Last updated: December 4, 2023
Previous version (effective November 22, 2019): https://www.panopto.com/privacy-policy-2019/
1. Introduction
This Panopto Authorized User Privacy Policy (this “Privacy Policy”) provides important information regarding how Panopto, Inc. and its subsidiaries and affiliates, including Panopto EMEA Limited, Panopto Asia Pte Ltd, Panopto Asia Pacific Limited, and Panopto ANZ Pty Ltd (collectively, “Panopto”, “we” or “us”), process, use, collect, disclose, and protect Personal Data (as defined below) when you use any Panopto products, software, platforms, applications, and services (the “Services”) through one of our Customers (as defined below). “Personal Data” is information about you that is personally identifiable or can be linked to you through a personal identifier, such as your e-mail address, phone number, location, or the physical address of your organization, and which is not otherwise publicly available (this definition is given here for the purpose of this Privacy Policy only, and some laws may use a different definition). This Privacy Policy does not apply to third-party services that are not under Panopto’s control; those parties’ services are governed by their own privacy policies. An organization or other third party, which is Panopto’s “Customer,” has entered into a written agreement with Panopto for the Services (the “Contract”) and has given you access to use the Services pursuant to the Contract. You, along with others in your organization, are each an “Authorized User.” The Contract contains Panopto’s commitment to deliver the Services to the Customer, which may then invite Authorized Users to access and use the Services. This Privacy Policy applies to you as an Authorized User of the Services. This Privacy Policy may change as our business evolves, so please check back regularly for updates and revisions.
2. Panopto is a Data Processor
The Services Panopto provides to its Customers primarily include a video hosting platform with
tools for creating, managing and distributing video, audio, written and other content
(“Content”) over the Internet. Customers are responsible, in their sole discretion, for
provisioning accounts to Authorized Users to give them access to the Services, and for removing
an account once a given Authorized User is no longer permitted to have such access. In each
case, the Customer is the controller of the Personal Data of its Authorized Users, and Panopto is
the processor carrying out data processing activities in accordance with the Customer’s
instructions.
If you use the Services through a Panopto Customer, such as an employer or school, that
Customer controls and administers your account, and may access, process, and share your
Personal Data, including the Content you create through the Services, in accordance with its
own policies and procedures. Panopto is not responsible for the privacy or security practices of
its Customers, which may differ from those set forth in this Privacy Policy.
Panopto has no direct control over the Personal Data collected by its Customers. Customers
choose the geographical region(s) for the storage of Personal Data, are directly responsible for
the configuration and administration of the Services they use, and are responsible for adhering
to legal and regulatory requirements, including the collection and maintenance of any
necessary rights, permissions, and consents for the Personal Data they collect and manage as a
controller.
In its capacity as a controller, each Customer is responsible for maintaining the privacy of the
Personal Data pertaining to its Authorized Users uploaded to the Services. Panopto processes
such Personal Data under the direction of the Customer, and has no direct relationship with the
individuals whose Personal Data it processes. Panopto is not responsible for disclosures of
information made by a Customer to its Authorized Users through the Services. If you are
concerned about your privacy while interacting with the Services or wish to exercise your rights
in connection with the Personal Data included in the Services, you should direct your inquiry or
request to the applicable Customer.
3. When Personal Data is Collected
We collect your Personal Data when it is provided to us by the Customer through which you
access the Services, as well as when you interact with the Services through a Customer’s
account, such as when you:
4. What Personal Data is Collected
When you use the Services, the following categories of Personal Data may be collected and
processed by Panopto:
5. How Personal Data is Used
We use your Personal Data for the following purposes:
6. Cookies and Similar Technologies
Panopto uses cookies and similar technologies in connection with the Services. A cookie is a file
containing an identifier (a string of letters and numbers) sent by a web browser, and then
stored by the browser. The identifier is sent back to the server each time the browser requests
a page from the Services. Panopto uses cookies in a number of ways, such as to authenticate an
Authorized User, help mitigate security threats, improve the performance of the Services, track
an Authorized User’s interactions with the Services, store information regarding an Authorized
User’s preferences, and collect analytics data.
