Panopto Website Visitor Privacy Policy

Last updated: January 11, 2024

1. Introduction

This Panopto Website Visitor Privacy Policy (this “Website Visitor Privacy Policy”) provides important information regarding how Panopto, Inc. and its subsidiaries and affiliates, including Panopto EMEA Limited, Panopto Asia Pte Ltd, Panopto Asia Pacific Limited, and Panopto ANZ Pty Ltd (collectively, “Panopto”, “we” or “us”) process, use, collect, disclose, and protect Personal Data (as defined below) when you use our websites (the “Websites”), including email, text, and other communications between you and Panopto. “Personal Data” is information about you that is personally identifiable or can be linked to you through a personal identifier, such as your physical address, e-mail address, phone number, or location, and which is not otherwise publicly available (this definition is given here for the purpose of this Website Visitor Privacy Policy only, and some laws may use a different definition). This Website Visitor Privacy Policy does not apply to the services and products that Panopto provides; those services and products are governed by a separate Panopto Authorized User Privacy Policy.

Please visit the Panopto Terms of Service for further terms and conditions that apply to your use of the Websites.

2. Collection of Personal Data

We collect your Personal Data when you provide it to us directly through the Websites, such as when you:

Provide your information to request a demo, watch an on-demand video, participate in a live webinar, download an article, report, white paper, or other content, or otherwise contact us via the Websites
Sign up to receive email newsletters, blog updates, or other communications from Panopto
Participate in a Panopto survey, blog, discussion forum, or other parts of the Websites that allow you to post comments
Create a Panopto account
Respond to marketing promotions that we offer
Inquire or apply for employment with Panopto
The Personal Data we collect directly from you in these situations may include your name, title, street address or other location information, affiliated organization or employer, phone number, and/or email address.

As is true of most websites, when you interact with the Websites, we also automatically gather certain types of information, which is stored in our log files and may include Internet protocol (IP) addresses, type of device, operating system, and browser, unique device identifier, browser settings, usage information, Internet service provider (ISP), referring/exit pages, files viewed (e.g., HTML pages, graphics, etc.), date/time stamp, and/or clickstream data. Please see Section 4 below for more details.

We may also receive information about you from other sources, including publicly available databases or third parties, such as data brokers or organizers of conferences you attended that have permission to transfer this information to us. This information helps us to update, expand, and analyze our records, identify new potential customers, and identify products and services that may be of interest to you. We may, to the extent permitted by applicable law, aggregate or combine this information with Personal Data we already have about you, which in some cases could make anonymous information identifiable as Personal Data.

3. How Personal Data is Used

We may use your Personal Data for the following purposes:

Contacting you and sending you marketing and other communications that we think will be of interest to you
Providing you the information or content you request through the Websites
Remembering information you previously provided to us to enhance, personalize, or otherwise improve your experience on the Websites
Customizing the advertising and other content you see on the Websites or other third-party websites
Improving the Websites, as well as the products and services we offer
Collecting statistical and analytical information to help us understand how individuals interact with the Websites and determine the effectiveness of our promotional campaigns and advertising

4. Cookies & Similar Technologies

Panopto uses cookies and similar technologies in connection with the Websites. A cookie is a file containing an identifier (a string of letters and numbers) sent by a web browser, and then stored by the browser. The identifier is sent back to the server each time the browser requests a page from the Websites. Panopto uses cookies in a number of ways, such as to improve your browsing experience, analyze trends, track Visitors’ movements around, and interactions with, the Websites, improve how the Websites function, provide more relevant communications, and track the performance of our advertising campaigns. In addition, Panopto or authorized third parties may use cookies to show you advertisements for our products and services that we think may interest you on other websites and mobile applications on any devices you may use. These cookies also help us manage and track the effectiveness of our marketing efforts.

You can control the use of cookies and similar technologies at the individual browser level. However, choosing to disable any cookies may limit your use of certain features or functions on the Websites.

