List of active policies

Name Type User consent
Site Policy Site policy All users
Privacy Policy Privacy policy All users
Cookie Policy Other policy All users
Google Analytics Third parties policy All users
BigBlueButton Third parties policy Authenticated users

Summary

The Flowminder Foundation uses a Learning Management System (LMS) in support of GRID3 stated aims of capacity strengthening in GIS and the use, uptake and creation of spatial data. All users must agree and be aware of the Site Policy.

Full policy

Introduction

The Flowminder Foundation uses a Learning Management System (LMS) in support of GRID3 stated aims of capacity strengthening in GIS and the use, uptake and creation of spatial data. All users must agree and be aware of the Site Policy.

The http://learn.grid3.org GRID3 LMS website is built using moodle, a free open source software package designed using sound pedagogical principles, to help educators create effective online learning communities. Moodle is distributed under the GNU General Public License. The Moodle platform is hosted on secure servers and administered both internally by GRID3 staff and externally by Synergy Learning, who provide hosting and support services.

The Moodle platform provides a range of features for the delivery, support, administration and participation in teaching and learning activities. The features include content delivery and collaboration between tutors and learners, such as:

  • Content creation or upload;
  • Discussion forums and chat rooms;
  • Messaging tools;
  • Assignments;
  • Quizzes; and
  • Monitoring of users' online activity.

Other third party software and web services may also be linked to provide an integrated learning environment for staff, tutors and students. The GRID3 LMS websites are defined as the Flowminder Foundation implementation of the Moodle course management system and all other linked software tools for the support and delivery of teaching, learning and research at, by or in collaboration or consultancy with The Flowminder Foundation and associated partners in GRID3 in support of GRID3 activities.

Purpose of the Site Policy

The purpose of The GRID3 LMS website Site Policy is to specify user responsibilities and to promote the appropriate use of The GRID3 LMS website for the protection of all members of the administrative and teaching community at The Flowminder Foundation and associated partners in GRID3. The Site Policy applies both within and outside the Flowminder Foundation and associated partners in GRID3 premises.

Site Policy

Please note that users are defined as any persons or systems which access to the GRID3 LMS website and include all learner users attending short courses run at or by The Flowminder Foundation in support of GRID3 (detailed below) but also trainers recruited specifically to teach on GRID3 courses, and non-teaching staff employed by the Flowminder Foundation and associated partners in GRID3.

Generally, learner users will fall into 3 categories,

  • Visitors to the home page for the GRID3 LMS website, who choose not to log in as a Guest or Authenticated User. Visitors may not view any available learning materials courses or content without logging in as a Guest or as an Authenticated User.
  • Visitors who then register as Guests to the LMS, who then have access to any publicly available learning materials, courses and content.
  • Visitors who register as Authenticated Users of the LMS, who are enrolled onto available learning materials, courses and content. An authenticated user will have password access to available learning materials, courses and content they have enrolled or been granted access to.

Registration for Authenticated Users

All authenticated users must register to use the GRID3 LMS website. All authenticated users must agree to the GRID3 LMS website Site Policy, Cookie Policy, and Privacy Policy. These policies cover the whole period that the user is a member of the Moodle community at The Flowminder Foundation. On registration, users give their consent to The Flowminder Foundation's processing of their personal data via The GRID3 LMS website and to acknowledge the Privacy Policy, which provides information

Your Responsibilities

Users of The GRID3 LMS website must agree to:

