Trust & Security Center
Platform Privacy Policy
Version 1.4
Last reviewed: December 27, 2023
Execute your data subject rights:
1. Introduction
1.1 About SmartSimple
SmartSimple Software is a global leader in cloud-based automation software, offering unique process automation solutions used by organizations around the globe. The SmartSimple platform has been entrusted to process the information of tens of millions of people.
1.2 Our Commitment to Your Privacy
SmartSimple Software (“SmartSimple”) respects your privacy and is committed to protecting it through our compliance with this platform privacy policy. Maintaining protection of the information entrusted to our care by our constituents is of the utmost importance to us.
This policy describes the following:
- The types of information we may collect from you;
- Our practices for collecting, processing, securing, and disclosing your information;
- Your options on how to manage, delete, rectify, and access your personal data;
- What your rights are under privacy law, and how to execute them;
If you do not agree with our policies and practices, you should not use SmartSimple. By accessing or using SmartSimple, you agree to this policy.
SmartSimple’s Data Protection Officer is responsible for overall privacy governance. All of our employees across SmartSimple are responsible for maintaining your privacy and are available to address any questions or concerns you may have.
If you have questions regarding privacy, there are different ways for you to contact us.
- General Questions: for questions regarding general privacy or security matters email gdpr@smartsimple.com.
- Complaints and feedback: please email support@smartsimple.com.
- For more information on how to contact us, please visit section 4.2.
1.3 When This Policy Applies
This policy applies to information that SmartSimple collects:
- On the SmartSimple platform;
- On the SmartSimple community portal;
- In any electronic communication between you and SmartSimple via the SmartSimple platform; or
- Through SmartSimple’s mobile and desktop applications downloaded from the SmartSimple platform, the App Store, or Google Play, which provide dedicated non-browser-based interaction between you and our platform.
1.4 When This Policy Does Not Apply
This policy does not apply to information collected by:
- SmartSimple, on our website www.smartsimple.com. Please refer to our website privacy policy.
- Us offline or through any other means including on any other website operated by any third party; or
- Our clients, or any third party, including through any application, platform, or content (including advertising) that may link to or be accessible from, or on, our platform.
2. Who's Who?
2.1 Introduction
When using SmartSimple, you may be one of two categories of users: client user, or end user.
2.2 SmartSimple
SmartSimple acts as a data processor for our clients. This means that our clients are the data controllers. We collect some information ourselves in order to provide a service to our clients, according to their services agreement and/or written instructions from them. We do not collect information from users beyond the information that is necessary to provide the services. For more information on the data we collect, please see section 3 of this policy.
2.3 Client Users
You are a client user if you or your organization has entered into a contractual services agreement with SmartSimple and are accessing SmartSimple on behalf of your organization. Your organization is the data controller.
2.4 End Users
You are an end user if you have accessed SmartSimple through a third-party (for example, you submit an application to an organization that uses our software), and are accessing SmartSimple on behalf of yourself, or on behalf of an organization other than the third-party that you accessed SmartSimple from. In this case, the third-party is the data controller. If you are unsure on who your data controller is, please contact support@smartsimple.com.
2.5 Minors
SmartSimple does not market or direct its platform to minors and does not intentionally collect the personal data of any child under the age of 16. If you have reason to believe that SmartSimple is processing the data of a minor without the appropriate parental or guardian consent, please contact us using the details outlined in section 4.2 of this policy, and we will remove the data.
3. What Does SmartSimple Do with my Data?
3.1 What Personal Data Does SmartSimple Collect?
SmartSimple collects five categories of personal data from its client and end users.
3.1.1 Information You Give Us
(a) Account Information
We may process your account data. The account data may include your name and email address. The source of the account data is you or your employer. The account data may be processed for the purposes of creating your account, operating our platform, providing our services, ensuring the security of our platform and services, maintaining back-ups of our databases, and communicating with you. The legal basis for this processing is consent or our legitimate interests, namely, the proper administration of our service and business, or the performance of a contact between you and/or your employer and us, and/or taking steps, at your request, to enter into such a contract.
(b) Customer Relationship/Support Information.