5. Controlling Your Personal Data

You can review, correct, edit, or delete the Personal Data that you have provided to us by sending such a request via email to [email protected]. It is important to note that we may need to verify your identity before processing your request. You can also opt out of receiving marketing emails from us by following the unsubscribe instructions provided in Panopto emails. Please keep in mind that if you are also a user of any of the Panopto products or services, you may continue to receive certain communications pertaining to your account even if you opt out of marketing emails.

6. Sharing Your Personal Data

Panopto does not sell your Personal Data and only discloses or shares your Personal Data with third parties in the following circumstances or for the following purposes:

Panopto and its subsidiaries and affiliates are in different countries around the world and by accessing the Websites, your Personal Data may be transferred outside of your local jurisdiction. Please see Section 11 below for more information on such transfers.
We use trusted third-party service providers to support Panopto’s business and/or the Websites. For example, we use service providers for website hosting, website analytics, marketing and communications, and other business operations, and such service providers may need access to Personal Data to complete those functions. In such cases, these service providers must abide by our data privacy and security requirements and are not allowed to use Personal Data they receive from us for any other purpose.
In the event Panopto is acquired or merges with another company, the Websites (including the Personal Data collected through them) may be transferred to another entity.
When we conduct joint webinars or marketing events with business partners, we may share participant contact information with such business partners for their marketing use.
As we believe to be necessary or appropriate, we may disclose Personal Data: (a) in accordance with applicable laws; (b) to comply with a subpoena or other legal process; (c) to respond to requests from public and government authorities; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Please also keep in mind that if you participate in a Panopto survey, blog, discussion forum, or other parts of the Websites that allow you to post comments, the information you provide may be made broadly available to others who have access to the Websites.

7. Protection of Personal Data

Panopto maintains an information security program, under which it has adopted security measures to protect Personal Data against loss, theft, unauthorized access, alteration, disclosure, or destruction. Among other things, these measures include policies, procedures, employee training, physical access control, and technical elements relating to data access controls. In addition, Panopto uses industry-standard encryption to protect Personal Data when it is being exchanged or transmitted. Panopto has obtained various compliance certifications and undergoes audits to ensure continued security and compliance best practices. However, data transmissions over the Internet cannot be guaranteed to be 100% secure or safe from intrusion by others. Be sure to use secure Internet connections when you use the Websites.

8. Data Retention

We may retain your Personal Data for any lawfully permitted period of time and as necessary to meet our legal and contractual obligations, enforce our agreements, and enable us to investigate events and resolve disputes.

9. Rights of California Residents

If you are a resident of the State of California in the United States, you have certain rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the “CCPA”). The categories of personal information we collect about you are described in Section 2 above, and the purposes for which we use this information are described in Section 3 above. Panopto does not sell your Personal Data, and only shares or discloses it to third parties as described in Section 6 above. As it applies to Panopto, the CCPA gives California residents the following rights:

The right to know about the Personal Data we collect about you and how it is used and shared
The right to delete the Personal Data we collect from you, subject to certain exceptions
The right to correct inaccurate Personal Data that we have about you
The right to non-discrimination for exercising your CCPA rights
These rights largely overlap with some of the rights provided for under the GDPR, so please review Section 10 below for additional information about how these rights apply to Panopto. If you wish to exercise any of these rights, you may contact Panopto by following the instructions in Section 14 below. It is important to note that we may need to verify your identity before processing your request.

10. Rights of European Data Subjects

If you are in one of the European Union/European Economic Area countries or the United Kingdom, you have certain rights under the General Data Protection Regulation, EU Regulation 2016/679 (the “GDPR”). By visiting the Websites or otherwise communicating with Panopto, you acknowledge and agree that we may collect, process, use and share your Personal Data for the purposes described in this Website Visitor Privacy Policy, either on the basis of your consent or if we have other lawful grounds to do so. As it applies to Panopto, the GDPR provides data subjects the following rights:

The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing.