  • Not use The GRID3 LMS website for anything else other than for the purposes of teaching, learning and research. However, incidental personal use, for example via the Moodle social forums, is acceptable.
  • Not use The GRID3 LMS website for personal commercial use, for example marketing.
  • Not use The GRID3 LMS website for uploading, storing, viewing or transmitting any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or offensive.
  • Not misrepresent the Flowminder Foundation and associated partners in GRID3 or bring it into disrepute in any way through the use of the GRID3 LMS website. Be responsible for moderating discussion forums which they may have created. Always act in a professional manner. Be polite and courteous to others when using The GRID3 LMS website. The GRID3 LMS website is not to be used to libel, slander, or harass any other persons. Follow the 3C’s- be curious, constructive and compassionate in your interactions with other users.
  • Report to the Site Administrator any content you consider inappropriate.
  • Not plagiarise in submitted postings or assignments.
  • Not breach the copyright of the Flowminder Foundation or any third party by copying any text, images, video or any other content from the GRID3 LMS website. Copyright of the course materials and content of the GRID3 LMS website are owned or controlled by the Flowminder Foundation and associated partners in GRID3 unless otherwise stated. Any copies of third party materials will be clearly labelled with warnings about any copyright restrictions.
  • Not redistribute the material downloaded from this site in any form. Ensure that any copyright material reproduced and loaded onto Moodle conforms with  the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0). All reproductions must be fully acknowledged. Material not conforming to these requirements will be removed.
  • Only attempt to access courses in which you are formally enrolled (i.e. those courses which you are attending as a registered student), or allow public access as a Guest User.
  • Always use your real identity, including your first and last name. Not disclose other people’s personal information on a public forum


Summary

This privacy notice tells you when and how Flowminder Foundation collects personal information for visitors to the GRID3 Learning Management System (LMS) website

Full policy

Website Privacy Notice

DataController:  STIFTELSEN FLOWMINDER, Regus Cumberland House, 15-17 Cumberland Place, Southampton, SO15 2BG, Email: gdpr@flowminder.org

How we use your information

This privacy notice tells you when and how Flowminder Foundation collects personal information for visitors to the GRID3 Learning Management System (LMS) website at http://learn.grid3.org . It contains information for:

  • Visitors to the home page for the GRID3 LMS website, who choose not to log in as a Guest or Authenticated User. Visitors may not view any available learning materials courses or content without logging in as a Guest or as an Authenticated User.
  • Visitors who then register as Guests to the LMS, who then have access to any publicly available learning materials, courses and content.
  • Visitors who register as Authenticated Users of the LMS, who are enrolled onto available learning materials, courses and content. An authenticated user will have password access to available learning materials, courses and content they have enrolled or been granted access to.

We explain: 

  • what data we process
  • what purpose we are processing it for
  • whether you have to provide it to us
  • how long we store it for
  • whether your data is accessed by other recipients
  • whether we intend to transfer it to another country,
  • and whether we do automated decision-making or profiling why we are able to process your information

The first part of this notice contains information that is applicable to everybody visiting our website.

Embedded links to other websites

This privacy notice does not cover the links embedded within the text contained on this website linking you to other websites. We encourage you to read the privacy statements on those and other websites that you visit.

Changes to this privacy notice

We regularly review our privacy notice. This privacy notice was last updated on 11th September 2019 (grammar and spelling edits were made on 15/06/2020).

Visitors to the home page for the GRID3 LMS website

Person responsible for website visitors data protection:  gdpr@flowminder.org

The http://learn.grid3.org GRID3 LMS website is built using moodle.   You can visit it without registering but cannot view or see available learning materials, course or content without registering as a Guest, or as an Authenticated user.  We do not make any attempt to find out the identities of those visiting our website who don’t intend to register.

We do make use of Google Analytics, so we can understand visitor traffic to the GRID3 LMS website. By traffic, we mean information such as time spent on the website, locational information of visitors,  and referring websites. We use this information to understand how people are finding our GRID3 LMS website.

This involves the use of cookies that are shared with a Third Party Google, described below. Google commitment to privacy and compliance with applicable data protection laws, including GDPR is available by following the links given here.  All visitors are informed that use of the website requires Google Analytics.

What information does the organisation collect?
  • No information except as necessary for Google Analytics, as described above

Use of HTTP cookies by Flowminder Foundation

Cookies’ are small text files placed on your computer, smartphone, or similar, by most websites. Cookies allow the website to recognise the device used to access the website and record information about visitors’ activities and preferences in order to improve the website’s functionality and user experience. with the opportunity to review the relevant full cookies policy. The cookies policy is available and also provides information on how to manage your cookies settings.

People who browse the LMS website as a Guest

Person responsible for website visitors data protection:  gdpr@flowminder.org

If you decide to become a Guest to have access to any publicly available learning materials, courses and content, as well as the information and cookies gathered as visitors to the home page for the GRID3 LMS website, additional cookies are required to maintain login as you browse available resources.