We may process information relating to our customer relationships, including customer contact information. The customer relationship/support data may include your name, your employer, your job title or role, your contact details, and the information contained in communications between us and you or your employer. The source of the customer relationship/support data is you or your employer. The customer relationship/support data may be processed for the purposes of managing our relationships with our customers, communicating with customers, assisting our customers with their support tickets, and keeping records of those communications. We may also record customer support calls. For further information please view our call recording policy. The legal basis for this processing is consent, or our legitimate interests, namely the proper management of customer relationships, and fulfilling a contract.
3.1.2 Information We Collect from You
When you use SmartSimple we will collect the following information from you:
(a) Cookies.
SmartSimple collects strictly necessary cookies only. For more information on the cookies we collect, and how to manage them, please see section 5, ‘Cookie Policy.’ The legal basis for this processing is consent, or our legitimate interests, namely, the proper administration, functionality, and security of our platform.
(b) Usage Data.
We may process data that are provided in the course of your use of our platform. The service data may include the amount of time you spend on our platform, and logs of the actions you take in our platform. The service data may be processed for the purposes of operating our platform, providing our services, ensuring the security of our platform, maintaining backups of our database, invoicing our clients based on usage, troubleshooting, creating audit trails, and complying with security, and data protection directions. The legal basis for this processing is consent or our legitimate interests, namely, the proper administration of our platform and business or the performance of a contract between you or your employer, and us, or if the processing is necessary for compliance with a legal obligation.
(c) Mobile App Data.
If you download the SmartSimple Mobile App, we may process mobile app data. Upon launching, the application requests permissions to certain parts of the device and/or network. The basis for processing is consent. To review the permissions that the mobile app requests, please review section 3.8 of this policy.
3.1.3 Other Personal Information Within SmartSimple
Any information other than those included in the aforementioned data categories are collected by the data controller, not by SmartSimple. This data is subject to the privacy policy of the data controller.
3.2 How Does SmartSimple Use My Data?
3.2.1 How We Process Your Data
Where SmartSimple is the data controller, we will process data according to this policy.
SmartSimple processes the data that the data controller collects according to our contractual agreement with the data controller. Any deviation from this agreement will be due to the written instructions of the data controller.
We may also process any of your personal data identified in this policy where necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific purposes for which we may process your personal data set out in section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
3.2.2 Data Retention
SmartSimple will retain the 5 categories of data that we collect as follows, unless you contact us to delete the data beforehand.
- Account Information. Account information is retained for as long as the account is active within SmartSimple. The data controller may have an account expiry period. User accounts may be deleted if the data controller terminates their agreement with SmartSimple, if the data controller deletes the account, or if you request it to be deleted. To delete your account, contact support@smartsimple.com.
- Customer Relationship/Support Information. Customer relationship/support information is retained only for as long as necessary to fulfill the purposes we collected it for.
- Cookies. All SmartSimple cookies are session-based and are removed when the browser session is terminated.
- Usage Data. Usage data is retained for as long as it reasonably necessary to fulfil the purposes we collected it for.
Any other personal data within SmartSimple is retained by the data controller and is subject to their privacy policy.
3.2.3 Data Retention Conditions
SmartSimple will retain your data as defined in section 3.2.3, unless the data is subject to legitimate exceptions whereby SmartSimple is required to retain the data for a longer period of time. Such exceptions include applicable laws, financial laws, and IT security purposes.
3.3 Will SmartSimple Share My Data?
SmartSimple may share your personal data with the following groups:
- Our employees. SmartSimple employees are required to sign confidentiality agreements, as well as a code of conduct, requiring that they process data according to our privacy law requirements. SmartSimple has employees globally. To ensure the protection of your data, we will ensure that an appropriate transfer mechanism is in place when personal data is being transferred from your country.
- Contractors. SmartSimple may share your personal data with our contractors, if the contractor is involved in the implementation of the SmartSimple system ordered by you or your employer.
- In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.4 How We Keep Your Data Safe
3.4.1 Security
We have implemented technical and organizational measures designed to secure your personal data from accidental loss, and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on secure servers behind firewalls and is encrypted end to end.
SmartSimple has established a number of platform level configurable security, privacy, and data retention controls that allow clients to set up and then manage their solution. This means that data controllers can create their own privacy and security settings. To inquire about the security of your data, please contact your data controller.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, SmartSimple cannot guarantee the security of your personal data transmitted to or from our platform.
