Privacy Notice
Blindside Privacy Notice
Blindside Networks Inc. (“Blindside”, “we”, “us”, “our”) are the creators of BigBlueButton, a virtual classroom that is freely available under an open-source license to any organisation in the world.
We provide host BigBlueButton software as a service for customers world-wide, primarily in the educational market for teaching virtual classes (our “Services”).
We are committed to protecting and respecting your privacy. That is why we encourage you to read our Privacy Notice (the “Notice”) before using our Services.
“Personal Data” means any information that relates to an identified or identifiable individual and can include information about how you engage with our Services (e.g. name, contact information, device information, IP address). This Notice together with any disclaimers sets out how your Personal Data will be processed when you use our Services.
For the purpose of the Data Protection Laws:
- Blindside Networks Inc is the data controller when we act as a service provider.
- Blindside Networks is a data processor when we process data on behalf of our customers, the data controller.
If you have any questions in relation to this Privacy Notice, or wish to exercise your rights relating to it, please contact our DPO at privacy@blindsidenetworks.com.
1. Why do we process Personal Data?
We generally collect, use, and disclose (“process”) your Personal data to provide access to our Services. Our processing activities may vary based on our relationship, as described below.
a. Representatives
When you are acting on behalf of a company who is an existing or potential client (“Business User”), we refer to you as a “Representative”. Generally, we collect the Personal Data of Representatives to manage our relationship with Business Users and provide them access to our Services. For more information on how we process the Personal Data of Visitors, please see the table below:
Category of Personal Data | Examples of Personal Data | Means & Purpose of collection |
Contact Data | Name, email address, phone number, employer, job title, credentials | We collect this data when you inquire about our Services and when you complete the registration form on our website. We will use this data to establish and maintain our relationship with the Business User. We may also collect this data when you email us at support@blindsidenetworks.com to provide you with customer support and improve our Services. If you subscribe, this information will also be used to notify Business Users of any issues that may affect our Services. Finally, we may collect this data when you subscribe to our marketing communications, enabling us to provide you with promotional content regarding our Services. |
b.End Users
When you use our Services we refer to you as an “End User”. Generally, we collect the Personal Data of End Users for account creation and to provide access to our Services. For more information on how we process the Personal
Data of End Users, please see the table below:
Category of Personal Data | Examples of Personal Data | Means & Purpose of collection |
Account information | Name, email address, profile photo, user ID | We collect this data when you complete the registration form on our website or the website of Business Users. We may also collect this data directly from Business Users (namely from educational institutions who provide information about their students). This information will be used to create your account with Blindside Network. |
Identification data | Name, User ID, profile photo, IP address | We collect this data when you join virtual classes, tutoring sessions, online office hours, and other live sessions (“Session”). We will use this data to host our Services. |
Contact Data | Name, email | We may collect this data when you email us at support@blindsidenetworks.com to provide you with customer support and improve our Services.
In addition, we may collect this data when you subscribe to our marketing communications, enabling us to provide you with promotional content regarding our Services. |
Attendance information | Name, user ID, meeting ID, profile picture, content shared during Sessions, IP address | During Sessions, if enabled by the Business Users, we will collect this data to prepare attendance reports for Session moderators and Business Users. |
Analytics data | Name, Session content, Session interactions, browser, operating system, | We will collect this data when you use our Services to provide Session moderators and Business Users with insights regarding your Session participation and attendance. |
Audio recordings | Speech, Session content | We may collect this data during Sessions to offer live speech-to-text subtitles and transcriptions. |
Session Recordings | Likeness, speech, Session content | We may collect this data to store and index Sessions for later viewing.
This data may also be used to provide Session moderators and Business Users with insights on your participation.
Finally, this data may be used to improve the quality of our Services and troubleshooting. |
Technical Data | Name, User ID, Session interactions, IP address, browser, operating system, and audio quality score | We collect this data when you attend Sessions for debugging purposes. |
c. Visitors
When you access our website at https://blindsidenetworks.com/ (our “Website”) without being logged into we refer to you as a “Visitor”. Generally, we collect the Personal Data of Visitors to answer inquiries regarding our services. For more information on how we process the Personal Data of Visitors, please see the table below:
Category of Personal Data | Examples of Personal Data | Means & Purpose of collection |
Contact Data | Name, email address | We collect this data to respond to any inquiries regarding our Services. |
Technical Data | Date, time and duration of your visits on our website, imprecise location (country), the pages viewed, and links clicked on our website, your language preferences, browsing history, web pages that redirected you to our website, etc. | We collect this data using cookies and pixels on our website. This information allows us to compile aggregate data about traffic and interactions on our website in order to improve the experience on our website and to provide customized website experiences to our users. |
In all cases, we may also process your personal data to comply with our legal obligations.
