<ul>
<li>ProductProduct<ul>
<li>Feature overview</li>
<li>Business</li>
<li>Pro</li>
<li>Embedded</li>
</ul>Product<ul>
<li>Feature overview</li>
<li>Business</li>
<li>Pro</li>
<li>Embedded</li>
</ul>
</li>
<li>Pricing</li>
<li>Support</li>
<li>Log in</li>
<li>Get started</li>
</ul>Privacy Policy
<p>Effective date: June 25th, 2020</p>
<p>This Privacy Statement (the "Privacy Statement") is provided by:</p>
<p>Video Communication Services AS ("Whereby"/"we")</p>
<p>Gate 1 no.
101, 6700 Måløy, Norway</p>
<p>Business organization number NO 918470573</p>
Introduction
<p>This policy describes what information we collect when you use
Whereby’s sites, services, mobile applications, products, and
content (“Services”).
It also provides information about how we store,
transfer, use, and delete that information, and what choices you have
with respect to the information.</p>
<p>This policy applies to Whereby’s online video meeting tool,
including the website and mobile applications, and other Whereby
websites (collectively “the Websites”), as well as other interaction
(e.g.
customer support conversations, user surveys and interviews
etc.) you may have with Whereby.</p>
<p>This policy applies where we are acting as a Data Controller with
respect to the personal data of users of our Services.
in other words,
where we determine the purposes and means of the processing of that
personal data.
For content and data that you upload to or make
available through the Service (“User Content”), you are responsible
for ensuring this content is in accordance with our Terms of Service,
and that the content is not violating other users’ privacy.</p>
How we collect, process and store information
<p>We in Whereby are committed to safeguarding the privacy of our
users.
Our business model is to provide a paid service to users who
need additional features on top of the FREE version, and does not rely
on widespread collection of general user data.
We will only collect
and process information that we need to deliver the service to you,
and to continue to maintain and develop the service.</p>
<p>Whereby may collect, store and process various kinds of data, with
different legal grounds, as listed below.
For the categories of data
that require your consent, we will actively ask you for consent before
collecting any data.
You can give and revoke your consents at any time
in your Settings page in https://whereby.com.</p>
<p>The following is a list of data we collect, process or store, with the
purpose and legal ground listed for each item or group of items having
the same purpose and legal ground:</p>
<ul>
<li>
<strong>User account information.</strong> Users that choose to register in
Whereby, will have to provide a valid email address or phone
number.
The user can also choose to enter a display name and/or add
a profile picture that will be used to represent them in
conversations.
If you as a user choose to sign up with an external authentication service, e.g.
Google Sign-In, we will fetch and store email address, name and profile image URL from this service.
</li>
<li>
<p>
<strong>Room information.</strong> To create a room in Whereby, you as a user
will have to select a room name.
This name will be publicly visible,
and will be used by other users accessing meetings in that room.
You
as a user is responsible for the content you enter into a room name,
and the content has to be compliant with our guidelines for
Prohibited Content in Terms of Services.</p>
<blockquote>
<p>The information may be used for the purposes of operating our
website, providing our services, ensuring the security of our
website and services, maintaining back-ups of our databases and
communicating with you.
This is required to deliver the Service to
you as user, by taking steps, at your request, to enter into and to
fulfilling such a contract (Terms of Service) cf.
GDPR art.
6 (1)
item b.</p>
</blockquote>
</li>
<li>
<p>
<strong>Transaction information.</strong> Customers that choose to purchase a
paid version of the Services provide Whereby (and our payment
processors) with billing details such as credit card information,
billing email, banking information, location at the time of
transaction and/or a billing address.</p>
<blockquote>
<p>The transaction data may be processed for the purpose of supplying
the purchased services and keeping proper records of those
transactions.
This data may be used for the purpose of delivering
the Services to you.
Processing this information is required for
fulfilling the contract we entered into with you, at your request
(our Terms of Service) cf.
GDPR art.
6 (1) item b.
Additionally,
this information needs to be retained in order to comply with
accounting and tax regulation cf.
GDPR art.
6 (1) item c.</p>
</blockquote>
</li>
<li>
<p>
<strong>Usage information.</strong> When you as a user interact with the
Services, we collect and process metadata to provide additional
context about the way the Service is being used.
