Country where data is processed/stored | Sub-processor | Role | Data & purpose | Data |
|---|---|---|---|---|
| USA | Mixpanel, Inc. |
Monitoring |
Required for product improvement and service monitoring. Mixpanel allows us to analyse how our anonymous basic free users interact with Notebook. It is designed to identify trends, understand common aggregated usage behaviour, and help us make better decisions on how to improve the usability and features of our product. | Anonymous |
| Global | Google, LLC | Monitoring |
Required for product improvement and service monitoring. Google Analytics allows us to analyse how our anonymous basic free users interact with Notebook. It is designed to identify trends, understand common aggregated usage behaviour, and help us make better decisions on how to improve the usability and features of our product. | Anonymous |
SIGNED-IN SMART NOTEBOOK PLUS USERS
A subscription to SMART Learning Suite gives you access to SMART Notebook Plus features. Without a subscription, you can still get access to the basic version of SMART Notebook (see above).
| Country where data is processed/stored | Sub-processor | Role | Data & purpose | Data |
|---|---|---|---|---|
| Global | Microsoft, Inc. |
Product Functionality |
Required if you use Microsoft as your single-sign-on (SSO) provider to access Notebook. Microsoft provides SMART with required account details. | Identifiable |
| Global | Google LLC |
Product Functionality |
Required if you use Google as your single-sign-on (SSO) provider to access Notebook. Google provides SMART with required account details. | Identifiable |
| USA Germany |
Amazon Web Services, Inc. |
Product Functionality |
Required for storage. We offer both an American and European data storage option. | Identifiable |
| USA Germany Belgium |
Firebase, Google LLC |
Product Functionality |
Required for basic functionality (Firebase is a Backend-as-a-Service (BaaS) cloud computing solution we use for real-time (temporary) automated computer processing. The processing is done regionally through either Google’s American or European centres. | Identifiable |
| USA |
Mixpanel, Inc. |
Monitoring |
Required for product improvement and service monitoring. Mixpanel allows us to analyse how our de-identified users interact with Notebook. It is designed to identify trends, understand common aggregated usage behaviour, and help us make better decisions on how to improve the usability and features of our product. This data is also used to track how long it takes our servers to complete actions like opening files, which helps us measure service health and up/downtime. |
Pseudonymised |
| Global |
Google, LLC |
Monitoring |
Required for product improvement and service monitoring. Google Analytics allows us to analyse how our anonymous basic free users interact with Notebook. It is designed to identify trends, understand common aggregated usage behaviour, and help us make better decisions on how to improve the usability and features of our product. | Pseudonymised |
| Global |
Third-party content and activity providers |
Optional Product Functionality |
Optional content or activity a teacher may add to a lesson such as a YouTube video or other embedded content a user voluntarily adds. We cannot control what data a third party directly collects via the content when a teacher or student decides to include it in a lesson. For premium content that SMART provides, however, we only report anonymous usage to the third-party publisher. |
Identifiable |
CUSTOMER DATA COLLECTED AND PROCESSED
This section outlines what data is collected, processed, and disclosed from customers (purchasers, prospects, and SMART’s authorised channel partners). You can request, through our Customer Support, data and account deletion at any time, but we must retain all data relevant to purchases and financial transactions until it is no longer required by applicable law. The term “identifiable” used in the below chart does not necessarily mean personally identifiable information.