2. Who do we share this information with?
We may share your Personal Data to provide you with our services. For example, our web hosting provider and our IT service providers.
In addition, we may disclose your personal information to third parties to comply with any legal obligation, to enforce or apply our terms of use or other agreements, as well as to protect our rights, property, or safety. This may include disclosing information with third parties for the purposes of fraud protection and credit risk reduction.
We may share your information with selected third parties including:
- Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you.
- Third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii)you ask us to share your information.
- Statutory and regulatory bodies (including central and local government) and law enforcement authorities in order to comply with any applicable laws, grant applications and / or court orders.
- Service providers who provide us with marketing including, Wi Fi services, website and online platforms, and subcontractors who provide a service to us, and sub processors.
Please see Schedule 1 for a list of some entities with whom your Personal Data is shared. For a complete list of entities with whom we may share Personal Data, please contact our DPO at privacy@blindsidenetworks.com.
3. Legal bases for processing Personal Data
Depending on the jurisdiction you are in, we may use different legal bases to process your information.
In Canada, we will rely on your consent.
In the European Economic Area, we rely upon a number of legal bases under the General Data Protection Regulation, including:
- Consent:We may process your Personal Data because you provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. When we rely on this legal basis, subject to applicable laws, you may withdraw your consent at any time by contacting our DPO at privacy@blindsidenetworks.com as described below.
- Contract:We may process your Personal Data to provide our Services and fulfilling our obligations to you, usually relating to a terms of service or partnership agreement.
- Legal Obligation:We may process your Personal Data to comply with our legal obligations; and/or
- Legitimate Interest:We may process your Personal Data where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:
- emergency contacts for people who work with us, such as employees and contractors for health and safety purposes;
- business development; or
- providing login systems to users via their existing social media accounts.
If you object to the processing of your Personal Data, you must be aware that it might not be possible for you to continue using our services.
We may also process sensitive and special category of Personal Data. We will process sensitive and special category personal data in accordance with applicable laws.
If you would like more details on the legal bases we rely upon to process your Personal Data, please contact our DPO at privacy@blindsidenetworks.com.
4. Your rights and choices
You may have choices regarding our processing of your Personal Data:
a. Opting in/out of receiving electronic communications from us.
Subject to applicable laws, we will rely on your consent to send electronic marketing communications. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails or by contacting our DPO at privacy@blindsidenetworks.com. Please note that you may still receive transactional communications if you opt-out of receiving marketing-related emails from us.
b.Your data protection rights.
Depending on your location and subject to applicable law, you may have certain rights regarding your Personal Data, including:
- The right to access Personal Data relating to you (‘access right’).
- The right to rectify/correct Personal Data relating to you (‘right to rectification’).
- The right to object to processing of Personal Data relating to you (‘right to object’).
- The right to restrict the processing of Personal Data relating to you (‘right to restriction’).
- The right to erase/delete Personal Data relating to you (i.e., the “right to erasure”) and
- The right to ‘port’ certain Personal Data relating to you from one organisation to another (‘right to data portability’).
Where our processing of your Personal Data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
These rights are not absolute and only apply in certain circumstances. You may exercise any of the above rights by e-mailing our DPO at privacy@blindsidenetworks.com.
You may also lodge a complaint with your local supervisory authority with respect to our processing of your Personal Data.
The local Supervisory Authority in Ireland where our GDPR Article 27 Representative is located is the Data Protection Commission. The website is www.dataprotection.ie. In Canada, the federal Supervisory Authority is the Office of the Privacy Commissioner of Canada.
Where our processing of your personal data is based on your consent to that processing, you may have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
5. Security and Retention
We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from loss and unauthorised access, use, or disclosure. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.
The transmission of information via the internet is not completely secure and may involve the transfer of Personal Data to countries outside of your region. This occurs typically through use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered to us through the Cloud. We do not however authorise any third party to use your Personal Data for their own purposes. Where applicable we comply with legal requirements providing adequate protection for the transfer of information to other regions. By submitting your Personal Data, you agree to this transfer, storing and processing.
We keep your Personal Data for as long as is necessary to accomplish the purposes outlined above and to comply with our legal obligations. If you no longer want us to process your Personal Data as described above, you can request that we erase your Personal Data and close your account with us. Please note that if you request the erasure of your Personal Data:
- We may retain some of your Personal Data as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
- We may retain and use your Personal Data to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting, and auditing obligations.
- Because we maintain our records to protect from accidental or malicious loss and destruction, residual copies of your Personal Data may not be removed from our backup systems for a limited period of time.