The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. We are providing you with this information through this Website Visitor Privacy Policy.
The right of access
You have the right to obtain access to your Personal Data information that Panopto controls, in order to ensure that we’re using your information in accordance with data protection laws.
The right to rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
The right to erasure
This is also known as the “right to be forgotten” and enables you to request the deletion or removal of your Personal Data where there’s no compelling reason for Panopto to keep using it. This is not a general and total right to erasure, and specific conditions apply.
The right to restrict processing
You have rights to block or suppress further use of your Personal Data. When processing is restricted, we can still store your Personal Data, but may not use it further. Panopto may continue to maintain a list of individuals for which processing is restricted, to ensure the request is respected in the future.
The right to data portability
You have rights to obtain and reuse your Personal Data for your own purposes across different services. If you request a copy of your Personal Data, we will deliver it in .csv or similar format.
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection regulator.
The right to withdraw consent
If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
If you wish to exercise any of your rights as detailed above, you may contact Panopto by following the instructions in Section 14 below. It is important to note that we may need to verify your identity before processing your request.

11. International Data Transfers

Panopto is a multinational organization that is headquartered in the United States and has subsidiaries, systems and business functions around the world. In accordance with applicable law, Panopto may share Personal Data with its affiliates and service providers, which may involve transferring it to other countries or allowing personnel at Panopto or its affiliates or service providers to remotely access it from other countries. These other countries may have privacy laws that are different from those in your country. Regardless of locations, Panopto handles Personal Data as described in this Website Visitor Privacy Policy and takes steps to ensure that any recipient of your Personal Data adheres to these same practices.

Data Privacy Framework Notice
Panopto complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Panopto has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Panopto has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S.
Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal
data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the respective Principles shall govern.
To learn more about the U.S. Department of Commerce’s Data Privacy Framework self-certification program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the
Swiss-U.S. DPF, Panopto commits to refer unresolved complaints concerning our
handling of personal data received in reliance on the EU-U.S. DPF and the UK
Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute
resolution provider based in the United States. If you do not receive timely
acknowledgment of your DPF Principles-related complaint from us, or if we have not
addressed your DPF Principles-related complaint to your satisfaction, please visit
https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a
complaint. The services of JAMS are provided at no cost to you. JAMS mediation may
be commenced as provided for in the JAMS rules. If neither Panopto nor our dispute
resolution provider resolves your complaint, you may have the possibility, under certain
conditions, to invoke binding arbitration through the Data Privacy Framework Panel.
The US Federal Trade Commission has jurisdiction over Panopto’s compliance with the
DPF.
In cases of onward transfer to third parties, Panopto is generally liable for the acts of
any such parties that are in violation of the DPF Principles.

12. Children

The Websites are not designed for use by anyone under the age of 18. Panopto does not voluntarily or knowingly collect information from anyone under 18. As such, if you are under the age of 18, please stop using the Websites. If you are a parent or guardian and believe that we may have collected Personal Data from someone under the age of 18, please let us know by emailing [email protected].

13. Changes to this Policy

We may change, modify, or update this Website Visitor Privacy Policy at any time. When we do, we will revise the date at the top of this page and provide a link to the archived previous version. We encourage you to check this page frequently for any changes to this Website Visitor Privacy Policy.

14. Contacting Panopto

If you have any questions or concerns about this Website Visitor Privacy Policy or the Personal Data practices of Panopto in regard to the Websites, or wish to exercise any of the rights (as applicable to you) outlined in Sections 9 and 10 above, please contact us at [email protected] or via mail (worldwide) at:

Panopto, Inc.

Attn: Data Protection Officer

600 River Avenue
Suite 100
Pittsburgh, PA 15212

Our representative in the European Union for the purposes of compliance with the GDPR is Panopto EMEA Limited, the UK-based subsidiary of Panopto, Inc., which may be contacted at:

Panopto EMEA Limited
Attn: Data Protection Officer

White Collar Factory
1 Old Street Yard
London, EC1Y 8AF
United Kingdom