VidyVault (“we”, “us” or “our”) highly values your privacy. This Privacy Policy (“Policy”) sets out how we collect, use and protect your personal data when you access and use the services and software (“Services and Software”) made available by us to organizations or persons (“Customers”, “you” or “your”) who acquire the Services and Software for use by their authorized users (“users”, each, a “user”). If you use other services and products offered by us or interact with us through other channels, the respective terms and privacy policies of those products and services will apply.
This Policy includes the following provisions:
1. Data Controller, Data Processor or Similar Roles
2. Collection and Processing of Personal Data
3. Legal Bases for Collection and Processing of Personal data
4. Cookies and Similar Technologies
5. Third-party Products and Services
6. Disclosure of Personal Data
7. International Transfer of Data
8. Data Retention
9. Data Subject Rights
10. Restriction on Use by Minors
11. Data Security
12. Changes to this Policy
13. Contact Us
The Services and Software allow Customers and users to use our self-hosted video conferencing solution and related features. Customers determine what information we and others can access and use. If you are the Customer’s authorized user or a participant who the Customer or their authorized users invite to join meetings and webinars hosted on the Customer’s account, the Customer serves as the “data controller” (or a similar role) of data processed by the Service and Software under this Policy. The data set out in the table below is accessible to the Customer and is subject to the Customer’s policies regarding access, use, monitoring, deletion, preservation, and export of information associated with the Service and Software.
In jurisdictions that distinguish between data controller and data processor, (i) we are the data controller for personal data processed to administer, manage, and improve the Services and Software and customer relationship, and (ii) we are the data processor for personal data processed by the Services and Software solely to provide their functionality.
The table below lists the types of personal data that may be collected any processed by us and describes the circumstances and purposes in and for which we may collect and process personal data:
| No. | Types of Personal Data | Purpose of Processing |
| (a) | Account information:information associated with an account of the Services and Software, including account ID, administrator name, contact transaction and payment information, and account plan information. | Help you register, log into and manage your account. |
| (b) | User and participant information:name, email address, phone number, password, and profile picture (optional). | Only the user and participant information made available to us by you will be processed by us in order to:Provide you with the Services and Software;Deal with technical issues; andRespond to customer support requests. |
| (c) | Customer content and data:meeting recordings (only applicable if enabled), transcriptions of meeting recordings (only applicable if enabled), uploaded files (only applicable if enabled), and chat messages (only applicable if enabled). | Only the customer content and data made available to us by you will be processed by us in order to:Provide you with the Services and Software; andDetect and prevent illegal or other harmful activities and violations of our terms or policies, and for other security reasons. |
| (d) | Host and usage information:IP address, operation system type and version, actions taken, meeting session information (including date and time, network activity and network connectivity), number of meetings, number of scree-sharing and non-screen-sharing sessions, number of participants, and meeting title. | We collect and use your IP address to grant you the license to use the Services and Software. Other than that, only the host and usage information made available to us by you will be processed by us in order to:Provide you with the Services and Software;Deal with technical issues;Respond to customer support requests; andConduct analysis for Customers. |
If you provide information on behalf of someone else, please ensure that you have their permission and have provided them with this Policy before doing so.
We only process personal data where there is a legal basis permitted by the applicable law. The legal basis will depend on the context and purpose for which we process personal data, which may include:
(1) Consent: certain personal data will be collected and processed when the informed consent has been given to us. The consent may be withdrawn at any time but this will not affect the validity of the processing activities prior to the withdrawal.
(2) Contractual necessity: it is necessary for us to collect and process certain data to enable us to enter into a contract with you and perform our contractual obligations.
(3) Fulfilment of legal obligation: we may be required by the applicable law to collect and use personal data to comply with our legal obligations under the applicable law.
(4) Legitimate interests: in certain jurisdictions we may rely on legitimate interests to collect and use personal data to operate and improve our business.
(5) Other: we may also collect and use personal data based on other legal bases under the applicable law.
Cookies and similar technologies may be used to deliver essential and additional functions of the Services and Software.
Please see our cookies policy for more information.
The Services and Software may include links to third-party products and services. Clicking on those links may allow users to visit third-party’s products and services. How those third parties collect and use personal data will be governed by their respective privacy policies.
6.1 We may disclose personal data to our affiliates for the purposes stated in this Policy.
6.2 We may engage a data processor or sub-processor to process personal data for the purposes of this Policy, in which case we will request the data processor or sub-processor to keep the personal data in strict confidence and only process the personal data to the extent it is necessary to perform its contractual or statutory obligations.
6.3 We may disclose personal data to third parties to whom we may choose to sell, transfer or merge our business or our assets, in which case the new owner will assume all our rights and obligations in this Policy.
6.4 We may disclose personal data for the purposes of national security, law enforcement, or public interests.
6.5 We may also disclose personal data to other third parties where the consent has been given to us or when required or permitted by applicable law.
7.1 The personal data is currently stored in Singapore. We may also choose to store personal data on a local server or a server located in a foreign jurisdiction depending upon our IT configurations, which may be adjusted from time to time due to regulatory requirements or our business needs.
7.2 If personal data is stored on a server in a foreign jurisdiction, we will take organizational and technical measures to keep such data secure and give such data a level of protection which is comparable to the level of protection required by the law of the jurisdiction where you reside.
8.1 Customer determines the retention period and retention policies for personal data processed by the Service and Software under this Policy for which Customer is the data controller.
8.2 We will only retain personal data for which we are the data controller for as long as necessary to fulfil the purposes set out in this Policy or as required by law. Upon the expiration of the retention period, we will delete or anonymize the personal data.
9.1 Users whose personal data is processed by the Services and Software may have certain legal rights in relation to processing of their personal data, which may include:
9.2 If you wish to exercise any of the above rights, please contact us at support@vidyvault.com.
9.3 Unless otherwise provided by applicable laws, we will generally reply to you within 15 days of receipt of your request for excising the above rights.
9.4 The above rights may only apply in limited circumstances under the applicable law and if we decide not to respond to your claim for the above rights, we will explain the reason in writing. If you disagree with the decision, you have the right to report and lodge a complaint to the supervisory authority.
Our Services and Software are not intended for use by persons younger than the age of consent in the relevant jurisdictions (“Minors”). You may not authorize Minors to access and use the Services and Software.
11.1 We are committed to keeping personal data secure. We take appropriate organizational and technical measures in accordance with applicable laws to ensure that personal data is adequately protected against unauthorized access, loss, alteration, and unlawful disclosure.
11.2 In the case that a data incident occurs, we will take immediate actions to contain its impact and investigate the cause of the incident. If we are required to notify you or any supervisory authority under the applicable law, we will notify the relevant parties pursuant to the requirements.
This Policy may be changed from time to time and we will notify you of the updated Policy by posting it on our website.
If you have any questions about this Policy, including any requests to exercise your legal rights, please contact us at support@vidyvault.com.