The usage data may
include your IP address, geographical location, browser type and
version, operating system, referral source, length of visit, page
views and website navigation paths, as well as information about the
timing, frequency and pattern of your service use.
The source of the
usage data is our server software and our analytics tracking system.</p>
<ul>
<li>
<strong>Product Analytics data.</strong> Whereby logs activities by you and
other users when the users interact with our websites or apps,
when a page or a room is visited or where there is a
conversation.
We will never collect or record the content in
conversations.</li>
<li>
<strong>Technical log data.</strong> Like most digital services, our servers
automatically collect information when Websites or Services are
accessed or used and record it in log files.
This log data may
include the Internet Protocol (IP) address, the address of the web
page visited within the Services, browser type and settings, the
date and time the Services were used, information about browser
configuration and plugins, language preferences and cookie data.</li>
<li>
<strong>Device information.</strong> Whereby may collect and process
information about devices used to access the Services, including
type of device, what operating system is used, device settings,
application IDs, unique device identifiers and crash data.
Whether
we collect and process some or all of this information depends on
the type of device used and its settings.</li>
<li>
<p>
<strong>Location information.</strong> We receive information from you and
other third-parties that helps us approximate your location.
We
may, for example, use a business address submitted by your
employer, or an IP address received from your browser or device to
determine approximate location.
Whereby may also collect
location information from devices in accordance with the consent
process provided by your device.</p>
<blockquote>
<p>The legal basis for this processing is our legitimate interests
cf.
GDPR art.
6 (1) item f, namely using this data for the purpose
of ensuring the proper administration of our website and business,
analyzing the use of the website and services, monitoring and
improving our website and services, improving the user experience,
preventing abuse, and assisting users with support inquiries.
For
information about cookies and how to opt out of cookies, see our
Cookie Policy.</p>
</blockquote>
</li>
</ul>
</li>
<li>
<p>
<strong>Customer Support Information.</strong> We may process information that
you send to us, should you choose to submit a ticket to our support
email.
If you contact us, we may use your Account, Room,
Transaction or Usage Information to respond.</p>
<blockquote>
<p>Processing this information it is required for performing the
contract we entered into with you, at your request (our Terms of
Service), as well as our legitimate interest of handling your
requests cf.
GDPR art.
6 (1) item f.</p>
</blockquote>
</li>
<li>
<p>
<strong>Product &.
Marketing communication.</strong> We may process information
that you provide to us for the purpose of subscribing to our email
newsletters.
You can opt in to emails such as digests, newsletters,
and activity notifications through your account’s “Settings >.
Privacy >.
Consents” page.</p>
<blockquote>
<p>The notification data may be processed for the purposes of sending
you relevant product information or newsletters.
The legal basis for
this processing is your consent cf.
GDPR art.
6 (1) item a.</p>
</blockquote>
</li>
<li>
<p>
<strong>Service and transactional notifications.</strong> Sometimes we’ll send
you emails about your account, service changes or new policies.
You
can’t opt out of this type of “service or transactional” emails
(unless you delete your account) as they are necessary information
for the Services.</p>
<blockquote>
<p>The legal grounds for processing this information is that it is
required for performing our commitment about communicating changes
in plans and pricing to you in the contract we entered into with
you, at your request (our Terms of Service) cf.
GDPR art.
6 (1) item
b, and our legitimate interest of communicating important
information about your account to you, cf.
GDPR art.
6 (1) item f.</p>
</blockquote>
</li>
<li>
<p>
<strong>Correspondence information.</strong> We may process information that you
choose to share with us if you participate in a focus group,
contest, activity or event, apply for a job, interact with our
social media accounts or otherwise communicate with Whereby</p>
<blockquote>
<p>The correspondence data may be processed for the purposes of
communicating with you and record-keeping.
The legal basis for this
processing is our legitimate interests cf.
GDPR art.
6 (1) item f, namely
the proper administration of our website and business and
communications with users.</p>
</blockquote>
</li>
<li>
<p>
<strong>Integrations with external services</strong> You as a participant in a meeting
may choose to open one of the integrations we provide (Google Drive,
YouTube, Trello and others) in rooms where these have been enabled.
We may
store data from use of integrations in a local browser storage, and process
this to enrich the user experience.
