SmartBear Privacy Notice

Effective Date: July 8, 2022

Last Updated: July 8, 2022

This Privacy Notice (the “Notice”) applies to personal information collected by, or provided to, SmartBear Software Inc., and/or its affiliates and subsidiaries (collectively "SmartBear”, "we", “us", “our") via the websites, applications, and electronic communications from which it is linked (collectively, the “Platform”). This Notice describes how SmartBear uses the personal information that it collects, receives, maintains, and stores about you. This Notice does not apply to Customer Data (as defined in the SmartBear Terms of Use) processed, stored, or hosted by our customers using SmartBear’s products and services. Our customers are responsible for deciding how Customer Data is used, so please see their applicable privacy notice for more information.

1. Types of personal information Collected

We may collect personal information from or about you in order to provide, enhance, market, and offer our products and services offered via the Platform, and to otherwise communicate with you. This section describes the categories of personal information we may collect, including personal information we have collected in the past twelve months. You are not required to give us all the personal information identified in this Notice; however, if you do not provide requested personal information, we may not be able to provide you with some or all of our services.

Contact and Demographic Information –name; address (including billing and shipping address); telephone number; email address; and fax number.

Payment Information – If you make a purchase, we will collect your payment information including your credit card information and billing address, together with your purchase details.

Account Information – We may also collect user ID and password, and screen name.

Location Data –While navigating the Platform, your mobile device or browser may share your location data, both through WiFi and GPS, and IP address or MAC address. We will collect this information based on the settings of your phone and browser.

Usage Information – We may also collect usage and device information when you visit the Platform. This may include information relating to your Internet activity or other electronic network activity, which includes device information; web server type and version; PHP version; database type and version; cookie information; device information; browsing activities, and platform or mobile application use data; referring domain; destination domain and destination path; performance, security, software configuration and availability of our software on your servers and network; website user statistics and website and portal use and viewing activity records; and communication preferences.

Education and Employment Information – If you apply for employment with SmartBear, we will collect your employment and work history, as well as personal information related to your potential employment. This may include, but is not limited to, your education and employment history, address and contact information, demographic information, and the contents of your resume.

Communication Information- We may collect audio, electronic, or visual information, which includes screen sharing views; any data in any files uploaded, emailed or otherwise provided by customers; the contents of your communications with SmartBear, whether via email, social media, telephone or otherwise; and inferences we may make from other personal information we collect.

2. Method of Information Collection

We collect personal information in a variety of ways. We collect personal information directly from you; for example, when you visit our websites, respond to a survey, participate in a telephone interaction, fill out a registration form or otherwise use our software, or communicate with us through one of our websites to receive information about our business to business services or to schedule a demonstration of our products or programs, and if you expressed interest in being contacted by us at a trade show in which we participated or hosted.

We may also collect personal information from third parties. For example, we may collect personal information from service providers that help us to build and maintain our contact lists, that integrate their services into ours, or in other ways work with us for our mutual benefit.

We also collect personal information from you passively. For example, our Platform uses tracking tools like cookies, pixels, and web beacons to collect usage and browser information. For more information about the trackers that we use, please see Section 6 of this Notice. Additionally, if you enable location data on your device, this data will be collected based on the location settings on your device.

3. Combining Personal Information

We may combine personal information we obtain. For example, we may combine personal information that we have collected online with personal information that we have collected offline, for instance during calls between you and our support team. We may also combine personal information that we have collected across other third party sites or from other third parties with personal information we already have.

4. How We Use Personal Information

To the extent permitted by applicable law, we may use personal information to:

  • operate our Platform and provide support to our business functions;
  • fulfill customer requests, such as to create a SmartBear account or complete customer purchases;
  • protect against criminal activity, claims and other liabilities;
  • send customers information regarding SmartBear, our Platform, and our products and services;
  • respond to reviews, comments, or other feedback provided to us;
  • support and personalize our Platform, products and services, websites, mobile services, and advertising;
  • protect the security and integrity of our Platform, content, and our business;
  • provide customer support;
  • the extent required for benchmarking, data analysis, audits, developing new products, enhancing our Platform, facilitating product, software and applications development, improving our services, conducting research, analysis, studies or surveys, identifying usage trends, as well as for other analytics purposes;
  • meet our contractual requirements;
  • comply with applicable legal or regulatory requirements and our policies;
  • communicate with our customers, including to provide them with information about our products, programs, services and promotions;
  • market, advertise, and provide our Platform; and
  • the extent necessary for any other lawful purpose for which the personal information is collected.

