At SmartUp, we take great care of the data you provide. We are fully compliant with all applicable national/international data privacy and security laws and standards - and with the EU's General Data Protection Regulation (GDPR).
The GDPR gives you a strong set of protections for your personal data - and the right to decide how/when your data is used. This includes rules for giving and withdrawing consent, and the "Right to be forgotten."
Here's a short guide to what personal data we collect, how we process it - and what you should do if you want to exercise your rights over your personal data.
1. What types of personal data do we collect - and why?
We collect your:
- Email address and full name, and external ID if you log in through your social media accounts. This is necessary to set up, and allow you to access/manage, your account on SmartUp.
- The IP address of the device you use when setting up your account, and when logging into SmartUp. We're required to do this for security/verification purposes.
- Our system collects your password, which is protected by industry-standard bcrypt hashing. The password itself, as you write it, is never logged. SmartUp has no access to your password(s).
- Any details you or your employer/community owner have collected from you and actively and directly provide to SmartUp during onboarding. This may be your job title, department or company affiliation, social security details, and other professional and personal data.
1b. What other types of data do we collect?
- All content that you create, upload or share in any files which are permitted, and which you provide through SmartUp.
- Any on-platform communications with other users of SmartUp.
- All content consumption and related analytics information and interaction with our gamification features (e.g. polls, quizzes, competitions, likes and comments).
- Information from our third party partners for purposes of delivering the SmartUp platform and service.
2. What's our basis for collecting this?
If you sign up/in using Facebook/LinkedIn/Google or other social media, this will also be subject to those service provider’s terms and conditions.
3. How do we (don't) use your data?
SmartUp will never sell your personal data to any third party.
4. What can you require to be done with you personal data?
Under the GDPR, you have several rights and control over what can be done with your data.
a) Obtain a copy of all personal data held about you.
b) Withdraw consent for your personal data to be used in a particular way.
c) Require that your personal data be deleted from our servers - the so-called "right to be forgotten.”
d) Request that your personal data be rectified if incorrect, and updated as appropriate.
We also have an option to deactivate your account. This will keep your existing learning record and data in our system, but remove the personal data associated with the account.
5. What should you do if you want to exercise your rights?
The above rights, under the GDPR, are managed by the “data controller” for each SmartUp community of which you are a member.
The data controller will be your community owner/administrator - the person responsible for managing SmartUp within your organisation, or the organisation which manages an open SmartUp platform.
To obtain a copy of your data, withdraw consent or request deletion/deactivation/rectification, please contact your community owner/administrator. They will process your request according to their/your mutual consent and obligations, and as appropriate, relay the request to SmartUp for completion.
We require all community owners/administrators and partners to comply with GDPR and other data privacy and security regulations. Should you be unable to contact your community owner/administrator, please email firstname.lastname@example.org.
If you would like to manage your personal data and consent regarding SmartUp’s own communications to you (newsletters, update notifications etc.), you will find an “unsubscribe” option at the bottom of all our regular communications. Should you wish to exercise rights to data copy or deletion, please email email@example.com.
6. A Note on Content
Content is considered public once published in a social/open community, or governed under specific agreements with your employer for corporate communities.
If you wish to request permanent deletion of content which you have created and submitted for publication in a SmartUp community, please discuss this with your community administrator or relevant channel manager.