Effective date: May 7th, 2019
This Privacy Statement (the "Privacy Statement") is provided by:
Videonor AS ("Videonor" / "Seevia" / “we”)
Gate 1 no. 101, 6700 Måløy, Norway
Business organization number NO 997742346
This policy describes what information we collect when you use Videonor’s sites, services, applications and content (“Services”). It also provides information about how we store, transfer, use, and delete that information, and what choices you have with respect to the information.
This policy applies to Videonor’s products for video/audio communication, our related supplementary services and management tools, including the “Seevia” directory service, our websites, as well as other interaction (e.g. support conversations, user surveys and interviews etc.) you may have with Videonor.
For content and data that you upload to or make available through the Service (“User Content”), you are responsible for ensuring this content is in accordance with our Terms of Service, and that the content or the processing of the content is not violating the privacy of other persons.
Videonor as a data processor
If you only use our public websites or communicate with us via our social media accounts or similar, or if you have a personal user account with the Service (“User Account”) that is not associated with the account for a business or organization (an “Enterprise Account”), this section does not apply to you.
This section only applies to you if your personal information was submitted to the Service by your employer / contractor or another third party organization via their Enterprise Account. In these cases, Videonor obtained your data via that organization (the “Client”), who determined to submit your details to the Service.
In these instances, the Client is the data controller for your personal data, and Videonor acts as a data processor. Videonor’s duties as a data processor are detailed in our Data processor agreement (located at https://videonor.com/dpa/) which is offered to our resellers, and any Clients to which we may sell the Service directly.
The Enterprise Account owner/Client is responsible for the management and deletion of any personal information being processed by Videonor for the purpose of operating and maintaining our Services in accordance with instructions from our Clients, including the following categories of personal data, as further detailed in our Data processor agreement:
- User account information including name and email address.
- Video endpoint/client registration details including display names and contact details such as video addresses for systems/clients.
- “Seevia” directory entries including names and details such as video addresses for persons and video systems being registered in the Seevia directory service.
- Usage Information including call detail records, IP addresses, device information and call diagnostics.
- Your audio and video images as may be generated by Clients who have access to the Service’s supplementary recording feature.
- Service notifications such as emails generated in order to facilitate certain tasks and workflows that are part of the Service, like resetting passwords.
If such personal information about you is registered with Videonor’s services and you wish to access / rectify / delete this information, or if you have similar requests that you may make when exercising your rights under the applicable data protection regulation, you should contact the Client in his capacity as the data controller for your data.
Personal data we process as a data controller
We may also collect and process information about you based on your interaction with our services, our websites, support channels or social media accounts for our own purposes, e.g. in order to send you product information or newsletters. In these instances, Videonor acts as a data controller.
If such personal information about you is registered with Videonor’s services and you wish to access / rectify / delete this information, or if you have similar requests that you may make when exercising your rights under the applicable data protection regulation, you may contact Videonor using the contact details provided in this document.
The following is a list of data we collect, process or store as a data controller, along with a description of the purpose and legal ground for this processing
- Seevia User account information. If you have a personal user account with Seevia, and that User account is not associated with an Enterprise Account, Videonor acts as a data controller with regards to your account details, such as your name and email address. If you opt to use LinkedIn as a third-party authentication mechanism for logging in to the Seevia web service, we will also store your job title, LinkedIn image URL, and your LinkedIn User reference/id.The information may be used for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. This is required to deliver the Service to you as a user, by taking steps, at your request, to enter into such a contract (Terms of Service) cf. GDPR art. 6 (1) b.
- Usage Information. Videonor may process Usage Information for our own purposes, e.g. when monitoring usage trends and managing network / processing capacity. In those circumstances, we will be a data controller. When acting as data controller, our legal basis for this processing is our legitimate interests cf. GDPR art. 6 (1) f, namely using this data for the purpose of ensuring the proper administration of our website, applications and business, analyzing the use of the website and services, monitoring and improving our website and services and improving the user experience and general product quality. Usage Information can be further divided into the following subcategories:
- Service log data. Like for most digital services, information is automatically collected and recorded in log files when you access or use the Services. This log data may include the Internet Protocol (IP) address, video addresses, telephone numbers, display names etc. of users participating in meetings.
- Device information. Information about video systems and clients used to access the Services is collected, including make and model of devices, what operating system is used, device settings, software versions and unique device identifiers. Whether some or all of this information is collected depends on the type of device used and its settings.
- Aggregated usage analytics. Technical log data is processed in order to extract aggregated usage metrics required for business operation and for distribution to Clients/resellers upon request. These reports show key usage metrics (such as total meeting minutes and number of meetings) for individual endpoints/clients or virtual meeting rooms over a specific time interval. Similar reports are also available on a higher level of aggregations, e.g. the total number of meetings for a Client.
- Meeting details. In addition to aggregated usage analytics, log data is also processed to extract reports for individual meetings. These reports contain details such as start/end time, duration, names/video addresses of meeting participants, and diagnostics information such as call quality metrics.