Use of HTTP cookies by Flowminder Foundation

Cookies’ are small text files placed on your computer, smartphone, or similar, by most websites. Cookies allow the website to recognise the device used to access the website and record information about visitors’ activities and preferences in order to improve the website’s functionality and user experience. You will have agreed the use of cookies by browsing our website as a Guest, with the opportunity to review the relevant full cookies policy. This cookies policy is available and also provides information on how to manage your cookies settings.

What information does the organisation collect?
  • No information except as necessary for Google Analytics and critical use of the Moodle website (cookies)

People who register to be Authenticated Users, to access courses and materials

Person responsible for service users data protection: gdpr@flowminder.org

When you log in to GRID3 LMS website, and set up your account), we require information to:

  • Create your moodle User account Enable registration as an Authenticated User, to access courses you have been enrolled on by GRID3 LMS Website Administrators.

What information does the organisation collect?
  • Information necessary for Google Analytics and critical use of the Moodle website (cookies)
  • Your email address
  • Your first name
  • Your surname
  • Gender
  • Optional: A user photograph: you may upload a photograph to your profile, if desired.

Why does the organisation process personal data?

The organisation has a legitimate interest in processing your data, to provide access to the available learning materials, courses and content, and in reporting outcomes to GRID3 funders and partners. We do not process the contact details provided for any purpose other than delivering these services or creation of outcome reports to funders or partners.

Who has access to data?
  • Your information will be shared internally for the direct and sole purpose of delivering the requested services. This includes members of the organisations’ GRID3 LMS administration team and trainers. Fellow students on your course will have access to your name, photograph (if uploaded by you as a user) and any discussion comments you make. Generally, the GRID3 LMS website by default does not display your email address to other learners, however you may choose to allow this. Please note, GRID3 LMS website administrators and trainers will have access to your email address.

We will not share any personal data that you disclose to us, such as your name or email address, with any external to the LMS third party.

How does the organisation protect data?
  • The organisation takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet.

When you register, you choose a password which enables you to accessGRID3 LMS content. You are responsible for keeping this password confidential. We ask you not to share this password with anyone.

For how long does the organisation keep data?
  • We retain information for Authenticated users for up to 2 years from first log in to the GRID3 LMS website. After 2 years all information is deleted automatically.
Where does the information store data?
  • GRID3 LMS website and domain is managed by Synergy Learning and stored on their secure servers.
Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request require the organisation to change incorrect or incomplete data;
  • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact: gdpr@flowminder.org. 

Alternatively, any authenticated user can send a message to the site privacy officer via the 'Contact the privacy officer' link on their profile page.

In addition, Authenticated Users can request a copy of all of their personal data or request that their personal data should be deleted as follows:

  • Go to your profile page (via the user menu).
  • Click the link 'Data requests' then click the 'New request' button.
  • Select 'Export all of my personal data' or 'Delete all of my personal data' as appropriate.
  • Save changes
  • If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page. In Moodle 3.5.2 onwards, the user has by default one week to download their data before the download link expires.
  • If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.

Children

We strongly believe in protecting the privacy of children. The GRID3 LMS website does not knowingly collect or maintain personal information from persons under 13 years of age, and no part of the Website is directed to persons under 13 years of age. If you are under 13 years of age, then please do not use or access the Website at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than 13 years of age


Summary

This site uses Cookies to recognise the device used to access the website and record information about visitors activities and preferences in order to improve the website’s functionality and user experience.

Full policy

GRID3 LMS Website Cookies Policy

Data Controller:  STIFTELSEN FLOWMINDER, Regus Cumberland House, 15-17 Cumberland Place, Southampton, SO15 2BG, Email: gdpr@flowminder.org

Use of cookies by Flowminder Foundation

‘Cookies’ are small text files placed on your computer, smartphone, or similar, by most websites. Cookies allow the website to recognise the device used to access the website and record information about visitors activities and preferences inorder to improve the website’s functionality and user experience.