This data can be deleted with the
delete option in the integration settings or by deleting it from the cache
of your browser.
When using an integration, metadada like title, thumbnail,
dates and share permissions about content selected may be fetched and
displayed in the web page.
We may store non-personal/non-restricted
information (eg.
content id and access date) in a local browser storage
to display lists of recent opened integrations.
Restricted metadata
is always stored by the services themselves and requires explicit consent
given by the facing user to fetch it.
The implementation is in compliance with
the services privacy policies: Google Privacy Policy,
Trello Privacy Policy and
Miro Privacy Policy.</p>
<blockquote>
<p>The information may be used for the purposes of operating our
website and providing our services.
This is required to deliver the Service to
you as user, by taking steps, at your request, to enter into and to
fulfilling such a contract (Terms of Service) cf.
GDPR art.
6 (1)
item b.</p>
</blockquote>
</li>
</ul>
How we process media (audio/video)
<p>We will never store any media sent between participants in a
room.
Customers who have access to the “Recording” feature will be
able to record meetings, and they are then responsible for collecting
consents from all participants in the meeting prior to starting the
recording.
They are also responsible for storing and processing the
recording in compliance with regulations after downloading it from
Whereby.</p>
Security
<p>In the FREE version of the Service, users can use “Small meeting” mode
(up to 4 participants).
In “Small meeting” mode, communication between
participants are primarily sent through peer-to-peer connections,
where audio and video streams are sent directly between participants
and do not pass through any of our servers.
Video and audio
transmitted in the Service is then sent directly between the
participants in a room and is encrypted (DTLS-SRTP) with
client-generated encryption keys.
In cases where a user is behind a
strict firewall or NAT, video and audio need to be relayed via a TURN
server, but end-to-end encryption is still maintained.</p>
<p>If you have upgraded a room to PRO, you can choose to use “Large
meeting” mode (up to 12 participants).
Calls using “Large meeting”
mode will use a dedicated server infrastructure to allow more people
in conversation, and better stability.
Your stream will be sent
through video router servers which transmits it to the other
participants in the call, and also transmits their streams to
you.
Streams will always be encrypted (DTLS-SRTP) in transit, but will
be decrypted and re-encrypted when passing through the video
routers.
We operate an infrastructure of video routers distributed
across the world, and you will be automatically routed to the closest
one.
The video router servers and all of our infrastructure adhere to
strict security measures, preventing any eavesdropping or interruption
of the video/audio streams.</p>
Providing your personal data to others
<p>We may share information about with third parties in some
circumstances, including: (1) with your consent.
(2) to a service
provider or partner who meets our data protection standards.
(3) with
academic or non-profit researchers, with aggregation, anonymization.
(4) when we have a good faith belief it is required by law, such as
pursuant to a subpoena or other legal process.
(5) to protect the
vital interest of others, when we have reason to believe that doing so
will prevent harm to someone or illegal activities.</p>
<p>Our categories of service providers and partners are:</p>
<ul>
<li>Hosting/infrastructure/storage providers</li>
<li>Payment processors</li>
<li>Analysis tools providers</li>
<li>Customer Support tools providers</li>
<li>Marketing and email providers</li>
<li>Recruiting tools providers</li>
<li>Internal communication tools providers</li>
</ul>
Business Transfers
<p>We may disclose your personal data to any member of our group of
companies (this means our subsidiaries, our ultimate holding company
and all its subsidiaries) insofar as reasonably necessary for the
purposes, and on the legal bases, set out in this policy.</p>
<p>In the case where we are involved in a merger, acquisition,
bankruptcy, reorganization or sale of assets such that your
information would be transferred or become subject to a different
privacy policy, we will notify you in advance and give you the option to delete your data before the transfer.</p>
International transfers of your personal data
<p>In some circumstances your personal data may be transferred to
countries outside the European Economic Area (EEA).
You acknowledge
that personal data that you submit for publication through our website
or services may be available, via the internet, around the world.
We
cannot prevent the use (or misuse) of such personal data by
others.
For information about what types of content you as a user is
responsible, see this
Terms of Service.</p>
<p>We and our other group companies have offices and facilities in
Norway, Sweden, United States.
