Data Protection Information for Clients


Streamnet Ltd. Co., Videosquare Ltd., and Teleconnect Ltd., (hereinafter: Companies) as data controllers and data processors, hereby inform their customers (hereinafter: data subject) that they respect the data subjects' right to their personal data, therefore during the data process the above companies act in compliance with their policy of the data process and data protection (hereinafter: Policy). The Policy in force at any time shall be available at the office of the Companies in paper and electronic format. For the understandable notice the data controller provides the present abbreviated information for their Customers and other affected parties based on its Policy. Present information forms the appendix of the Policy.

Present information on data controlling (hereinafter: Information) contains the rights and obligations and other relevant provisions in connection with the visits of the internet websites https://www.streamnet.hu, https://videosquare.eu (and their subdomains providing corporate services, eg. https://<customer>.videosquare.eu) and http://www.teleconnect.hu (hereinafter: Websites) provided by Streamnet Ltd. Co., Videosquare Ltd., and Teleconnect Ltd. (hereinafter: Providers).

1 Definitions

Customer/Corporate Customer: Corporate customer is eligible to use services under a service agreement contract signed with the Providers.

Customer User (user): Customer User is a user of a Corporate Customer having a valid service agreement contract with the Provider. Companies operate as data processors in this specific case.

User: Private person directly using public services of the Providers (not covered by any service contract with a Customer)

Visitor: Visitor of Website

Participant: Customer User or a User taking part in an audio/video conference call established through conferencing services offered by Providers.

Cookie: “cookie” is a set of data stored by the Visitor's browser program and computer, sent by the Website (server) in order to support its operation. Cookies are not harmful to the computer of the Visitor, the Visitor may decide about accepting them or simply stop browsing the Website.

Personal data: means any information related to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Consent of the Data Subject: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2 The legal basis and purpose for the data processing

2.1 Streamnet Ltd. Co.

2.1.1 www.streamnet.hu

Website: https://www.streamnet.hu/

General informational website of Streamnet solutions/products. No login, no personal data storage or collection.

Contact page: https://www.streamnet.hu/en/contacts/

Customer contact request page, where the Visitor may send messages to the Company after providing a name, an e-mail address, a company name and a phone number. After the request submitted an internal email is generated and sent to responsible Company staff including the provided contact details.

Support request page: https://www.streamnet.hu/en/support/

Technical support request page for Customers with a valid service contract (SLA). After submitting name, company name, address (company), e-mail address, phone number an internal mail is generated and sent to responsible Company staff including the provided contact details.

purpose of data processing

GDPR Article 6 (1) points a. and b. (consent of the data subject, fulfilment of the contract)

categories of data subject

·    Visitors requesting contact

·    Users submitting an error report

range of personal data

name, e-mail address, phone number, company

data transfer to third parties

no

data transfer to abroad

no

data preservation time

2 years

security measures

The level of the technical security measures is is high

 

 Cookie management

When the Visitor visits the Website, the Service Provider does not collect any personal data.  The Service Provider processes the available anonymous information to improve the content of the site, also to collect statistics on visitors. During this process the Provider may use so called “cookies”, which can support these activities.

Further information on the cookies managed by the website is available at the https://www.streamnet.hu webpage.

2.1.2 Videoconference service

Website: https://join.streamnet.hu

The Company provides videoconferencing services to its Customers available in a regulated, secured manner and available through the internet.

The video image transmission used during the services is suitable solely for transmission of facial portrait-profile (moving portrait) and voice. The transmission is two-way, low-latency, suitable for a conference call. The service is not suitable and does not facilitate any sort of recognition and management of biometric data.

Service provisioning: As part of a valid service contract concluded with a Customer.

Access to the service: The conferencing service may be used with a browser (technology based on WebRTC), or by standard meeting room videoconference equipment (H.323/SIP) commonly available at companies.

Management of Users: Employees of the Customer and business partners chosen by the Customer may have access to the service. Company provides a certain number of “virtual videoconference rooms” and call termination capacities (maximum number of concurrent calls) defined by the service contract between the parties. Virtual rooms are protected by PIN codes which are distributed to the Customer. During the login process a name must be provided to be shown in the list of conference participants. Further personal data is not collected nor processed.

