GDPR Privacy notice and use of cookies for BigBlueButton services

We are committed to maintaining privacy protections for the visitors of our website. Our Privacy Policy is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using the Website.

BY USING THE WEBSITE AND SERVICES YOU AGREE TO THIS PRIVACY POLICY.

Definitions

“Policy” mean this Privacy Policy.
“We”, “us” means the owner and the administration of the Website.
“User”, “you” means you, a person using the Website.
“Website”, “Site” means this site identified by the URL www.opencloud.lu.
"BigBlueButton" any of the few instances of the Open Source video conferencing platform we make available under a sub domain of opencloud.lu.
"GDPR" means the EU Regulation 2016/679 aka General Data Protection Regulation
“Personal Data” means information or its combination that can be used to identify the User as an individual, such as, for example name, email address, phone number, home or business address.
“Anonymous Data” means non-personally identifiable information about an individual that alone or in combination with similar information can not be used to identify the User, for example, computer’s IP address or browsing history.
“Information” means any Personal Data, Anonymous Data and/or any other information that is public by default.

Anonymous data collected automatically

We collect anonymous data from your browser when you use the Website and services.

The Website automatically collects usage information, such as a portion of the IP address you wish us to see, the country of origin of the IP, browser type and language, access times, version, language and type of your operating system, the number and frequency of visitors to the Website. We maintain log files of the traffic that visits the Website for technical purposes only and are not processed and/or shared with third parties unless required to investigate cybersecurity incidents.

Information we collect and purpose of the processing

To manage video conferences an event administrator must sign up to the BigBlueButton instance providing to us:
  • full name
  • email address
Once we received the registration then we will, if we deem the request to be valid and in line with our fully arbitrary policies which mostly allow non for profit and education institutions to use the free service, approve it or discard it and purge the data from the systems. Personal data provided by registered users will be stored on the server providing the service until the user decides to delete its own account and is not shared with third parties unless required by law.

Participants to the video conference do not need to register with the BigBlueButton service and no personal data or information about them will be stored.
The event administrator will send the link to the event through other means.

Event recordings

Recordings are stored locally on the BigBlueButton server and can be initiated by the event administrator. Participants can be warned in advance if the event will be recorded and can be given the option to consent to the recording. Participants will be notified that the event administrator has started the recording through a message and an icon on their screen.

The event administrator and the participants should be aware that other participants may be independently recording the event from their PC so they should not share information that could be damaging for other people if made public and/or violate their rights.

Google Analytics free area

We all know that, in it's effort to suggest you the most relevant ads, Google tracks your every move on the Internet through a service called Google Analytics. It's a service that is being used by most sites, even by some Privacy challenged web sites run by Central and Local Government organisations in some countries, but we decided that your privacy is more important than a few shiny graphs which can be created with other nice tools.

We have chosen to use Mamoto Analytics (previously known as Piwik) to evaluate which pages are being visited the most on our web site. Mamoto provides the same features you may find to be cool in Google Analytics but the data generated does NOT leave our servers, is not sold to third parties and is not aggregated to any external data sources.

Privacy Shield agreement (invalidated) and Standard Contractual Clauses (soon to be invalidated with US providers)

Our servers and data will, at all times, reside within the EU so we do not need or wish to use legal workarounds to transfer your data to privacy challenged countries.
We are aware that, unfortunately, some providers may route your requests to our servers through countries that may not respect your right to Privacy but that is completely out of our control. It's very unlikely that there will be any sensitive information being transmitted from our web site but, just in case, communication between our servers and your device is encrypted using SSL certificates provided by Let's Encrypt.

More information about the invalidation of the Privacy Shield agreement and how it affects your rights.

Disclosure of information

We don't have much data to release to anyone about you as we are not interested in tracking you.

However, we may collect as much information as we legally can about you if we detect that you are attempting to bypass our security measures and/or you are trying to gain access to non public areas of our servers. We will transfer to third parties, store, analyse and aggregate only data that is relevant to attempted or potential breaches.

Other data we may hold could be disclosed in the following cases:
  • When we believe in good faith that such release is appropriate to comply with the applicable law, regulation, legal process or governmental request (for example, pursuant to a statutory demand, subpoena, warrant or court order);
  • To enforce the Terms of Use, or any agreement between you and us;
  • To detect, prevent, or otherwise address fraud, security or technical issues;
  • To protect against abusive or unlawful use of the Website;
  • To protect the rights, safety, or property of Users, or any other third parties;
  • If we reasonably believe that a situation involving danger of death or injury to any person requires disclosure;

Cookies

We use local and anonymous cookies to manage browsing sessions on our web site and to see on which local links a visitor clicked on.  We do not use cookies to track you as an individual or to store any Personally Identifiable Information. Unlike other organisations we have no interest at all in tracking you while you browse other sites.

If you choose not to set any cookies you will see exactly the same information but you may not be able to log-in into our partner area if you are one of our resellers or partners.

Third-Party websites and services

We do not currently integrate services from third parties but there may be links pointing to external websites on which we have no control.

Sensitive/special types of Information

We do not kwowingly process any Sensitive Information, such as related to the racial or ethnic origin, political opinions, religious beliefs, physical or mental health or condition, crime or court records, etc. Some users of the service may share between themselves such types of information but we have no way to know about it.

Information Security

We take commercially reasonable precautions to protect Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We process all Information using industry-standard techniques and tools on our own private Cloud located in Tier IV data centers in Luxembourg.

Severability and integration

This Privacy policy constitutes the entire agreement between you and us and supersedes all previous written or oral agreements. If any part of the Policy is held invalid or unenforceable, that portion shall be construed in a manner consistent with applicable law to reflect, as nearly as possible, the original intentions of the parties, and the remaining portions shall remain in full force and effect.

Changes to the Privacy policy

We may change the Policy at any time. The most current version will always be located on this page. If you continue to use the Site after we make changes to the Policy, you are implying acceptance of the new terms. You are responsible for checking this Policy periodically for any changes.
 

Your rights under EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22

We'd like to tell you that GDPR allows you to exercise the following rights:
  • Right of access by the data subject (art. 15)
  • Right to rectification (art. 16)
  • Right to erasure (‘right to be forgotten’) (art. 17)
  • Right to restriction of processing (art. 18)
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing (art. 19)
  • Right to data portability (art. 20)
  • Right to object (art. 21)
  • Right not to be subject to a decision based solely on automated processing (art. 22)


Rights under the "Charter of Fundamental Rights of the European Union"

If you are an European Citizens you should be aware that you have fundamental rights that must prevail over any contract or international agreement:

Respect for private and family life (Article 7)
Everyone has the right to respect for his or her private and family life, home and communications.

Protection of personal data (Article 8)
  1. Everyone has the right to the protection of personal data concerning him or her.
  2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
  3. Compliance with these rules shall be subject to control by an independent authority.

You can contact the Data Controller responsible for this web site in writing here:

Omnis Cloud Sarl
9 Avenue des Hauts-Fourneaux
L-4362 Esch-sur-Alzette
Luxembourg

or by sending a your requests to privacy[at symbol]omniscloud.eu

Tags: Privacy, GDPR

Print