This notice is addressed to those who interact with the Services provided by bSmart Labs, accessed through Website or through applications.

This policy provides an outline of the way bSmart Labs manages the Data related to the Users registered to our Services. It also allows Users to know the purpose and method of personal Data processing in case they provide them.

This notice can be modified. Last updated: 04/14/2020.

Data Controller

bSmart Labs srl, Via Montorfano, 98 - 20831 Seregno (MB) - Italy, tel. 0362 640018. For further information about this Privacy Policy, please write to

What Data do we collect?

We collect Users’ personal Data such as, for instance, User ID and password, name, surname and email address, information transferred during the navigation, other personal Data voluntarily provided by Users during the registration or the request for the Services of our Company. Users might access some Services without having to provide their personal Data, nonetheless most of the features are available exclusively to registered Users.

Personal Data provided by Users

We store name and surname, email address, username, password, personal Data and other kinds of information that Users voluntarily provide by using our Services.

Personal Data of underage Subjects

Our Services are aimed at Users of alle ages. Underage Subjects can register to one or more Services provided by bSmart Labs, but their registration must be authorised by a Parent - or other Subjects holding parental responsibility. The Parent - or another Subject exercising parental responsibility - authorises bSmart Labs to process the personal Data of the underage Subject by giving explicit consent, as required during the registration, and thus accepting the procedures described in this Policy (see How do we use the Data we collect?), in the Terms and Conditions page and in compliance with the General Data Protection Regulation (UE/2016/679), art. 8. The Parent - or other Subject exercising parental responsibility - is entitled to view and ask to modify, integrate or delete the personal Data of the minor by addressing a communication to the Data Controller. Moreover, if she/he learns that the underage Subject whom she/he exercises parental responsibility for has registered to one or more Services provided by bSmart Labs without her/his explicit consent, she/he can contact the Data Controller, who will delete the minor’s account within a reasonable period of time.

Navigation Data

IT systems and software procedures adopted for the functioning of our Services collect, as part of their normal functioning, several Data that are then used implicitly by Internet communication protocols. This class of information includes, for instance, IP addresses, the domain names of the computers of the Users visiting bSmart Labs’ Websites and applications, the time of the request to the web server, the method used to forward the request and other parameters related to the Users’ operating system and IT environment. Generally, this information is not collected in order to be linked to the specific people it refers to and can be used by bSmart Labs for anonymous statistical information related to use of our Services and for controlling their correct functioning.   Furthermore, this Data may be used for investigations directed at identifying any people responsible for actions classed as computer crime, which are detrimental to our Websites, applications or software.


Cookies are text files or parcels of information stored on a User’s device so that they are automatically returned to the server every time the User visits the Website. The Data collected through cookies is exclusively used for internal purposes and no Data is transferred to third parties. It is also possible to visit the Website and to use the applications without cookies. Most browsers accept cookies automatically. Users can avoid the automatic registration of cookies by selecting the option provided in the browser settings. Users can also use the browser to delete any cookie already stored on the hard disk. Please note that disabling cookies could prevent the Users from browsing the Website correctly or limit the use of related applications and Services.

How do we use the Data we collect?

Users’ personal Data will be processed exclusively according to the methods described in this notice and in compliance with the terms of the General Data Protection Regulation (UE/2016/679), Chapter 2. In order to use the Services provided by bSmart Labs, Users have to give explicit consent to the use of their personal Data. We use your Data in order to:
  • Operate, maintain and improve our Websites, Products and Services.
  • Send information, including confirmations, invoices, technical notes, updates, security notices and administrative messages.
  • As for some bSmart Labs’ Services, interact with other registered Users included in groups with limited and controlled access (e.g. bSmart Classroom’s virtual classrooms or the pages connecting Students and Tutors/Parents and Tutors in bSmart Tutors or the pages enabling Parents to access they children’s personal Data).
  • Create and promote contests and awards.
  • Answer to comments and requests providing customers with a Service.
  • Send information about promotions, events and other news on the free Products and Services offered by our Company.
  • Link or combine the Users’ information with other personal information.
  • Protect against, investigate and discourage frauds and unauthorised or illegal activities.
  • Provide Products and Services requested by customers.
  • Send possible invitations to test bSmart Labs’ Services as a result of explicit actions performed by Users already registered to the Service (e.g. sharing a content with other people by entering their email address).
In some cases we use some Data (email or other) explicitly provided by Users registered to one or more Services by bSmart Labs in order to send invitations or other communications to third parties not registered to bSmart Labs’ Services. In order to allow the full functionality of certain services provided by third parties (e.g. Google Drive, Dropbox), we ask you to enter your access data to these services in order to be able to access your own content hosted on the respective platforms. bSmart Labs never directly accesses the user's content, does not save any files on its servers and makes it available for viewing only and exclusively to the direct owners. We store this information for the sole purpose of sending communications related to bSmart Labs’ Services. The recipient of these messages can contact us at
  • Receive communications, promotions and other news about paid Products and Services offered by bSmart Labs.
  • Receive communications, promotions and other news about Products and Services offered by our selected partners (e.g. newsletters or other messages about initiatives related to the world of school, teaching and Education).
  • For both of these consents, Users can give or revoke the authorisation from their profile page. As an alternative, Users can write us an email to the address in order to change their preferences. We will apply theses changes within a reasonable period of time.

    Data sharing and security

    We do not share our Users’ personal Data with third parties, except for the following specific cases:
    • We may share the name, surname and email address of the Users who access a specific content, exclusively with the holders of the property rights of the said content.
    • Some categories of Subjects performing activities linked and instrumental to the activities performed by bSmart Labs, such as the Subjects dealing with Users for technical support or computer operators, may learn of some Data.
    • Some personal Data may be visible to other Users within specific Services by bSmart Labs. For instance, Teachers in bSmart Classroom, Tutors while working with Students in bSmart Tutors and Parents in the pages dedicated to the management of their children’s profiles.
    • We may provide surveillance authorities with some Data due to the laws in force, to rules deriving from EU regulations or from the instructions of public authorities.
    • Users have voluntarily given their optional consent (see How do we use the Data we collect?) to the transfer of their personal Data to the partners of bSmart Labs.
    bSmart Labs undertakes to use the necessary security measures in order to protect the personal Data of Users in the best way possible.

    How long do we store your Data?

    Personal Data is stored for no longer than is required to fulfill the tasks for which the said Data was collected or processed. In some specific cases (e.g. Data about traffic collected through external Services) storage has a limited duration in time.

    Where do we store your Data?

    Personal Data will be managed and stored on servers located within the European Union. bSmart Labs’ Services are now hosted by Amazon Web Services in Ireland. Data won’t be transferred outside the European Union, except for some anonymous Data that are stored on servers located in the United States for statistical purpose. Nevertheless, if necessary, the Data Controller might move the location of the servers to Italy and/or the European Union and/or countries outside the EU. In this case, the Data Controller assures that the transfer will be performed in compliance with the laws in force, signing agreements that ensure a suitable level of protection, if necessary, and/or adopting the standard contractual clauses of the European Commission.

    Right to rectification, erasure and complaint with reference to personal Data

    With reference to the processing of personal Data, Users can exercise, at any time, the rights specified in the General Data Protection Regulation (UE/2016/679), Chapter 3, Section 3 by writing to Furthermore, Users have the right to lodge a complaint with a supervisory authority. When possible, bSmart Labs undertakes to provide Users with an autonomous method to access their personal Data used in our Services. In case of incorrect information, bSmart Labs undertakes to rectify mistakes or inaccuracies within a reasonable period of time or, if required, to delete all the information related to the Users, unless having to store it for legal purposes.