Recording and live streaming: According to the request of the Customer recording and/or live streaming of the conference call may take place. The addressed Users (viewers) is controlled by the Customer using service website at https://videosquare.eu or in case of a private cloud installation specifically at the on-premise service deployed in Customer’s network (see Videosquare Ltd.). Preservation time of recordings and availability to specific groups of users are defined and controlled by the Customer using a media management interface (browser).

Notice: When the service is used by a Customer's employees and partners it is the sole responsibility of the Customer to inform its employees and partners and to acquire the required data processing consents from them.

purpose of data processing

GDPR Article 6 (1) points a. and b. (consent of the data subject, fulfilment of the contract)

categories of data subject

·    Participants using the videoconference services

·    With registration

range of personal data

name, facial portrait, profile, voice

data transfer to third parties

no

data transfer to abroad

no

data preservation time

Recording is initiated by Customer. No recording is taken by default. The Customer is entitled and capable of specifying preservation time of the recorded data. Although, after 10 years the necessity of preserving stored recordings is reviewed.

security measures

The level of the technical security measures is high

 Cookie management

When the Visitor visits the Website, the Service Provider does not collect any personal data.  The Service Provider processes the available anonymous information to improve the content of the site, also to collect statistics on visitors. During this process the Provider may use so called “cookies”, which cookies support these activities.

Further information on the cookies managed by the website is available at the https://www.streamnet.hu webpage.

2.2 Teleconnect Ltd.

2.2.1 teleconnect.hu

Website: http://www.teleconnect.hu/

General informational website for Teleconnect services. No login, no personal data storage or collecting.

Cookie management

When the Visitor visits the Website, the Service Provider does not collect any personal data.  The Service Provider processes the available anonymous information to improve the content of the site, also to collect statistics on visitors. During this process the Provider may use so called “cookies”, which cookies support these activities.

Further information on the cookies managed by the website is available at the http://www.teleconnect.hu webpage.

2.2.2 Audio call conference service

Website: -

The Company provides phone call conferencing services to its Customers in a regulated manner using the public telephone network. The service is available through calling a Hungarian phone number.

The service based on voice transmission. The communication is two-way, data transmission is done using the public switched telephone network. The service is not suitable for recognition and management of biometric data.

Service provisioning: As part of a valid service contract concluded with a Customer.

Access to the service: by using a telephone device.

Management of Users: Employees of the Customer and business partners chosen by the Customer may have access to the service. Company provides a certain number of “virtual conference rooms” and call termination capacities (maximum number of concurrent calls) defined by the service contract between the parties. Virtual rooms are protected by PIN codes which are distributed to the Customer. No personal data is collected.

Recording: No recording is made.

Notice: When the service is used by a Customer's employees and partners it is the sole responsibility of the Customer to inform its employees and partners and to acquire the required data processing consents from them.

purpose of data processing

GDPR Article 6 (1) points a. and b. (‘consent’ of the data subject, fulfilment of the contract)

categories of data subject

Participants using audio call conferencing services

range of personal data

voice

data transfer to third parties

no

data transfer to abroad

no

data preservation time

no preservation

security measures

The level of the technical security measures is high

2.3 Videosquare Ltd.

2.3.1 videosqr.com (landing page)

Website: https://videosqr.com

Videosquare software solution/service landing page (informational website). No login, no personal data storage or collection.

Cookie management

When the Visitor visits the Website, the Service Provider does not collect any personal data.  The Service Provider processes the available anonymous information to improve the content of the site, also to collect statistics on visitors. During this process the Provider may use so called “cookies”, which cookies support these activities.

Further information on the cookies managed by the website is available at the https://videosqr.com webpage.

2.3.2 videosquare.eu (service website)

Website: https://(*).videosquare.eu/

Videosquare is an own-developed corporate video streaming platform product used by corporations to publish and manage self-produced live video streams and recordings (lectures, trainings, informational materials etc.). The platform is capable of handling live streaming content and on-demand recordings, allows publishing of documents and user comments. The product has two approaches:

Public cloud: Service provided through the internet and is operated on the infrastructure (servers, storages) of Videosquare Ltd. Customers receive a virtually separated video portal as a service (eg. https://videosquare.eu and https://<customer>.videosquare.eu etc.) within which the Customer can manage its content and users.