We use session and persistent cookies on the GRID3 LMS website, and use differing cookie types:

  • Essential cookies. Necessary for the operation of the Site. We may use essential cookies to authenticate users, prevent fraudulent use of user accounts, or offer Site features,
  • Analytical/performance cookies. Allow us to recognize and count the number of visitors and see how visitors move around the Site when using it. This helps us improve the way the Site works,
  • Functionality cookies. Used to recognise you when you return to the Site. This enables us to personalise our content for you, greet you by name, and remember your preferences (for example, your choice of language or region),
  • Targeting cookies. Record your visit to the Site, the pages you have visited, and the links you have followed. We will use this information to make the Site more relevant to your interests. We may also share this information with third parties for this purpose.

 

The cookie types encountered will depend on your interaction with the GRID3 LMS Website:

  • Visitors to the home page for the GRID3 LMS website, who choose not to log in as a Guest or Authenticated User.  As a Visitor you may not view any available learning materials courses or content without logging in as a Guest or as an Authenticated User.
  • Visitors who then register as a Guest to the LMS, you will then have access to any publicly available learning materials, courses and content.
  • Visitors who register and sign in as Authenticated User of the LMS, who are enrolled onto available learning materials, courses and content. As an  authenticated user  you will have password access to available learning materials, courses and content you have enrolled or been granted access to.

Third Party Cookies

In addition to our own cookies, we also use various third-party cookies to report how visitors interact with the GRID3 LMS website:

  • Tracking cookies. Follow on-site behaviour and tie it to other metrics allowing better understanding of usage habits.
  • Optimization cookies. Allow real-time tracking of user conversion from different marketing channels to evaluate their effectiveness.

 

Google Analytics

The information below is taken from Google Analytics Cookie Usage on Websites, and visitors are encouraged to read and understand the information given on this webpage, and also the Google commitment to  privacy and  compliance with applicable data protection laws, including GDPR.

“Google Analytics is a simple, easy-to-use tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics provides website owners JavaScript tags (libraries) to record information about the page a user has seen, for example the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to "remember" what a user has done on previous pages / interactions with the website.”

Please see our GRID3 LMS Website Cookies table below:

GRID3 LMS Website Cookies Table: All Visitors

Cookie Name

Expiration Time

Brief Description/Information

_ga

2 years

Registers a unique id to you as a visitor, to track how you use or interact with the website

_gid

24 hours

Registers a unique id to you as a visitor, to generate data on how you use or interact with the website for a particular session

_gat

1 minute

Used by Google Analytics to throttle request rate

 

Third Party Cookies

Cookie Name

Expiration Time

Brief Description/Information

collect

Session

Used to send data to Google Analytics about you as a visitor, including your device used to access the webpage and your behaviour, for example, pages you visit on the website.

GRID3 LMS Website Cookies Table: Guests

Cookie Name

Expiration Time

Brief Description/Information

MoodleSession

When you log out or close the browser this cookie is destroyed (in your browser and on the server).

You must allow this cookie into your browser to provide continuity and maintain your login from page to page.

_ga

2 years

Registers a unique id to you as a visitor, to track how you use or interact with the website

_gid

24 hours

Registers a unique id to you as a visitor, to generate data on how you use or interact with the website for a particular session

_gat

1 minute

Used by Google Analytics to throttle request rate

 
Third Party Cookies

Cookie Name

Expiration Time

Brief Description/Information

collect

Session

Used to send data to Google Analytics about you as a visitor, including your device used to access the webpage and your behaviour, for example, pages you visit on the website.

GRID3 LMS Website Cookies Table: Authenticated Users

Cookie Name

Expiration Time

Brief Description/Information

MoodleSession

When you log out or close the browser this cookie is destroyed (in your browser and on the server).

You must allow this cookie into your browser to provide continuity and maintain your login from page to page.

MOODLEID

When you log out or close the browser this cookie is destroyed (in your browser and on the server).

Remembers your username within the browser. This means when you return to this site the username field on the login page will be already filled out for you.