| Country where data is processed/stored | Sub-processor | Role | Data & purpose | Data |
|---|---|---|---|---|
| Global | Reseller & SMART’s regional office |
Seller |
Required contact information: organisation name, email, title, phone, address. Required order information: product, quantity, price and tax, delivery. Ask your local regional reseller about their privacy policies. | Identifiable |
| Canada | Blue Ocean Contact Centers, Inc. |
Support |
Optional. Blue Ocean is a subcontractor providing live (telephone, email, and web) support. Information collected includes organisation name, caller name (can use company title only if preferred for GDPR reasons), email (can provide non-PII version to comply with GDPR), title, phone, address, a description of the issue, and any shared details to help solve the problem. Calls are recorded. | Identifiable |
| Canada | Call Miner |
Support |
Optional for telephone interactions (option to opt out of call recordings), required for email. Call Miner is a subprocessor providing omnichannel interaction analytics powered by AI and machine learning. Call Miner analyses customer support interactions, including recorded calls and emails, which are temporarily stored in CallMiner. The metadata is retained in CallMiner for analysis of the customer experience and trending information regarding the interactions between agent and customer. |
Identifiable |
| USA | Amazon Web Services, Inc. | Processing, back-office |
Required for product infrastructure including the hosting of support call recordings. | Identifiable |
| Global |
Google, LLC. |
Processing, back-office |
Optional. Only used for processing support forms. Google Forms are used when a purchaser is engaged with our field services (i.e. on-site support). | Identifiable |
| Global |
Microsoft, Inc. |
Processing, back-office |
Required for our enterprise resource planning (ERP) system, which is software to manage day-to-day business activities such as accounting, procurement, project management, and supply chain operations, our e-mail, PowerBI® (data visitation), and SharePoint® (document management), as well as all the other standard Microsoft Office software titles, like Word, Excel, etc. | Identifiable |
| USA |
BigCommerce, Inc. |
Ordering |
Optional. Only used when a customer makes a purchase through our e-commerce store: customer name, email, title, phone, address, product or service purchased, and whether payment has been received. | Identifiable |
| USA Ireland |
Stripe, Inc. and Stripe Payments Europe, Ltd. |
Ordering |
Optional. Only used when a customer makes a purchase through our e-commerce store using a credit card: customer name, email, title, phone, address, product or service purchased, credit card details. Residents of the European Economic Area (EEA), the UK, and Switzerland. The entity responsible for the collection and processing of credit card personal data for residents of the EEA, the UK, and Switzerland is Stripe Payments Europe, Ltd., a company incorporated in Ireland and with offices at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin. To exercise your rights, the Data Protection Officer may be contacted via dpo@stripe.com. | Identifiable |
| USA |
Salesforce.com, Inc |
Ordering, marketing, channel support |
Required order information (product, quantity, price and tax, delivery). Required for our customer relationship management (CRM). Required to allow our authorised distributors and resellers to work together with SMART. Basic customer and purchase information is shared between SMART and its authorised distributors and resellers. | Identifiable |
| Germany | HubSpot, Inc |
Marketing / Customer communications |
We use HubSpot, which is a customer relationship management (CRM) solution, for certain communications, such as marketing, training, news, and offers from us. | Identifiable |
| USA | Mixpanel, Inc. |
Monitoring |
Required for product improvement and service monitoring. Mixpanel allows us to analyse how our de-identified users interact with Notebook. It is designed to identify trends, understand common aggregated usage behaviour, and help us make better decisions on how to improve the usability and features of our product. This data is also used to track how long it takes our servers to complete actions like opening files, which helps us measure service health and up/downtime. | Pseudonymised |
| USA | Gainsight, Inc. |
Customer communications |
Applicable only to North American Customers. We use Gainsight, which is a customer relationship management (CRM) tool, for email (name, email address, company information) marketing to individuals and organisations. | Identifiable |
THIRD PARTIES
To the extent functionality is not directly provided or managed by SMART, such as single-sign-on (SSO) via Google and Microsoft, or videos on YouTube®, etc., you agree it is your responsibility to review and accept these third-party service providers’ terms and privacy policies.