Data removal: Customer is entitled to decide about any data removal requested by a third-party. Removal action is delegated to the Customer's staff responsible of administrating media assets.

Management of personal data of Users: Customer may require a general password expiry and personal data anonymization time on user passwords. After the password expired and anonymization time is reached personal data will be anonymized in the system.

Storage of personal data: in database. The password is not stored as plain text, it is encrypted using a one-way hash algorithm.

Private cloud: A private cloud system is an on-premise implementation of the service created and operated on the Customer's own network and server infrastructure. The service is implemented according to the Customer's IT and internal policy. No external data storage or forwarding takes place.

Data removal: Customer is in control of all the media and personal data and may decide about any data removal request.

Authentication of users: implemented as a built-in function or based on Customer's central directory (such as an Active Directory database). In the latter case, data is forwarded from the Customer to the Company acting as a data processor in this case.

Storage of personal data: in database. The password is not stored as plain text, it is encrypted using a one-way hash algorithm.

Other comments:

During on-site events recording, mass recordings and supplemental footage may be taken. At the recording location an appropriate warning sign shall be placed that informs event participants that video recording may happen. The Company requires the presenters and other contributors of the event to sign a consent regarding video image recording. In case the service is delivered to a Customer as part of a service agreement the Customer is responsible to acquire a signed consent from the involved parties.

purpose of data processing

GDPR Article 6 (1) points a. and b. (consent of the data subject, fulfilment of the contract)

categories of data subject

·    Presenters, contributors recorded at the events

·    Customer Users, Users

range of personal data

·    Performers: facial portrait, profile, voice, name

·    Customer Users: last and first name, e-mail address, IP address, content history

data transfer to third parties

no

data transfer to abroad

no

data preservation time

In case of recordings the Customer is entitled to determine the period of preservation with respect of the service agreement contract. After 10 years the cause of preservation may be reviewed. In case the contract is terminated, data preservation period is a maximum of 6 months.

In case of users Customer may set a general password expiry period (X days) and automatic user inactivation when expiry period is reached. Customer may also determine a personal data anonymization period (Y days) that will trigger purge of personal data belonging to an inactivated user. Preservation time will be X + Y days.

security measures

The level of the technical security measures is high

Cookie management

When the Visitor visits the Website, the Service Provider does not collect any personal data.  The Service Provider processes the available anonymous information to improve the content of the site, also to collect statistics on visitors. During this process the Provider may use so called "cookies", which cookies support these activities.

Further information on the cookies managed by the website is available at the a https://videosquare.eu webpage.

3 Data processors

The Company does not employ an external data processor. There is no data transfer to third parties.

4 Rights of data subjects

Upon request of the data subject the data collector provides information: about the data processed by him/her, about the categories of the personal data, about the purpose of the data processing, the period of time of the data process, the time of the storage of the data, or if it is not possible, then the consideration concerning the determination of this period of time, if the data were not collected by the data subject then all the available information of its source, the data of the data processor. If a data processor was used, the circumstances of the personal data breach, its effects, and the measures taken to its parry, furthermore, in case of transfer of the personal data of the data subject, the legal basis, purpose and addressee of the data transfer have to be provided to affected data subjects.

The data subject may request access to the personal data relating to him/her, the correction of his/her personal data, the deletion, and the restriction of the data process, furthermore the data subject has right of portability concerning his/her personal rights.

The data subject is entitled to receive information, entitled to get to know the personal identification data connecting to him/her, may look into the documentation, may make copies of them for his/her cost.

If the data subject does not agree with the decision of the data processor, or the data processor fails to meet a deadline replying, then entitled – within 30 days – to take legal actions.

The data subject is entitled to make a complaint on the following contacts:

Nemzeti Adatvédelmi és Információszabadság Hatóság

Address: 22/c Szilágyi Erzsébet fasor, 1125 Budapest, Hungary

Telephone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

Website: http://www.naih.hu

E-mail: ugyfelszolgalat@naih.hu

5 Contact

Email: info@streamnet.hu, info@videosqr.com

Address: 182 Váci út, 1138 Budapest, Hungary

Telephone: +36 (1) 412 3000

Budapest, 05.01.2018.