_ga

2 years

Registers a unique id to you as a visitor, to track how you use or interact with the website

_gid

24 hours

Registers a unique id to you as a visitor, to generate data on how you use or interact with the website for a particular session

_gat

1 minute

Used by Google Analytics to throttle request rate

 

Third Party Cookies

Cookie Name

Expiration Time

Brief Description/Information

collect

Session

Used to send data to Google Analytics about you as a visitor, including your device used to access the webpage and your behaviour, for example, pages you visit on the website.

How to change your cookies settings

GRID3 LMS website

Most web browsers permit users to control aspects of most cookies through their browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or  www.allaboutcookies.org.

How to manage cookies settings on the most common internet browsers

You can follow the hyper-links below for guidance on how to manage your cookies settings:




Summary

We make use of Google Analytics, so we can understand visitor traffic to the GRID3 LMS website. 

Full policy

Google Analytics

The information below is taken from Google Analytics Cookie Usage on Websites, and visitors are encouraged to read and understand the information given on this webpage, and also the Google commitment to  privacy and  compliance with applicable data protection laws, including GDPR.

“Google Analytics is a simple, easy-to-use tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics provides website owners JavaScript tags (libraries) to record information about the page a user has seen, for example the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to "remember" what a user has done on previous pages / interactions with the website.”

Google Analytics Related Cookies

Cookie Name

Expiration Time

Brief Description/Information

_ga

2 years

Registers a unique id to you as a visitor, to track how you use or interact with the website

_gid

24 hours

Registers a unique id to you as a visitor, to generate data on how you use or interact with the website for a particular session

_gat

1 minute

Used by Google Analytics to throttle request rate

 

Third Party Cookies

Cookie Name

Expiration Time

Brief Description/Information

collect

Session

Used to send data to Google Analytics about you as a visitor, including your device used to access the webpage and your behaviour, for example, pages you visit on the website.





Summary

Information and Agreement for use of BigBlueButton, a web conferencing system designed for online learning.
Our installation of BigBlueButton is provided by Blindside Networks.

Full policy

We make use of BigBlueButton, a web conferencing system designed for online learning to enable our Authenticated Users access to integrated face  to face (f2f) distance telecommunication and learning activity sessions, and to record these sessions for later distribution to those who could/did not attend.

Our installation of BigBlueButton is provided by Blindside Networks.

BigBlueButton (BBB)

As noted on Wikipedia: BigBlueButton is a pure HTML5 client. It uses the browser's support for web real-time communications WebRTC to send/receive audio, video, and screen.

As a pure single web page application, BigBlueButton front-end uses React and the backend uses mongodb and nodejs. It also uses redis, the open-source key-value data store software, to maintain an internal list of its meetings, attendees, and any other relevant information.

As an authenticated user of the GRID3 LMS (referred to by Blindside Networks as the "Front End'), you need to be aware of the Privacy issues associated with the use of BigBlueButton.

Attendance at a live BBB session (room) provided as part of a GRID3 Learning Activity requires you as a participant to be aware and consent that information about you will be collected and stored

Blindside Networks's privacy policy is clear that they consider consent is granted by your use of BBB session (room) within the GRID3 LMS. 

" Each Front End has its own Terms of Use which you either accepted directly (when you initially logged into the LMS) or were asked to accept by us, on behalf of the LMS.  In accordance with these terms of use and consistent with our Privacy Policy, you gave the LMS and us permission to collect, use and share your personal information."

Please do not attend any live BBB session (room) if you have concerns about sharing  your personal information based on the statement from Blindside Network. Any BBB session (room) will be recorded and made available at a later stage.

The full information below is taken from Blindside Networks GDPR information page:

GDPR

GDPR Compliance

Overview

Blindside Networks Inc. (“We”) provide hosting for BigBlueButton to education and commercial organizations for using BigBlueButton.  Our goal is to enable remote students to have a high quality online learning experience.

We take the privacy of your personal information very seriously.  

Together with our Privacy Policy (available at https://blindsidenetworks.com/privacy), this document will help you better understand the personal information we collect, why we collect it, how we use it, and how we protect it.  In full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), which comes into effect May 25, 2018, this document also explains the various rights of the data subject, including the right of access and the right to erasure (aka “the right to be forgotten”).  

