If you are in the EU or UK, you have the right to see, correct, delete, and move your personal data, and to object to certain uses of it. You can also complain to your national data protection authority if you believe your rights have been violated.
This analysis describes what Smartsheet's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are enforceable under GDPR and UK GDPR, and Smartsheet's acknowledgment of them means EEA and UK users have formal legal mechanisms to challenge or limit data processing, including the right to file complaints with national regulators.
EU and UK users can formally request access to, deletion of, or a copy of their personal data, and can object to Smartsheet processing their data based on legitimate interests, including for marketing purposes; these rights are exercisable through Smartsheet's privacy request form.
How other platforms handle this
If you are located in the EEA, UK, or Switzerland, you have certain rights with respect to your personal information, including the right to access your personal data, to correct or delete your personal data, to restrict processing of your personal data, to data portability, and to object to process...
If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Monitoring
Smartsheet has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the EEA or UK, you may have the following rights under applicable data protection law: the right to access your personal data; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict processing of your personal data; the right to data portability; the right to object to processing based on legitimate interests; and the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your relevant supervisory authority.— Excerpt from Smartsheet's Smartsheet Privacy Policy
(1) REGULATORY LANDSCAPE: This provision is governed by GDPR (Regulation 2016/679) and UK GDPR. Enforcement authorities are EU national data protection authorities and the UK Information Commissioner's Office. The rights enumerated correspond to GDPR Articles 15 through 21. Smartsheet's role as data controller for website and marketing data means it bears direct GDPR obligations for those processing activities; its role as processor for service data means enterprise customers bear controller obligations for that data. (2) GOVERNANCE EXPOSURE: Medium. The enumeration of GDPR rights is standard for a GDPR-covered controller. Compliance exposure arises from the operational adequacy of Smartsheet's rights response processes, including response timelines (one month under GDPR), identity verification procedures, and the handling of complex requests such as portability for service data where Smartsheet acts as processor. (3) JURISDICTION FLAGS: Applies to EEA member state residents and UK residents. Organizations headquartered in the EU or UK that use Smartsheet must ensure their DPA with Smartsheet addresses the controller's obligation to facilitate data subject rights requests that relate to processor-held data. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers in the EU and UK should ensure their Smartsheet DPA includes provisions requiring Smartsheet to assist with data subject rights requests as required by GDPR Article 28(3)(e). Without this, customers may face difficulty fulfilling their own GDPR obligations when employees submit rights requests. (5) COMPLIANCE CONSIDERATIONS: EU and UK users should exercise their right to object to processing based on legitimate interests if they wish to limit marketing or analytics data use. Legal teams should confirm Smartsheet's DPA obligations for assisting with data subject rights and document their own procedures for handling requests redirected from Smartsheet for service data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are enforceable under GDPR and UK GDPR, and Smartsheet's acknowledgment of them means EEA and UK users have formal legal mechanisms to challenge or limit data processing, including the right to file complaints with national regulators.
EU and UK users can formally request access to, deletion of, or a copy of their personal data, and can object to Smartsheet processing their data based on legitimate interests, including for marketing purposes; these rights are exercisable through Smartsheet's privacy request form.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Smartsheet.