5. Sharing personal information

We may share your personal information in the following circumstances:

  • Within SmartBear – We may share your personal information within our family of companies.
  • Service Providers – When we hire a service provider to help operate the Platform or our business, we may allow access to personal information as necessary to perform the service for us. This may include service providers that operate our Platform, send our communications, or run our promotions.
  • Business Partners – We may share personal information with our trusted business partners. For example, we may share your personal information with a company when we co-sponsor a promotion or service. These partners may use your personal information to, among other things, send you information or contact you about their services and products.
  • Third Parties for Marketing Purposes –To the extent permitted by applicable law, we may share personal information with third parties for purposes of our marketing, advertising, promotions, contests, or other similar purposes.
  • Legal Obligation or Protection from Harm - When we have a good faith belief that access, use, preservation or disclosure of the personal information is reasonably necessary to (a) satisfy or comply with any requirement of law, regulation, legal process, or enforceable governmental request, (b) enforce or investigate a potential violation of the Terms of Use, (c) detect, prevent, or otherwise respond to fraud, security or technical concerns, (d) support auditing and compliance functions, or (e) protect the rights, property, or safety of SmartBear, its users, or the public against harm.
  • Mergers, Acquisitions, Divestitures- If we are involved in a merger, acquisition, or any form of transfer or sale of some or all of our business, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, personal information may be transferred along with the business. Where legally required we will give you prior notice and, if you have a legal right to do so, an opportunity to object to this transfer.
  • Purposes described to you – We may share your personal information for other purposes, as we describe to you and as permitted by applicable law.

6. Cookies and Other Technologies

We collect information about users over time on the Platform by using several common types of cookies and other tracking technologies including log files, pixel tags, web bugs, web beacons, clear GIFs, Local Storage Objects (LSOs) such as HTML5 and Flash or other similar technologies to collect information about the ways you interact with and use the SmartBear Platform, to support and enhance features and functionality, to monitor performance, to personalize content and experiences, for marketing and analytics, and for other lawful purposes. We may also permit third parties that collect information in this way on our behalf and for their own purposes. Cookies are small files that download when you access certain websites. For more information about cookies visit: http://www.allaboutcookies.org/

To assist us with analyzing our website traffic through cookies and similar technologies, we use analytics services such as Google Analytics. For more information on Google Analytics’ processing of your information, please see “How Google uses data when you use our partners' Platforms or apps.” You can opt-out of Google Analytics by installing Google’s opt-out browser add-on.

These cookies may be placed by us (first-party) or by a third party. These cookies may also be Flash Cookies. To learn how to manage privacy and storage settings for Flash cookies click here. We may use cookies that are session-based or persistent. Session cookies expire when you close your browser or turn off your device. Persistent cookies remain on your device after you close your browser or turn off device.

We may use a variety of cookies:

Type of Cookies

Description

Required

Required cookies are essential for the operation of SmartBear Products and Services. They include, for example, cookies that allow you to access secure areas of the Platform and using our services.

Performance

These cookies collect information about how you use the SmartBear Products and Services, including which pages you go to most often and if they receive error messages from certain pages. The information collected via these cookies is only used to improve how the Platform functions and performs.

Functionality

Functionality cookies allow the Platform to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Platform after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize.

Targeting or Advertising

From time-to-time, we may engage third parties to track and analyze usage and volume statistical information from individuals who visit the Platform. We sometimes use cookies delivered by third parties to track the performance of our advertisements. For example, these cookies remember which browsers have visited the Platform. The information provided to third parties does not include Personal Data, but this information may be re-associated with Personal Data after we receive it.

By way of example, as you visit the Platform, advertising cookies may be placed on your computer so that we can understand what you are interested in. Our advertising partners then enable us to present you with retargeted advertising on other sites based on your previous interaction with the Platform.

Third parties, with whom we partner to provide certain features on the Platform or to display advertising based upon your web browsing activity, use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.

Most internet browsers accept cookies by default. You can accept, or block cookies by activating the setting on your browser that allows you to reject all or some cookies. You may also be able to change your cookie preferences via the Platform. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all of the features available through the SmartBear Products and Services.

To find out more on how to manage and delete cookies, visit aboutcookies.org. For more details on your choices regarding use of your web browsing activity for interest-based advertising you may visit the following sites:

On a mobile device, you may also be to adjust your settings to permit or limit ad tracking.

7. Children Under the Age of 13

The Platform is meant for adults and we will not knowingly collect personal information from any person under the age of 13 without permission from a parent or guardian. The Platform is not designed to attract the attention of persons under the age of 13. If you are a parent or legal guardian and think your child has given us information you can email us at [email protected]. You can also write to us at the address listed in the “Contact Us” section of this Notice. Please mark your inquiries “COPPA Inquiry.”