3.4.2 Passwords
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the platform, you are responsible for keeping this password confidential. Passwords registered with our platform are encrypted to ensure protection against unauthorized access to your personal data. We ask you not to share your password with anyone.
3.5 How Can I Access, Correct, or Delete My Personal Information?
To access, correct, or delete personal your personal information, you may edit your profile, or contact the data controller, and execute your rights under privacy law. To learn how to access your profile, please review section 3.5.1 of this policy. Editing your profile will provide you with immediate access to your data, but it may not be adequate. If the personal data you’d like to access, correct, delete, or otherwise modify cannot be modified by you through editing your profile, please contact the data controller to execute your rights. To find out more about your rights and who to complain to, please review sections 4.5 and 4.6 of this policy.
3.5.1 Accessing Your User Profile
If you have access to the SmartSimple platform, and have created an account, you can review and edit your user profile. To access your profile, follow these steps:
- Sign in to your SmartSimple account
- Click on your name in the top right hand corner
- In the dropdown menu, select “My Profile”
- If you’d like to make edits, click on the “Edit” button on the left-hand side of the browser
If you need assistance in accessing or editing your user profile, please contact support@smartsimple.com.
3.6 Posting in Public Forums
We offer customer accessible message boards, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, or forums, this information may be collected and used by others. We will correct or delete any information you have posted on the public forums, if you request. SmartSimple is not responsible for the personal information you choose to submit in these forums.
3.7 Information You Upload to SmartSimple
3.7.1 Sensitive Data
SmartSimple does not collect, or request to collect data that is considered to be highly sensitive (under the GDPR definition) from our client users, or their end users. However, the data controller may request sensitive information from you via the SmartSimple platform. Before submitting any sensitive information, please carefully review the data controller’s privacy policy and make sure you agree with its contents. Requests to delete, access, or otherwise modify sensitive data must be requested to the data controller, not SmartSimple.
3.7.2 Personal Data That Belongs to Others
While using SmartSimple, you may not publish, submit, or otherwise distribute personal data belonging to others, unless you have received the adequate consent from the appropriate individual or party.
3.8 Third-party Applications and API’s
The SmartSimple platform can integrate with third-party applications through our application programming interfaces (API’s). Before integrating with any third-parties, please review their privacy policy and terms of use, and make sure you agree with their contents. SmartSimple is not responsible for the personal data collected, accessed, deleted, or otherwise modified by a third-party application.
4. What Else Do I Need to Know?
4.1 Changes to This Policy
The SmartSimple Platform Privacy Policy is to be read together with, and forms part of the SmartSimple Legal Terms of Use. Changes may be made to this policy from time to time by publishing a new version. Please review this posting regularly. SmartSimple may notify you of changes to our privacy policy by email or notification on this website.
4.2 Our Details
SmartSimple is owned and operated by SmartSimple Software Inc.
We are registered in:
- Canada as SmartSimple Software Inc., A Federally Incorporated Corporation located at 4576 Yonge St, Suite 606, Toronto, ON, M2N 6N4;
- Ireland as SmartSimple Software Ireland Limited located at Unit A15, Bracetown Business Park, Clonee, Co Meath, D15YDC1;
- United States as SmartSimple Software Ltd., A Delaware Corporation located at 38 W. Fulton Street, Suite 301, Grand Rapids, MI, 49503
- United Kingdom as SmartSimple Software UK Limited.,Foundry Building 2 Smiths Square 77 Fulham Palace Road London, W6 8AF
Our principal place of business is at 4576 Yonge Street, Suite 606, Toronto, ON M2N6N4, Canada.
You can contact us:
- By post, to 4576 Yonge Street, Suite 606, Toronto, ON M2N6N4, Canada;
- Using our website contact form at www.smartsimple.com/contact.html.
