Last updated: January 11, 2024
Previous version (effective November 22, 2019):
2. Panopto is a Data Processor
The Services Panopto provides to its Customers primarily include a video hosting platform with tools for creating, managing and distributing video, audio, written and other content (“Content”) over the Internet. Customers are responsible, in their sole discretion, for provisioning accounts to Authorized Users to give them access to the Services, and for removing an account once a given Authorized User is no longer permitted to have such access. In each case, the Customer is the controller of the Personal Data of its Authorized Users, and Panopto is the processor carrying out data processing activities in accordance with the Customer’s instructions.
Panopto has no direct control over the Personal Data collected by its Customers. Customers choose the geographical region(s) for the storage of Personal Data, are directly responsible for the configuration and administration of the Services they use, and are responsible for adhering to legal and regulatory requirements, including the collection and maintenance of any necessary rights, permissions, and consents for the Personal Data they collect and manage as a controller.
In its capacity as a controller, each Customer is responsible for maintaining the privacy of the Personal Data pertaining to its Authorized Users uploaded to the Services. Panopto processes such Personal Data under the direction of the Customer, and has no direct relationship with the individuals whose Personal Data it processes. Panopto is not responsible for disclosures of information made by a Customer to its Authorized Users through the Services. If you are concerned about your privacy while interacting with the Services or wish to exercise your rights in connection with the Personal Data included in the Services, you should direct your inquiry or request to the applicable Customer.
3. When Personal Data is Collected
We collect your Personal Data when it is provided to us by the Customer through which you access the Services, as well as when you interact with the Services through a Customer’saccount, such as when you:
4. What Personal Data is Collected
When you use the Services, the following categories of Personal Data may be collected and processed by Panopto:
5. How Personal Data is Used
We use your Personal Data for the following purposes:
6. Cookies and Similar Technologies
7. Sharing of Personal Data
Panopto will never sell your Personal Data or share it with any third party for marketing purposes. Your Personal Data may be shared or disclosed to a third party in the following limited circumstances:
8. Protection of Personal Data
Panopto maintains an information security program, under which it has adopted security measures to protect Personal Data against loss, theft, unauthorized access, alteration, disclosure, or destruction. Among other things, these measures include policies, procedures, employee training, physical access control, and technical elements relating to data access controls. In addition, Panopto uses industry standard encryption to protect Personal Data when it is being exchanged or transmitted. Panopto has also obtained various compliance certifications and undergoes audits to ensure continued security and compliance best practices.
However, data transmissions over the Internet cannot be guaranteed to be 100% secure or safe from intrusion by others. Be sure to use secure Internet connections, protect your login credentials, and create strong passwords for your Services account. For more information about the measures Panopto takes to protect Personal Data, see the Learn About Panopto’s Information Security Program page.
9. Data Retention
We may retain your Personal Data (even after you cease to use the Services) for any lawfully permitted period of time and as necessary to meet our legal and contractual obligations, enforce our agreements, and enable us to investigate events and resolve disputes.
10. Your Rights as a Data Subject
Depending on your location, Panopto may have certain legal obligations to its Customers relating to your Personal Data. For example, Panopto has obligations as a data processor or service provider under the European Union’s General Data Protection Regulation, the United Kingdom’s Data Protection, Privacy and Electronic Communication Regulations, Switzerland’s Federal Act on Data Protection, the California Consumer Privacy Act and the California Privacy Rights Act, and other applicable data protection laws or regulations (“Data Protection Laws”). In addition, you (as a data subject) may have certain rights under these Data Protection Laws,
However, it is important to keep in mind that Panopto is a service provider to its Customers, and therefore acts as a processor, and not a controller, of your Personal Data. If you wish to exercise any of your rights pursuant to applicable Data Protection Laws, you should contact the relevant Customer, which is the controller of your Personal Data and is therefore responsible for protecting your rights under these Data Protection Laws. If you contact Panopto directly, we may forward your request or inquiry to the relevant Panopto Customer.
11. International Data Transfers
As described above, Customers have control and responsibility for selecting the appropriate geographical region(s) in which they store and upload Personal Data and administering the Services in accordance with applicable Data Protection Laws.
Data Privacy Framework Notice
Panopto complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Panopto has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Panopto has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S.
Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal
To learn more about the U.S. Department of Commerce’s Data Privacy Framework self-certification program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Panopto commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a complaint. The services of JAMS are provided at no cost to you. JAMS mediation may be commenced as provided for in the JAMS rules. If neither Panopto nor our dispute resolution provider resolves your complaint, you may have the possibility, under certain conditions, to invoke binding arbitration through the Data Privacy Framework Panel. The US Federal Trade Commission has jurisdiction over Panopto’s compliance with the DPF. In cases of onward transfer to third parties, Panopto is generally liable for the acts of any such parties that are in violation of the DPF Principles.
13. Contacting Panopto
If you have any questions or concerns about your privacy in connection with your use of the Services through a Customer, you should direct them to that specific Customer. As noted above, if you contact us with any such questions or concerns, we may forward them to the relevant Customer.
Attn: Data Protection Officer
600 River Avenue
Pittsburgh, PA 15212