8. Your Choices

Depending on where you are located, you may have certain choices about how we use your personal information, including the right to access, receive a copy of, correct, delete, and opt-out of the processing of, your Personal Data. To exercise your rights (including to opt-out of marketing communications) please email us at [email protected] or by following the instructions included in the email or text correspondence.

Please note that, even if you unsubscribe from certain correspondence, we may still need to contact you with important transactional or administrative information, as permitted by law. Additionally, if you withdraw your consent or object to processing, or if you choose not to provide certain personal information, we may be unable to provide some or all of the services to you.

9. California Privacy Rights

Pursuant to California’s Shine the Light statute (Cal. Civ. Code § 1798.83), you can control if we share personal information with third parties for their marketing purposes. To opt-out of us sharing your personal information with third parties for such purposes, email us at [email protected] include “Marketing Opt-Out” in your request.

In addition, pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), California residents may have certain other rights concerning their personal information. This section describes (i) the categories of personal information collected and disclosed by SmartBear, subject to CCPA, (ii) your privacy rights under CCPA, and (iii) how to exercise those rights.

When we use the term “personal information” in this section, we mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

a. Personal Information We Collect.

During the past twelve (12) months we and our service providers have collected the categories of personal information set forth below. We may disclose each of these categories of personal information to our service providers for our business purposes (to enable the service providers to provide their services) and as otherwise described in the “How We Disclose Personal Information” section above. We will not collect additional categories of personal information or use personal information collected for additional purposes without providing you notice.

  • Identifiers (for example, name, postal address, date of birth, email address, IP address, and online identifiers);
  • Categories of personal information as defined by Cal. Civ. Code § 1798.80 (for example, name, signature, Taxpayer Identification Number, telephone number, passport number, driver’s license number, insurance policy number, account numbers);
  • Protected classifications under California or federal law (for example, age, citizenship status, national origin or ancestry);
  • Commercial information (for example, transaction history);
  • Internet or other electronic network activity information, including information on your usage of our Sites;
  • Geolocation data;
  • Sensory data (for example, audio from call recordings);
  • Employment related information; and
  • Inferences drawn from any information identified above to create a profile.

b. Your Privacy Rights.

In accordance with the CCPA, California residents may exercise, under certain conditions, the following privacy rights with respect to their personal information. Please note: you will not be discriminated against in any way if you exercise the rights listed below, which means we will not deny goods or services to you, provide different prices or rates for goods or services to you, or provide a different level or quality of goods or services to you.

Privacy Right

Description

Notice

You may have the right to be notified, at or before the point of collection, of the categories of personal information we collect and the purposes for which they will be used and shared.

Access

You may have the right to request the categories of personal information that we collected in the previous twelve (12) months, the categories of sources from which the personal information was collected, the specific pieces of personal information we have collected about you, and the business purposes for which such personal information is collected and shared. You may also have the right to request the categories of personal information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your personal information.

Data Portability

You may have the right to receive a portable copy of the personal information you have previously provided to us.

Erasure

You may have the right to ask us to delete (and have us direct our service providers to delete) your personal information. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your personal information for one or more of the following categories of purposes: (1) to complete a transaction for which the personal information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation, or exercise rights under the law (including free speech rights); or (4) to otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

To Opt-Out

We do not sell your personal information. If in the future we do sell your personal information, we will notify you and you may have the right to opt-out of such sale.

c. How to Exercise Your Rights.

If you would like to exercise your rights listed above, please send (or have your authorized agent send) an email to [email protected], or call us toll free at +1 (617) 684 2600. 

d. How We Respond to Your Requests.

In all cases, we will respond to your request within 45 days. However, where reasonably necessary, we may extend our response time by an additional 45 days, provided we send you notice of such extension first. We will provide the information to you via your preferred delivery mechanism. If the information is provided to you electronically, we will provide you the information in a portable format and, to the extent technically feasible, in a machine readable, readily usable format that allows you to freely transmit this information without hindrance.

Please note that we will not charge you for making a request, provided that you make no more than two (2) requests per year. If you make three (3) or more requests in any given twelve (12) month period, we may refuse to respond to such requests, if determined by us to be unfounded or excessive (e.g. repetitive in nature), or we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested. If we refuse to act on the request, we will provide you notice and the reason for our refusal to act.