The hosting facilities for Account
information stored by Whereby are situated in Ireland.
The hosting
facilities for Usage information are situated in Ireland and the
United States.
Transfers to the United States will be protected by
appropriate safeguards, namely the use of standard data protection
clauses adopted or approved by the European Commission, a copy of
which can be obtained from
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.</p>
Retaining and deleting personal data
<p>Personal data that we process for any purpose or purposes shall not be
kept for longer than is necessary for that purpose or those purposes.</p>
<p>We will retain your personal data as follows:</p>
<ul>
<li>Transaction information will be retained for a minimum period of 5
years following date of the transaction, and for a maximum period of
10 years following the date of the transaction.</li>
</ul>
<p>In some cases it is not possible for us to specify in advance the
periods for which your personal data will be retained.
In such cases,
we will determine the period of retention based on the following
criteria:</p>
<ol>
<li>Account information, Room information will be retained until you
decide to delete your account or delete a room in Whereby.</li>
<li>Information about you used for Product &.
Marketing communication
will be retained as long as you have given us consent to use this
information.</li>
<li>The period of retention of usage information will be determined
based on the need for historical data to determine statistical
validity and relevance for product decisions and technical
monitoring.</li>
</ol>
<p>Regardless of the provisions above, we may retain your personal data
where such retention is necessary for compliance with a legal
obligation to which we are subject, or in order to protect your vital
interests or the vital interests of another natural person.</p>
Changes to this policy
<p>We can change these Terms at any time.
We keep a historical record of
all changes to our Terms on
GitHub.
If a change is material,
we’ll let you know before it takes effect.
By using Whereby on or
after that effective date, you agree to the new Terms.
If you don’t
agree to them, you should delete your account before they take effect,
otherwise your use of the Service and Content will be subject to the
new Terms.</p>
Managing and deleting your personal information
<p>If you have a Whereby account, you can access, modify or export
your personal information, or delete your account in
Settings.
If you delete your
account, your information and content will be unrecoverable after that
time.
You may instruct us at any time not to process your personal
information for marketing purposes, by adjusting your Privacy
settings).
We may withhold
personal information that you request to the extent permitted by law.</p>
Your rights
<p>As an individual you are granted rights according to the applicable
data protection law:</p>
<ul>
<li>The right to access to your personal data</li>
<li>The right to rectification of your personal data</li>
<li>The right to object to and restriction of our processing of your
personal data</li>
<li>The also right to be forgotten.
erasure of your data.</li>
<li>The right to data portability.</li>
</ul>
<p>If you have provided your consent to your processing of personal data,
you may also withdraw your consent at any time, on our Settings >.
Consent page.</p>
<p>The rights are not absolute, and you may read more about your rights
in the EU general data protection regulation Chapter III, or at
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en</p>
<p>To exercise your rights or if you otherwise have any questions
regarding our processing of your personal data, we encourage you to
contact us as described below.
However, we also notify you that you
may raise complaint to a data protection authority.
As a Norwegian
company, Whereby uses the Norwegian Data Protection Authority
(Datatilsynet) as a supervising authority.
You may find further
information on their website: https://www.datatilsynet.no/.
You may
contact your national/state supervisory authority, but Whereby will
retain the Norwegian Data Protection Authority as our lead supervisory
authority.</p>
Data protection officer
<p>Our data protection officer's contact details are: Arne Gleditsch,
privacy@whereby.com</p>
<p>To learn more, visit the
Privacy section in our FAQ.</p>
<p>For any questions about this privacy policy, please contact
legal@whereby.com.</p>About<ul>
<li>About us</li>
<li>Our vision</li>
<li>Careers</li>
<li>Press</li>
</ul>Sales<ul>
<li>Pricing</li>
<li>Pro</li>
<li>Business</li>
<li>Embedded</li>
</ul>Social<ul>
<li>Blog</li>
<li>Twitter</li>
<li>LinkedIn</li>
<li>Instagram</li>
<li>Facebook</li>
</ul>Support<ul>
<li>Getting started</li>
<li>Support Center</li>
<li>Terms of Service</li>
<li>Cookie Policy</li>
<li>Privacy Policy</li>
<li>Sitemap</li>
</ul>Get in touch<ul>
<li>Contact Sales</li>
</ul>