COOKIES
SMART and some of its processors use cookies to provide Notebook to you. Cookies are small files that are placed on your computer or device. Most web browsers allow some control over cookies through the browser settings. Blocking all cookies will, however, have a negative impact upon the usability of Notebook. Thus, you may prefer to accept cookies and then delete them later or upon exiting your session.
| Who | Cookie | Purpose |
|---|---|---|
| SMART | id.smarttech-prod.com
_ga
_gid _ids _ids_legacy _ssos _ssos_legacy |
Required for providing navigation, login status, and user identification for the purpose of providing Notebook software to the user, including the proper linking of user-created Content. |
| Microsoft | login.microsoftonline.com
AADSSO
login.live.com
CCState ESTSAUTH ESTSAUTHLIGHT ESTSAUTHPERSISTENT ESTSSC SignInStateCookie brcap buid ch clrc esctx fpc stsservicecookie x-ms-gateway-slice MSPRequ
uaid |
Required for providing single-sign-on functionality and identification of the user for the purpose of providing Notebook software to the user. These cookies are installed by Microsoft and SMART has no control over what Microsoft does with the information. Click here for additional information on Microsoft’s cookies. |
| Google LLC | accounts.google.com
ACCOUNT_CHOOSER
google.ca
LSID __Host-3PLSID __Host-GAPS user_id APISID
google.com
HSID NID SAPISID SID SSID __Secure-3PAPISID __Secure-3PSID APISID
youtube.com
HSID NID SAPISID SID SIDCC SSID __Secure-3PAPISID __Secure-3PSID __Secure-3PSIDCC APISID
HSID SAPISID SID SSID __Secure-3PAPISID __Secure-3PSID |
Required for providing single-sign-on functionality and identification of the user for the purpose of providing Notebook software to the user. YouTube cookies are installed during sign-on and support additional functionality (adding videos) within Notebook software. These cookies are installed by Google and SMART has no control over what Google does with the information. Click here for additional information on Google’s cookies. |
| Google LLC | _utma | This cookie is typically written to your browser upon the first visit to www.smarttech.com and our admin portal site. If the cookie has been deleted by the browser operator, and the browser subsequently visits our site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to our site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. This cookie is a persistent cookie with a lifespan of 2 years from set/update. |
| Google LLC | _utmb | This cookie is used to establish and continue a visitor session with our admin portal site. When a visitor views a page on our site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a visitor visits a different page on our site this cookie is updated and will expire in 30 minutes, thus, continuing a single session for as long as visitor activity continues within 30-minute intervals. This cookie is a session cookie with a lifespan of 30 minutes from set/update. |
| Google LLC | _utmc | Historically, this cookie operated in conjunction with the __utmb cookie to determine whether to establish a new session for the visitor. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. This cookie may or may not be set and is a session cookie with a lifespan of the browser session. |
| Google LLC | _utmz | This cookie stores the type of referral used by the visitor to reach our site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns, and page navigation within our site. The cookie is updated with each page view to our site. This cookie is a persistent cookie with a lifespan of 6 months from set/update. |
| Identity Client library | software_portal | When an administrator signs in from SMART’s admin portal, this cookie is set to remember the authorisation information for the current signed-in session. The cookie will be refreshed automatically to keep the session alive. This cookie is set by SMART and is a persistent cookie with a lifespan of 365 days. The content of the cookie is the encrypted id access token and id refresh token |
| Language cookie | website#lang, support#lang, training#lang | This cookie saves your language selection for our website. |
| Sitecore | SC_ANALYTICS_GLOBAL_COOKIE | This cookie is associated with our Sitecore content management system and is used for web analytics to identify repeat visits by unique users. |
| SMART ID | SMARTId, SMARTIdState, SMARTIdReturnUrl | These cookies are written to your browser when you sign in to SMART ID. Signing out of your SMART ID deletes this cookie. These cookies store encrypted authentication information that only our servers can decrypt. This cookie is persistent and lasts for several hours. |
HAVE A QUESTION FOR US? We would love to hear from you:
SMART Technologies ULC
Attention: Legal Department
Suite 600, 214-11 Ave SW
Calgary, AB T2R 0K1
CANADA
+1.403.245.0333
SMART’s Privacy Office
privacy@smarttech.com
Last Updated: 27 October 2023