10. Information for Individuals in the EU and UK

In accordance with European and UK law (collectively, the “GDPR”), individuals in the EU and/or UK may have additional rights relating to the collection and processing of personal information. 

a. Basis for Processing

Our legal basis for processing the personal information described in this Notice will depend on the personal information concerned and the context in which we process it. We process personal information from you:

  • where we need it to perform a contract with you;
  • where the processing is in our legitimate interests (including the purposes described, above, in How We Use personal information);
  • where the processing is necessary for us to meet our applicable legal obligations; or
  • if we otherwise have your consent.

b. Your Privacy Rights

Depending on applicable law, you may have the right to:

  • Request access to your personal information.
  • Request correction of your personal information.
  • Request erasure of your personal information. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal information.
  • Request restriction of processing of your personal information..
  • Request the transfer of your personal information to you or to a third party.
  • Withdraw consent at any time where we are relying on consent to process your personal information.

If you wish to exercise any of these rights or would like further information please contact us at [email protected]. Depending on the nature of your request, we may need to verify your identity.

Depending on where you are located, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning personal information. We encourage you to first reach out to us at [email protected] or using the address in the “Contact Us” section below, so we have an opportunity to address your concerns directly before you do so.

11. Storage, Security and Retention of Information

We take reasonable steps to protect the personal information users share with us, including, but not limited to, setup of processes, equipment and software to avoid unauthorized access or disclosure of this information. No transmission of information via the Internet can be entirely secure, however, so please always use caution when submitting personal information. We will retain your personal information in compliance with the uses described in this Notice, as well as to comply with our legal, financial reporting, or compliance obligations.

12. Transfers of Personal Information

We process and store personal information both inside the United States and overseas. If you live outside of the United States, be advised that we may transfer your personal information to the United States and other countries, whose laws may not provide the same protections as the laws in your country. Personal information transferred outside of the European Economic Area will be subject to the appropriate safeguards pursuant to GDPR and other applicable law, including without limitation, standard contractual clauses approved by the European Commission.

13. Privacy Shield Framework

In accordance with the Court of Justice of the European Union’s (CJEU) invalidation of the Privacy Shield Framework as a valid transfer mechanism, we no longer rely on the EU–US Privacy Shield Framework as a legal mechanism for transfers of personal data of its EU and/or UK based users to the US. However, to demonstrate our commitment to privacy, we maintain our adherence to the Privacy Shield principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability (the “Privacy Shield Principals”). We remain subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern, but this does not limit any more protective rights you may have under applicable laws. In the context of an onward transfer, we have responsibility for the processing of personal data we receive under the Privacy Shield and subsequently transfer to a third party acting on our behalf. We shall remain liable under the Privacy Shield Principles if this third party processes such personal data in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the alleged damage. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles in each of the Privacy Shield Frameworks. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, SmartBear commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SmartBear at:

Legal Department
SmartBear Software Inc.
450 Artisan Way
Somerville, MA 02145
Phone: +1 (617) 684-2600
[email protected]

SmartBear has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

14. Links to Third Parties and their Sites

Our Platform may include third party content and links to third party websites and services that collect personal information. We do not control these third parties and this Notice does not apply to their privacy practices. We are not responsible for the practices of these third parties or how they use information you provide to them. Please read the third parties’ privacy policies carefully.

15. Contacting SmartBear

If you have any questions about this Notice or the privacy practices of SmartBear please email us at [email protected]

Our European representative can be contacted by email at [email protected], or by writing to:

General Counsel, Legal Dept.

Mayoralty House, Flood Street

Galway, Ireland

Our United Kingdom representative can be contacted by email at [email protected], or by writing to:

General Counsel, Legal Dept.

3 More London Riverside

London, SE1 2AQ

England

If you are contacting us to exercise your rights with respect to your personal information as detailed in this Notice, we ask you to please adhere to the following guidelines:

  • Tell Us Which Right You Are Exercising: Specify which right you want to exercise and the personal information to which your request relates (if not to you). If you are acting on behalf of another consumer, please clearly indicate this fact and your authority to act on such consumer’s behalf;
  • Help Us Verify Your Identity: Provide us enough information to verify your identity. For example, provide us (at a minimum) your full name, address, and phone number. Please note that if we cannot initially verify your identity, we may request additional information to complete the verification process. Any personal information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification.
  • Direct Our Response Delivery: Inform us of the delivery mechanism with which you prefer to receive our response. You may specify, for example, email, mail, or through your account (if you have one with us).

Please note that you do not need to create an account with us in order to make a request to exercise your rights hereunder.

16. Updates

This Notice may be amended from time-to-time. Unless otherwise indicated, any changes to this Notice will apply immediately upon posting to the Platform so please check our site periodically for updates. You can see when this Notice was last updated by reviewing the “Last Updated” legend at the top of this page. We will provide notice of material changes by updating the Notice here, and communicating with you in the manner and format in which we typically communicate with you in our regular course of business, as required by applicable law.