You have the ability to decline or accept non-essential cookies within the Services if the
Customer through which you access the Services has selected the European Union as the
geographic region for the storage of Personal Data or if the Customer has otherwise chosen to
enable cookie settings for its Authorized Users. If you decline non-essential cookies, essential
cookies (namely those needed for the Services to be functional) will still be set. In addition, you
may be able to control the use of cookies and similar technologies at the individual browser
level. However, choosing to disable any cookies may limit your use of certain features or
functions on the Services. For more information about the cookies that Panopto uses, see the
Learn About Panopto’s Use of Cookies page.
7. Sharing of Personal Data
Panopto will never sell your Personal Data or share it with any third party for marketing
purposes. Your Personal Data may be shared or disclosed to a third party in the following
limited circumstances:
8. Protection of Personal Data
Panopto maintains an information security program, under which it has adopted security
measures to protect Personal Data against loss, theft, unauthorized access, alteration,
disclosure, or destruction. Among other things, these measures include policies, procedures,
employee training, physical access control, and technical elements relating to data access
controls. In addition, Panopto uses industry-standard encryption to protect Personal Data
when it is being exchanged or transmitted. Panopto has also obtained various compliance
certifications and undergoes audits to ensure continued security and compliance best practices.
However, data transmissions over the Internet cannot be guaranteed to be 100% secure or safe
from intrusion by others. Be sure to use secure Internet connections, protect your login
credentials, and create strong passwords for your Services account. For more information
about the measures Panopto takes to protect Personal Data, see the Learn About Panopto’s
Information Security Program page.
9. Data Retention
We may retain your Personal Data (even after you cease to use the Services) for any lawfully
permitted period of time and as necessary to meet our legal and contractual obligations,
enforce our agreements, and enable us to investigate events and resolve disputes.
10. Your Rights as a Data Subject
Depending on your location, Panopto may have certain legal obligations to its Customers
relating to your Personal Data. For example, Panopto has obligations as a data processor or
service provider under the European Union’s General Data Protection Regulation, the United
Kingdom’s Data Protection, Privacy and Electronic Communication Regulations, Switzerland’s
Federal Act on Data Protection, the California Consumer Privacy Act and the California Privacy
Rights Act, and other applicable data protection laws or regulations (“Data Protection Laws”).
In addition, you (as a data subject) may have certain rights under these Data Protection Laws,
such as:
However, it is important to keep in mind that Panopto is a service provider to its Customers,
and therefore acts as a processor, and not a controller, of your Personal Data. If you wish to
exercise any of your rights pursuant to applicable Data Protection Laws, you should contact the
relevant Customer, which is the controller of your Personal Data and is therefore responsible
for protecting your rights under these Data Protection Laws. If you contact Panopto directly, we
may forward your request or inquiry to the relevant Panopto Customer.
11. International Data Transfers
As described above, Customers have control and responsibility for selecting the appropriate
geographical region(s) in which they store and upload Personal Data and administering the
Services in accordance with applicable Data Protection Laws.
Panopto is a multinational organization that is headquartered in the United States and has
subsidiaries, systems, and business functions around the world. In its capacity as a processor to
its Customers, Panopto may share Personal Data with its affiliates and service providers, which
may involve transferring it to other countries or allowing personnel at Panopto or its affiliates
or service providers to remotely access it from other countries. Where required, such
international transfers may be made pursuant to data processing agreements with standard
contractual clauses or an alternative mechanism allowed under applicable Data Protection
Laws. These other countries may have Data Protection Laws that are different from those in
your country. Regardless of location, Panopto handles Personal Data as described in this Privacy
Policy, and takes steps to ensure that any recipient of your Personal Data adheres to these
same practices.
12. Changes to this Privacy Policy
We may change, modify, or update this Privacy Policy at any time. When we do, we will revise
the date at the top of this page and provide a link to the archived previous version. We
encourage you to check this page frequently for any changes to this Privacy Policy.
13. Contacting Panopto
If you have any questions or concerns about your privacy in connection with your use of the
Services through a Customer, you should direct them to that specific Customer. As noted
above, if you contact us with any such questions or concerns, we may forward them to the
relevant Customer.
If you have any questions about this Privacy Policy, please contact us at data-
[email protected] or via mail (worldwide) at:
Panopto, Inc.
Attn: Data Protection Officer
600 River Avenue
Suite 100
Pittsburgh, PA 15212