Privacy Policy 24 sessions
Latest update: September 2020
Documents
Contents
Introduction
Who are we and what do we do?
We are 24sessions.com B.V. (“24sessions”). We provide products and services to service providers, which enables them to use video calling as a customer interaction channel (“Services”). You can find more information about our Services on the website: www.24sessions.com (“Website”). This privacy policy applies to the use of our Website and the Services we provide. Please refer to our Data Processing Addendum for all details of Data Processing
What is this?
This is a Privacy Policy. In this document we explain what type of personal data we collect through our Website and Services. We also explain what purposes we use the data for, how we secure them and how we store them. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal information. If you give us personal information, we will treat it according to this policy.
This policy covers all 24sessions websites, (sub)domains, mobile applications, and desktop clients and is applicable worldwide.
Privacy and Relevant Legislation
24sessions is committed to protecting your privacy. We comply with the new General Data Protection Regulation (“GDPR”) which replaced the different privacy laws in European member states as per 25 May 2018. This legislation will hereinafter be referred to as the “Relevant Legislation”.
What are ‘Personal Data’?
Personal data refers to all the information that could allow you to be directly or indirectly identified. This definition is in accordance with the Relevant Legislation. This is a broad definition: even dynamic IP addresses are considered to be personal data in some circumstances.
Our Position as Data Processor and Data Controller
We collect and process several personal data from our customers and website visitors, for the use of our Services and Website. We define the purpose and means of such processing of personal data, which means we act as “Data Controller” within the meaning of the Relevant Legislation.
We also collect and process personal data on behalf of our customers within the context of our Services (i.e. the personal data customers use and upload in their own environment within the Services). In such case, our customers define the purpose and the means of such processing of personal data and act as Data Controller within the meaning of the Relevant Legislation. We only process such personal data following the instructions of our customers and not for our own purposes. Within this context we therefore act as “Data Processor” within the meaning of the Relevant Legislation.
What personal data do we collect and how do we use them?
As Data Controller we collect and process the following personal data:
(Personal) data:
Purpose(s):
Legal ground(s):
We use this information to:
Contact our customer and keep our customer updated on information regarding the Services and the contract;
Keep our customer up to date on the latest software updates, software upgrades and system enhancements;
Send customer newsletters about product announcements. Customer may unsubscribe or opt-out at any time by unsubscribing in the email footer.
Process the invoices and payments form our customers;
Keep a financial administration.
We need this information to perform the contract with our customer.We have a legitimate interest to keep our customer updated on information regarding the software, system and product announcements.We are also legally obligated to keep a financial administration for the benefit of the national tax authorities.
We use this information to:
Provide the ability to create personal profile areas and view protected content;
Provide and manage your access to our Services;
Provide support, customer feedback and assistance for our Services;
Conduct questionnaires and surveys in order to provide better Services to our customers and end users. Your completion of any questionnaires is voluntary.
We need this information to perform the contract with our customer, i.e. to give the users access to the Services and provide support and assistance.
We have a legitimate interest to perform questionnaires, in order to improve our Services.
We use this information to:
Give the guest access to the Services.
We need this information to perform the contract with our customer (i.e. to enable users to interact with guest via the Services).
As Data Processor we may collect and process personal data on behalf of our customers. This contains the personal data that is shared between users and guest via the Services and personal data from users and guests after the session has ended (such as recordings, reviews and wrap-ups). We do not process these personal data for our own purposes, but strictly on behalf of our customers in accordance with the Data Processing Addendum between 24sessions and our customer.
How long do we keep the personal data?
As Data Controller:
As Data Controller, we remove the personal data as soon as they are no longer necessary for the purposes stated above. Therefore, we will at least retain your personal data as long as your personal data is needed to provide the Services to you. Users can adjust several retention periods for specific data in their account themselves.