- By telephone, on 416.591.1668
- By email, using gdpr@smartsimple.com
4.3 Our Data Protection Officer
Our data protection officer’s contact details are:
Dara O'Sullivan
(416) 591-1668
gdpr@smartsimple.com
4.4 Accessibility
SmartSimple is committed to achieving a high standard of accessibility as defined in the Accessibility for Ontarians with Disabilities Act, 2005 (AODA) and complies with Section 508 of the U.S. Rehabilitation Act. In the event of difficulty using our webpages, applications, or device-based mobile applications, please contact us for assistance or to obtain alternative formats such as regular print, or another appropriate format.
4.5 Your Rights
Depending on your jurisdiction, you may have rights given to you by various privacy laws. SmartSimple will take care to ensure you are able to execute your rights, insofar as they are (a) relevant to your use of the SmartSimple platform, and (b) do not interfere with SmartSimple’s obligations to the Data Controller.
4.5.1 Information on Executing Your Rights
To execute your rights, please contact your data controller. If you don’t know who your data controller is, please contact gdpr@smartsimple.com.
4.5.2 List of Your Rights Under GDPR
In this Section, we have summarized the rights that you have under the General Data Protection Regulation. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent
- The Right to Data Portability.
a. The Right of Access. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
b. The Right to Rectification. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
c. The Right to Erasure. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
d. The Right to Restriction of Processing. In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
e. The Right to Object to Processing. You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
f. The Right to Object to Processing for Marketing Purposes. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
g. The Right to Complain to a Supervisory Authority. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
h. The Right to Withdraw Consent. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
i. The Right to Data Portability. To the extent that the legal basis for our processing of your personal data is:
- consent; or
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
4.6 How Can I Complain?
4.6.1 End Users
If you have a concern with or would like to complain about the processing of your data, please contact your data controller. If you don’t know who your data controller is, please contact gdpr@smartsimple.com.
4.6.2 Client Users
If you have a concern with or would like to complain about the processing of your data, please contact your data controller, which may be SmartSimple, or the Client. You may contact SmartSimple regarding any of the data types set out in section 3.1.1 and 3.1.2 of this policy. To complain about data not included in the types collected by SmartSimple, please contact the data controller. If you don’t know who your data controller is, please contact gdpr@smartsimple.com.
If you have a concern with or would like to complain about the processing of your data, please contact your data controller, which may be SmartSimple, or the Client. You may contact SmartSimple regarding any of the data types set out in section 3.1.1 and 3.1.2 of this policy. To complain about data not included in the types collected by SmartSimple, please contact the data controller. If you don’t know who your data controller is, please contact gdpr@smartsimple.com.
5. Cookie Policy
5.1 Information on Cookies
A Cookie is a file containing an identifier, composed of a string of letters and numbers, that is sent by a web server to your computer when you visit a website. Your computer will then send this identifier back to the web server as it communicates with it. The reason for doing this is to create an improved user experience for you.
Typically, cookies are either persistent or session based. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but other personal information stored about you may be linked to the information stored in and obtained from cookies.
5.2 Cookies That SmartSimple Collects
SmartSimple only uses cookies that are session-based. Session cookies exist only during one session. This disappear from your computer when you close your browser software or turn off your computer.
Cookie | Purpose | Expires |
---|---|---|
cookiepolicy |
This cookie is used to determine whether or not the user has acknowledged the cookie policies. It stores an integer value that is set when the user acknowledges the cookie policy prompt. |
365 days after it is created |
jsessionid |
This cookie is used to maintain an active user session between your computer and the SmartSimple application. It stores your current session identifier, a randomly generated string of letters and numbers, generated by the SmartSimple application server. |
Upon session or browser termination |
loginuserid |
This cookie is used for improved user experience to allow you to easily re-login after a session timeout. It stores your unique SmartSimple user identifier, commonly a 6-digit number, that is used within the SmartSimple database. |
Upon session or browser termination |
trusteddevice |
This cookie is used to remember a user’s trusted device when authenticating a login. If the user opts into remembering their device, they can login with only their username and password on that device for a set number of days. |
365 days after it is created |
5.3 How to Manage Cookies on Your Device
Most browsers allow you to refuse to accept cookies, and to delete them. The methods for doing so vary from browser to browser, and from version to version so you will need to consult the manufacturer website of your browser to learn how to do this.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.wikipedia.org.
Please note that if cookies are disabled the SmartSimple application may not function properly, and certain features will not be available.