Twebcast is a web-based platform providing digital event management and interactivity.
In order to provide a relevant service to Event Organizers who use our platform as well as participants at our events we often handle personal data.
Our Data Protection policy exists to explain to all our users how we handle your personal data and which rights you have within the Twebcast platform.
We have a strong belief that every user of our platform should be aware of what data they own and what they share, for how long and to whom, if at all.
The founding principle is that nobody, not even Twebcast, can access your user-data, unless specifically requested. And if specifically requested, only for a limited time.
If you choose to share personal data with someone, you do it for a limited time and you share a temporary copy of your data. You never provide direct access to your personal data. Only you, the owner, should ever be able to access the original personal data.
All sensitive data, including user-data is always encrypted at rest. When data flow between our platform and you, the data is also strongly encrypted, making it virtually impossible for others than the owner herself to gain access to the data.
We do keep the possibility to access personal data open, in case it is legally required to do so based on a decision in a court of law.
The diagram below describes the Flow of Data, Data Access and Data Ownership when you register to an event as a participant. Everything you provide that does not reveal any personal data (i.e. data that would be considered anonymous if one does not know who provided the data) is sent to the event organizer, who is considered the owner of that data. Examples of such data can be questions you answer or text you write in a chat. You also receive a copy of that data for later reference.
All the data that is of a personal nature, such as your email address, your name and similar data, is stored on your own personal profile, which you own. This data can be provided as a temporary copy to the event organizer. They may need to know who registered for their event, to give one example. When the event is over, the copy of the personal data you provided is removed, making your answers anonymous.
If I register for an event with my name and my email address, that data is Personal Data.
If I answer a question about my favourite team, that data is in itself just anonymous data.
If someone has access to my personal data AND my general data (the answer) and if they have a link between the two, we can suddenly view the general data as personal data too.
This is why have have built into our platform a strong separation between personal data and general data. When a participant registers for an event, they provide all the general data they enter during the event to the event organizer, but maintain ownership of their personal data. Participants only lend out a copy of a subset of their personal data (the personal data requested by the event organizer) for the duration of the event.
After the event all personal data is removed from the event and the event organizer only have anonymous general data left.
After the event, the event organizer only know that someone during the event had a favourite team called DIF. Not who, where that person lives, how old he or she is etc.
We try to make our terms as simple to read and understand as possible. We know that most people don't read a long document and this is why we always provide a summary of our terms in the shape of an easy to read bullet list.
We only ask a participant to become a user or accept event terms if they are attending events that process personal data. If you attend an anonymous event, you won't have to sign any terms at all. No one knows who you are, you are totally anonymous in these cases.
In order to use Twebcast one must sign up for a Twebcast user account. This is often done in a more or less automatic fashion the first time one register for an event. This account can be used to register for events, create your own event or use any of our event management oriented clients. In order to be able to become a Twebcast user you must approve the user terms as well as validate your email address.
When you register for events that process personal data you will have to agree to the event terms. The event terms are based on Twebcast standard event terms coupled with specific and unique parameters for each event that stipulate who is the event organizer, who will be processing personal data, for what purpose and for how long the copy of your personal data will be available to the event organizer.
Some events may require you to approve additional custom terms in order to attend. The event organizer will in these cases create their own custom event terms. One such example could be something along these lines: “By attending this event and agreeing to these terms you are able to participate in our lottery to win a signed copy of Author X’s new book” or “Any images you provide/upload to the event can be used in marketing purposes on our company website www.xyz. In order to be able to contact you, should we wish to use your image, we will need to keep your personal details such as name and email address in our records for a duration of three years”
It is important to remember that the custom event terms constitute an agreement between you and the event organizer. Twebcast is only facilitating the agreement process on our platform.
If you choose to produce your own events in Twebcast you have to approve our producer terms. These terms also give you potential access to our other clients, such as, Screen (presenter screen), Control (control panel), Speaker and Checkin.
The most difficult thing we face is to help producers, who create events, and participants who visit events, to act towards others in a way that respect our vision for privacy as well as the lawmakers view on privacy, such as, but not limited to GDPR.
One way of doing that is to provide producers of alerts with simple, easy to understand information that in a summarized fashion remind them of their obligations, as stated in the terms and conditions, everytime they do something where there is a risk to violate the terms.
For example; If you create an anonymous event, you must not ask the participants any questions that can reveal their identity. And the fact that failure to comply with such terms could even mean they break the law.
Another example would be downloading of user data to your own computer. We remind the producer of the fact that the terms state; that they may not hold personal data after the event is finished. We also log when someone downloads a copy of personal data for processing and automatically remind them to remove the data when the event is over.
We have made our thoughts on privacy an integrated part of our business. Everytime we create a new function we consider how it can be used or misused from a privacy perspective.
This is why we work with temporary data copies. When someone is about to share data, they do it temporarily and never provide access to the original data.
Another important way to help us enforce user privacy is to utilize action logs. We are able to present to our users when they have accessed the platform making it easy to see if someone has accessed their account without their knowledge, to name one example.
Since we have a log of many user actions we can also produce a list of everyone within the event organizers who has exported personal data during an event. When a user choose to revoke access manually or when twebcast automatically anonymize data after the event is finished, we are able to notify everyone who has touched personal data of the fact that they no longer have the right to hold a copy of any personal data of the participants.
Large corporate clients often integrate their own user repositories with Twebcast, enabling automatic synchronization of their users to Twebcast.
On order to become an enterprise customer you sign a Data Process Agreement where you take over the main responsibility in terms of Data Protection & GDPR towards the users and Twebcast enters a subcontracting data processing role. We have created and provide DPAs for our enterprise customers to make this process as easy as possible.
In order for the Twebcast platform to work, user agreements and event agreements still have to be signed but they will be auto-signed with a reference to the DPA. This provides useful logging needed for us to conduct internal and external auditing to ensure we treat data according to our own standards as well as GDPR.
If you sign up for any of our newsletters you have to approve the newsletter subscription as a separate activity. We never send newsletters to you unless you have specifically requested so. We always make it simple for you to unsubscribe at any time via a link in the email.
In order to enjoy the benefits of being a paying customer you will have to approve our customer agreement. This agreement stipulate the commercial aspects of using Twebcast. It also covers our data protection policies with regards to personal data related to sales, such as orders and invoices.
You can always contact us if you want to get access to the records we have of your personal data. You can also request that your account is deleted which means that all your personal data is removed.
If you have any questions regarding our policy you can always contact our Data Protection Officer: David Rinnan, firstname.lastname@example.org.
For general matters regarding Twebcast or inquiries about your data, please contact email@example.com.