- Service status and incident reporting. We may process contact information such as your email address or your phone number that you provide to us when you subscribe to service status notifications, in order to send you information about service interruptions, unscheduled emergency maintenance and similar. The legal basis for this processing is your consent cf. GDPR art. 6 (1) a. You can opt in/out to this type of communication by following the instructions provided when subscribing, e.g. clicking the “Unsubscribe” link included in status emails or replying "STOP" to a SMS text message, or by contacting Videonor.
- Client support information. We may process information that you send to us, should you choose to submit a ticket to our support email. If you contact us, we may use your User Account or Usage Information to respond. Collecting this information is required for performing the contract we entered into with the Client, as well as our legitimate interest of handling your requests cf. GDPR art. 6 (1) f.
- Correspondence information. We may process information that you choose to share with us if you participate in a focus group, contest, activity or event, apply for a job, interact with our social media accounts or otherwise communicate with Videonor. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests cf. GDPR art. 6 (1) f, namely the proper administration of our website and services, our business and communications with users.
If you do not provide the information above, or you object to our processing of said information, you may not be able to receive the service offering for which the data is processed. We can for example not provide you with a newsletter without your email address, and if you object to the collection of Usage Information, the Service may not work as intended.
Providing your personal data to others
We may share information about you with third parties in some circumstances, including: (1) with your consent; (2) to a service provider or partner who meets our data protection standards; (3) with academic or non-profit researchers, with aggregation, anonymization, or pseudonymization; (4) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other legal process.
Our categories of service providers and partners are:
- Hosting/infrastructure/storage providers
- Customer Support tools providers
- Service status/incident reporting tools providers
- Email service providers
- Internal communication tools providers
- Providers of supplementary video/communication services sold by Videonor
- Marketing, sales and web traffic analytics tool providers
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
International transfers of your personal data
Due to the nature and global reach of the Videonor services, in some circumstances your personal data may be transferred to countries outside the European Economic Area (EEA). You acknowledge that personal data that you submit for registration through our website or services, like name and video addresses of your video client, may be transferred via the internet, around the world, depending on your use of the services to communicate with people in remote locations. An example would be your video address being processed by infrastructure operated by a service provider in a different country, in order to set up a video call between you and a remote party.
We and our other group companies have offices and facilities in Norway, Sweden, and the United States. The hosting facilities for the various categories of information described in this policy stored by us are situated in Norway, Sweden, Ireland and the United States. Subcontractors used by Videonor in the United States have joined the Privacy Shield program, which allows such transfer under the EU/EEC Privacy Regulation.
Retaining and deleting personal data
Retention and deletion of personal data for which we act as a data processor is subject to the instructions of our Clients. These categories of personal data are described in the section “Videonor as a data processor”.
When acting as a data controller, it is our responsibility that personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We will retain your personal data as follows:
- Usage Information in the form of service log data, device information, meeting details and website log data will be retained for 90 days. Meeting details older than 90 days will be anonymized so that although it may be possible to see that a product (Virtual Meeting Room, Desktop App or Endpoint) associated with a particular user has been used, the information that allows identification of additional individual meeting participants will be removed/anonymized.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
- Generally, to determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- Seevia user account information (when the User account is not associated with an Enterprise Account) will be retained until deleted by the User or by Videonor acting on instructions from the User. Inactive Seevia user accounts may be routinely deleted by Videonor after a period of inactivity of no less than a year.
- Information about you used for Product & Marketing communication and Service status and incident reporting will be retained as long as you have given us consent to use this information.
- Client Support Information in the form of support tickets and similar will be retained as part of our knowledge base and Client history for as long as the information within is deemed relevant in order to help us process future support requests and as long as it’s needed for record-keeping. Support tickets and correspondence that has reached the end of its lifespan with regards to usefulness or that does not contain information that needs to be preserved will be routinely deleted.
Regardless of the provisions above, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Changes to this policy
We can change this policy at any time. We keep a historical record of all changes to our policy. If a change is material, we’ll let you know before it takes effect, either by posting a notification on our website, or in some cases by sending you an email, depending on your email address being registered to a Personal User Account with the Service. By using the Service on or after the effective date of the policy change, you agree to the new policy. If you don’t agree, you should stop using the Service before the new policy takes effect, otherwise your use of the Service and Content will be subject to the new version of the policy.
As an individual you are granted rights according to the applicable data protection law:
- The right to access to your personal data
- The right to rectification of your personal data
- The right to object to and restriction of our processing of your personal data
- The right to be forgotten; erasure of your data.
- The right to data portability.
If you have provided your consent to processing of your personal data, you may also withdraw your consent at any time.
The rights are not absolute, and you may read more about your rights in the EU general data protection regulation Chapter III, or at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en
To exercise your rights or if you otherwise have any questions regarding our processing of your personal data, we encourage you to contact the Client or Videonor, depending on which entity serves as data controller for the processing in question, as laid out in the sections “Videonor as a data processor” and “Personal data we process as a data controller” above. However, we also notify you that you may raise complaints to a data protection authority, e.g. the supervisory authority where you live or the Norwegian Data Protection Authority. You may find further information on their website: https://www.datatilsynet.no/