Hosting for BigBlueButton

BigBlueButton is a web conferencing system designed for online learning.  It enables students and instructors to collaborate in real-time. This collaboration includes sharing one or more of audio, video, slides, chat, screen, emojis, and responding to polls.  

The collaboration may also be recorded.

Grant of Consent

The majority of users access BigBlueButton through a learning management system (LMS) such as Schoology, Canvas, Sakai, Moodle, Atutor, etc.  We collectively refer to these systems as a “Front End”.

The LMS is hosted by an organization (such as a educational institution or commercial company) you may be enrolled in the organization as student or work there as a employee. Consistent with GDPR, we refer to these organizations (aka our customers) as the “Data Controller”.  You may access BigBlueButton via a tool or plugin embedded in the Front End; in this regard, we are a “Data Processor”.

Each Front End has its own Terms of Use which you either accepted directly (when you initially logged into the LMS) or were asked to accept by us, on behalf of the LMS.  In accordance with these terms of use and consistent with our Privacy Policy, you gave the LMS and us permission to collect, use and share your personal information.

Our Collection and Use of Your Personal Information

We capture personal information when you login to BigBlueButton and when you share information during a live session (such as an online class).  Furthermore, if the session is recorded, then personal information may also appear in the subsequent recording (such as your chat messages).

What happens when you login?

When you login to BigBlueButton through a Front End, we receive (at minimum) two pieces of information: your full name and an ID (this is a unique identifier internal to the Front End).

We also receive additional information during the join process, which may include:

  • a URL back to the Front End (this enables BigBlueButton to return you back to the Front End after you log out);the associated course ID/name (this is usually embedded in the Logout URL); and
  • your IP address, browser, and OS in our web server logs.  
  • We use this additional data to provide you support (such as troubleshooting a support ticket to see if your browser is out-of-date) and for creating usage reports that we make available to the Data Controller.

What data do we receive when you participate in a meeting?

During a live meeting, you may exchange audio, video, slides, desktop, chat, and emoji icons, responses to polls, closed captioning, and whiteboard annotations, and other content during a session.  We collectively refer to this content as “Meeting Data”.

The BigBlueButton client sends/receives Meeting Data to the server via encrypted channels (RTMPS, HTTPS, and DTLS).

Where do we store Meeting Data?

Not all Meeting Data is stored.  Storage of the Meeting Data depends on whether (a) the meeting was recorded, and whether (b) the moderator (usually the instructor) marked any segments of the meeting for later processing into a recording for playback.

Generally speaking, there are three cases for the storage of Meeting Data:

  • Case 1:  For an unrecorded meeting, we do not store any Meeting Data on the BigBlueButton server after the meeting finishes.
  • Case 2:  For a recorded meeting without Start/Stop record marks, we store the Meeting Data on the BigBlueButton server for 14 days, after which it is automatically deleted.  
  • Case 3:  For a recorded meeting with Start/Stop record marks, we still store the Meeting Data on the BigBlueButton server for 14 days (after which it is automatically deleted); however, the BigBlueButton server also compresses the Meeting Data (“Compressed Meeting Data”) and uploads it to our hosting infrastructure where it is processed into a recording that you can later view by clicking a URL (a “Recording Link”) in the Front End.

The actual recording may include more than one format, such as a video file or an HTML5 page that summarizes user statistics for the session (“Meeting Statistics”).

To help you better understand these storage options, here is a sample recording and sample Meeting Statistics.  The Meeting Statistics gives the instructor the ability to gauge and measure of participation in the class.  This data includes:

  • User Name
  • isModerator (true/false)
  • Number of times chatted
  • Number of times talked
  • Number of times shared emoji
  • Number of times raised hand
  • Response to polls
  • Total time talking
  • Total time in session
  • Join date/time
  • Leave date/time

In Cases 2 and 3, depending on the location of the customer, we store the Meeting Data in Amazon S3 in one of four regions: Canada, US, Europe (Ireland), and Australia.  For example, the storage of Meeting Data for a customer based in the European Union is the Amazon S3 data center in Ireland. For greater clarity, customers in the EU always have their Meeting Data hosted on servers located in the EU.  