As Data Processor:
As Data Processor we store the personal data for our customers as long as the customer in question uses our Services and uses the personal data within such context. If the cooperation with the customer ends, we will remove or destroy the personal data and all their copies, unless we are held by law to store the data for a longer period.
Do we share your Personal Data with others?
We use the services of several external service providers, that assist us in processing the personal data (“Data Controllers”). We use these Data Processors in our role as Data Controller and also in our role as Data Processor (in which case the external service provider is classified as a “Sub Data Processor”).
The categories of (Sub) Data Processors we may use are for instance: hosting-, storage- and support providers and parties providing services in the field of content delivery, reviews and incident tracking & resolution.
As Data Processor, we process the personal data on behalf of our customers only according to their instructions. We will never share these personal data with a Sub Data Processor, unless our customers order us to do so.
The (Sub) Data Processors must strictly follow our instructions and those of our customers regarding the processing of such personal data. Therefore, they will not use the personal data for their own purposes. We will ensure that all (Sub) Data Processors comply with the requirements of the Relevant Legislation.
Apart from the above, we will not share your data with third parties – unless we are legally obliged to do so.
Data Export outside the European Union
We may transfer personal data to parties outside the EU, if our customers ask for this or if one of our (Sub) Data Processors is established outside the EU. The personal data will only be transmitted to countries and/or parties offering an adequate level of protection which meets the European standards.
Transfer of data outside the EU will always be in accordance with the Relevant Legislation (Chapter 5 of the GDPR).
General (non-personal) Data
By providing our Services, we also collect non-personal data. This means that the data does not include any personal data (anymore), because no identification can take place on the basis of the data. We may use such non-personal data for analytical purposes and improving our services.
How do we protect the Personal Data?
24sessions is committed to protecting the personal data you share with us. We utilize a combination of industry-standard security technologies, procedures, and organizational measures to help protect your personal data from unauthorized access, use, change, destruction or disclosure. We take the following technical and organizational measures to protect the data:
Encrypting data in transer through Security Socket Layer (SSL);
Encrypted data in rest with AES-256;
Mandatory encryption for all data sent over public networks; and
24sessions is certified according the ISO 27001 standard.
Cookies
We may use cookies on our Website. In this respect we act as Data Controller. A cookie is a simple small text file that can be stored in your computer when visiting the Website. This text file identifies your browser and/or computer. When visiting our Website again, the cookie ensures that our Website recognizes your browser or computer.
In our Cookie Policy, you can read which cookies 24sessions uses and for what purposes.
Third Party Websites
While navigating the Website or using the Services you may be directed to content or functionality that is hosted by a third-party supplier. We have no control of the content or the links which appear on said websites and we are not responsible for the practices of websites linked to or from our Website. Furthermore, these websites, including their content and links, may constantly change. These websites may have their own privacy policies, user conditions and customer policies. Browsing and interaction on any other website, including websites linked to or from our Website, are subject to the terms and conditions of such website.
When information is collected on behalf of 24sessions exclusively, 24sessions privacy policy will be referenced and will govern how your information is used.
Amendments of this Privacy Policy
We are constantly looking for ways to improve our Website and Services. Therefore, 24sessions may update this privacy policy from time to time. We will post a notice on this website whenever this privacy statement is materially changed.
Your rights and our contact data
As described in the Relevant Legislation, you have the right to:
Ask us to correct and update your data;
Ask us to remove your data from our data records, without stating any reason;
Ask us for a copy of all personal data we processed of you. We may also forward this copy to another data manager at your request;
Withdraw your consent for processing your data. This does not affect the validity of the processing before the moment you withdraw your consent;
File an objection with us to the processing of your data;
File a complaint with the Personal Data Authority, if you believe that we process your data unlawfully.
If you have any additional questions about 24sessions collection and storage of data, please contact us through the contact data below.
24sessions.com B.V.
Hoogoorddreef 54D
1101 BE Amsterdam
T: (+31) 020 210 1229
E: support@24sessions.com
Chamber of Commerce number: 64312100