6. International data transfers
We will, from time to time, make use of services provided by third parties for the delivery of our services which may necessitate the transfer of Personal Data outside of your region. For example, we use a variety of cloud-based tools such as Amazon AWS. Where Personal Data needs to be transferred or processed outside of your region, we chose providers who process Personal Data on the basis of:
- Data Transfer Impact Assessment that demonstrate that your personal information will benefit from adequate levels of protection;
- SCC; and/or
- An Adequacy Decision from the European Commission.
7. Links to other sites
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data to those websites.
8. Social networks
We maintain active social network accounts. We embed widgets from these networks to provide follow buttons, like boxes and stream embeds. This will result in cookies being set by these networks while using our site. You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent.
9. Children’s Personal Data
We may process the Personal Data of children on behalf of data controllers who share this data with us in the context of our Services. In such cases, the data controller is responsible for ensuring compliance with all applicable requirements.
10. Jurisdiction-specific provisions and exercising those rights.
- Australia. If you are an Australian resident and you have any questions or concerns regarding how we process your Personal Data under this Notice, please contact our DPO at privacy@blindsidenetworks.com. You may also to contact the Office of the Australian Information Commissioner.
- UK. If you are a resident of the UK, and you have any questions or concerns regarding how we process your Personal Data under this Notice, please contact our DPO at privacy@blindsidenetworks.com or our Article 27 UK Rep, DPCSL Ltd., at ellis_dpcsl@outlook.com You may also contact the UK Information Commissioner’s Office.
- Switzerland. If you are a resident of Switzerland and you have any questions or concerns regarding how we process your Personal Data under this Notice or the Swiss Federal Act on Data Protection, please contact our DPO at privacy@blindsidenetworks.com.
- Brazil. If you are a resident of Brazil and you have any questions or concerns regarding how we process your Personal Data under this Notice or the Lei Geral de Proteção de Dados Pessoais, please contact our DPO at privacy@blindsidenetworks.com.
- Argentina If you are an Argentinian resident and you have any questions or concerns regarding how we process your Personal Data under this Notice, please contact our DPO at privacy@blindsidenetworks.com. You may also to contact the Argentinian data protection authority (AAIP)
United States - California.
If you are a resident of California and would like to exercise your right to request access to the personal information collected about you by Blindside Networks Inc, or would like to request that your personal information be deleted, as outlined in the California Consumer Privacy Act (CCPA), you may so initiate the process by e mail us privacy@blindsidenetworks.com. If you would like to be unsubscribed from Blindside Networks Inc marketing emails, please e mail us at privacy@blindsidenetworks.com.
Please note that Blindside Networks Inc does not and will not sell your information as such terms are defined in the CCPA. We respect your browsers Universal opt out signal.
YOUR CALIFORNIA PRIVACY RIGHTS
This document supplements the information contained in our Privacy Notice and applies solely to California Consumers, as defined by the California Consumer Privacy Act of 2018 (“CCPA”).
Information We Collect, Use, and Disclose.
Blindside Networks Inc collects, uses, and discloses Personal Information about California Consumers for business purposes only, and which are consistent with applicable laws. Where Blindside Networks Inc discloses Personal Information to third parties, it requires that they only use the personal information for the business purposes described below. It also requires that such parties maintain the personal information’s confidentiality, and that appropriate systems and processes are in place to ensure its security. Blindside Networks Inc does not and will not sell your Personal Information.
In addition to the uses set forth above, Blindside Networks Inc may use and share various categories of Personal Information to provide our service, see summary tables in section 1.
In addition, we may also use and share personal information :
- To comply with applicable legal and regulatory requests and obligations (including investigations).
- To establish or defend legal claims and allegations.
- For security or the prevention, detection, or investigation of fraud, suspected or actual illegal activity, or other misconduct.
- To seek advice from lawyers, auditors and other professional advisers.
Your Rights and Choices.
If you are a consumer located in California, we process your personal information in accordance with the California Consumer Privacy Act (“CCPA”). You have a right to receive notice of our practices at or before collection of personal information. This section provides additional details about the personal information we collect and use for purposes of CCPA. To the extent the CPRA applies to our processing of your personal information, you are entitled to the following rights:
- Right to Access/Know. You have the right to request what personal information we have collected, used, disclosed, and sold about you, unless doing so proves impossible or would involve disproportionate effort. You may only make a request for access twice within a 12-month period.
- Right to Deletion. You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions. For example, if we are required by law to retain the information that you are asking to be deleted, we would not be able to delete the information until we are legally permitted to delete it.
- Right to Correct. You have the right to correct inaccurate personal information that we collect or maintain.
- Right to Opt Out of Sale/Sharing. You have the right to opt out of the sale or sharing of your personal information to third parties. See our opt out icon
- Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your privacy rights under the CPRA.