For how long do we store Meeting Data?

For some customers, we automatically delete their Meeting Data (and any associated recordings) within 7 or 14 days.  For others, we delete their Meeting Data only upon request by the instructor (using a “delete recording” button in the Front End).

If a Data Controller ceases to be a customer, we delete all recordings and data associated with the customer within 90 days of the end of their contract with us.

How do we restrict access to Meeting Data?

For access to live meeting sessions, users can only login via the Front End or by invitation from a moderator (a guest link).

For access to a Recording Link, users can login via the Front End to access the link.

Generally speaking, Recording Links are static and can be shared with others; however, on request by some of our customers, we further restrict access to Recording Links by generating a new and temporal Recording Link each time the user views the list of recordings (“Restricted Recording Links”).  

For example, if you click the following Restricted Recording Link, you’ll get a 404 error.

While we can’t prevent a user from recording their screen while watching a recording, with Restricted Recording Links, we’ve made it more difficult for users to casually share a recording that might include your personal information.

What information do we retain for support purposes and for how long?

As described above, we capture user metrics and logs during a session to better enable us to provide customer support.  BigBlueButton servers record metrics for each meeting and for each user in a meeting (“Support Data”).

We use this Support Data to resolve support issues such as:

  1. Diagnosing login issues in a meeting
  2. Diagnosing audio quality issues for users in a meeting
  3. Locating and recovering an accidentally deleted recording (if it was accidentally deleted within 14 days of the origin of the meeting).

This Support Data includes:

  • Full Name
  • Browser
  • Operating system
  • Start time
  • Length of time in session
  • Three octets of the user’s IP address (e.g. 192.168.0.)
  • % of audio packets dropped
  • # of times reconnected

Connectivity logs generated by the BigBlueButton client (these logs specify when network connections are created/dropped to by the BigBlueButton client to the BigBlueButton server).

Any feedback provided by the user on their experience using BigBlueButton when the session ends

We store all Support Data on servers in Canada.

If a Data Controller ceases to be a customer, we delete all Support Data associated with the customer within 90 days of the end of their contract with us.

How Do We Secure Our Infrastructure?

We adhere to a number of industry best practices for securing our infrastructure, which include:

  • We restrict access to all servers containing personal information to only a few employees in the company.  
  • We disable password access to all servers (access is only through revocable keys).
  • All servers are regularly updated with the latest security patches.
  • All employees are trained on our privacy policy.
  • We annually contract for penetration testing performed by a 3rd party on our infrastructure.

Who Is the Data Protection Officer (DPO) for Blindside Networks?

The DPO is Richard Alam, CTO of Blindside Networks.  You can contact him at privacy@blindsidenetworks.com.

How Can You Request Access to Your Personal Information?

We recommend you first contact the Data Controller (the organization providing the Front End for accessing BigBlueButton).  

You may request a full report on the personal information we hold for you by sending an e-mail to privacy@blindsidenetworks.com.

In the subject line, please indicate “Request for Personal Information”.  In your email, please specify:

  • Your full Name
  • Whether you are an individual or a representative of a Data Controller
  • If you are an individual, the name of your Data Controller (the organization providing you access to BigBlueButton)

Please note that will will need to share your request with the Data Controller to verify and action it.  We will endeavor to fulfill all access requests within 30 days of receipt.

How Can You Request Deletion of Your Personal Information?

We recommend you first contact the Data Controller (the organization providing the Front End for accessing BigBlueButton).  

You may request deletion of personal information by sending an e-mail to privacy@blindsidenetworks.com.

Use the subject “Request for Deletion”

In the subject line, please indicate “Request for Deletion”.  In your email, please specify:

  • Your full Name
  • Whether you are an individual or a representative of a Data Controller
  • If you are an individual, the name of your Data Controller (the organization providing you access to BigBlueButton)

Please note that will will need to share your request with the Data Controller to verify and action it.  We will endeavor to fulfill all access requests within 30 days of receipt.

How Can You Contact Us?

If you have any questions about this document or our support for GDPR or about our Privacy Policy, please contact us directly at privacy@blindsidenetworks.com.