Right to Limit Use of Sensitive Personal Information. You have the right to limit the use of your sensitive personal information when such use goes beyond that which is necessary for providing the Services or certain other permissible purposes like fraud, customer service or quality control. Sensitive information includes Social Security number, driver’s license number, biometric information, precise geolocation, and racial and ethnic origin.
If you are a California resident and wish to exercise your privacy rights, you may submit a request by email at privacy@blindsidenetworks.com.To exercise your right to opt out of the sale/share of your information via cookies, please visit our CMP tool on our website .
For requests submitted via telephone, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information and describe your request with sufficient detail to allow us to properly evaluate and respond to it. In doing so, we will take steps to verify your request by matching information provided by you with the information we have in our records. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information, including, for example, details of your relationship with us (e.g., nature of relationship, date of last contact, etc.).
Only you, or a person that you authorise to act on your behalf may make a request related to your personal information. If you are an authorised agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorised to act on behalf of that individual.
Access to Specific Pieces of Personal Information
You have the right to request the specific pieces of personal information we (and any third parties which are Service Providers to Blindside Networks Inc) have collected about you over the past 12 months.
Request for Deletion of Personal Information
You have the right to request that we (and any third parties which are Service Providers to Blindside Networks Inc) delete your Personal Information, subject to certain exceptions. These exceptions include:
- Completing the transaction for which we collected the personal information, providing a good or service that you requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise performing our contract with you;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities;
- Debugging products to identify and repair errors that impair existing intended functionality;
- Exercising free speech, ensuring the right of another consumer to exercise their free speech rights, or exercising another right provided for by law;
- Complying with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enabling solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Complying with a legal obligation;
- Making other internal or lawful uses of that information that are compatible with the context in which you provided it.
Exercising Your Access and Deletion Rights.
To exercise the rights described above, please submit a verifiable consumer request via e mail to privacy@blindsidenetworks.com. Please note that under the CCPA, you may only make such a request twice within a 12-month period. Blindside Networks Inc will respond appropriately within the required timeframes of the CCPA.
When you exercise these rights and submit a request to us, we will verify your identity by asking you to log in to your account if you have one with us. Or if you do not, we may ask for your email address and for instance an order number from a previous order. We also may use a third-party verification provider to verify your identity.
Marketing Opt-Out Requests.
Blindside welcomes your comments or questions regarding this Privacy Policy. Please e-mail us at privacy@blindsidenetworks.com or write to us at the following address:
Blindside Networks, Inc.
116 Albert Street, Suite 901
Ottawa, Ontario, K1P 5G3 CANADA
Non-Discrimination.
We will not discriminate against you for exercising your rights under the CCPA. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.
Other
US State Laws, as these emerge, please contact our
DPO.
Global
Privacy Control signals. We honor the Global
Privacy Control (GPC) opt-out preference signals.
If you have any questions or complaints,
please contact our DPO at privacy@blindsidenetworks.com.
11. Changes to this Notice
We reserve the right to change this Notice from time to time in our sole discretion. Subject to applicable laws, if we make any changes, we will notify you and post those changes here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it.
12. Contact Us
Questions, comments, requests and complaints regarding this Notice and your Personal Data we hold are welcome and should be addressed to our DPO at privacy@blindsidenetworks.com.
All requests will be dealt with promptly and efficiently.
If you have questions or wish to lodge a complaint about how your Personal Data is being processed by us (or third parties as described above), or how your complaint has been handled, you have the right to contact a supervisory authority and also our Data Protection Officer at privacy@blindsidenetworks.com.
Our Data Protection Officer may be contacted at privacy@blindsidenetworks.com.
Our EU Rep is Data Ocean Ltd trading as Data Compliance Europe
12 City Gate
Lower Bridge Street, Dublin 8
Ireland
Email: hello@datacomplianceeurope.eu
This Notice is effective from April 20th 2024
Schedule 1
We have set out below a list of some third parties with whom we share your Personal Data. A full list is available on request.
Third party name | Description of services provided |
Big Blue Button | Software provider |
Moodle | LMS |
AWS Amazon Web Services | Cloud Service Providers |
Digital Ocean
| Cloud Service Providers |
DocuSign
| Digital signatures |
Emails/document management/ Analytics | |
Baycloud Systems (Ireland) Ltd
| CMP Cookie tool |
Mailchimp | Email marketing
|
Mailgun | Email marketing |
Microsoft | document management |
Microsoft Azure | Cloud services |
Zendesk/ Zensell | Customer support |
Stripe | Payment services |
Dropbox | Document management |
QuickBooks | Invoicing |