If you do not consent to these changes, please notify us under firstname.lastname@example.org, and we will remove all data related to your account from our systems, and if so desired provide you with a complete backup of that data.
We do not use the personal information we collect about you for any commercial or other purpose than providing you with this service.
This service is run by:
TU Delft / Dept. ESS
Faculty of Technology, Policy and Management (TBM)
Jaffalaan 5 - room B3.170
2628 BX Delft
You can contact the operators of this service at: email@example.com
As a user of this platform, you have the following rights:
All data collected from our service will be deleted as soon as the technical purpose of this data has been reached, and there are no legal requirements necessitating the retention of this data, as long as no deviating practice is documented below.
|Data Type||What this includes||Why we collect this data|
|Log and Systemfiles||
||This data is automatically submitted by your client. We use this data to operate our service. For example, we need your IP address to identify problems in our log files, and the number of room users to equally balance load across our cluster.|
|Data transfer in rooms||
||This data is the core of the web conferencing system, and as such processed by our servers. Of course, this data is only processed in case you use the corresponding service, i.e., explicitly enable your webcam.
For sessions where the host did not configure recordings, all data related to the session is deleted as soon as it ends. Furthermore, there are sessions that are being recorded, e.g., as they are a university lecture the lecturer wants to share with students who could not make it to the live session. In case a session is supposed to be recorded, we will inform you before you join the room, and explicitly request your consent to the recording.
|Transfer of data to third parties||
||To offer phone dial-in, we use a SIP operator. When you call the dial-in number for a conference, this operator sees your phone number. Furthermore, the audio stream of that conference will be routed via this operator, so you can hear it via the phone line.
Our system also supports showing external videos to participants in a session. Even though we do not share any data with these external parties, as these resources are directly requested by participants, metadata might be send to the operators of corresponding video platforms.
||We only use functional cookies that are necessary for the operation of our service, by associating multiple requests from a client, e.g., if you switch from your home-view to your account settings in the webinterface.|
||In case you create an account to host rooms with our service, we collect the email address you use for sign-up, your user account, and password. This data is necessary for providing the service and authenticating you to your account. You are free to use a pseudonym here. The latter is not possible when authenticating via SURFconext. For TU Delft internal rooms, users may require you to sign-in via SURFconext to ensure that you are a TU Delft affiliated user.|
Data shared with us is transfered encrypted. On clients and our servers, it will be processed in plain-text. At the moment, our system does not support end-to-end encryption.
We operate this service following good practices of system and network engineering, and strive to install security updates as soon as they become available. Furthermore, as set out above, we limit the amount of personal information stored in our systems. Despite these efforts, we cannot guarantee the absolute security of your personal information. Even though passwords are stored in hashed form, we recommend that you do not re-use a password for this service which you use in another service, and consider using, e.g., a password manager.
Our instance reduces logging to the necessary minimum. Nonetheless, collected data may include:
We collect this data to provide, improve, and secure the service we are providing. Your data will be deleted after seven days, if a longer retention is not necessary to solve immanent technical issues. In any case, it will not be retained longer than legally allowed.
We only use session cookies to enable us to provide the service we offer to you. We do not use any third-party cookies. In case an external video is shared in a conference, these might lead to the operator of that service setting and reading cookies.
Removal of Cookies: You can prevent cookies from being set and read in your browsers settings at any time. In case you prevent cookies for our website, functionality might be limited.
In case you contact us via email, we will retain the full emails you send to us until the request you had has been handled. Messages may be retained longer if they hold legal relevance, e.g., if you inform us of a crime committed via our platform. We will only use your email address to contact you if we are legally mandated to do so, we are replying to a support message, or if this is required for account setup or recovery activities.
To offer our services, we use the open source software BigBlueButton, together with the opens source frontend greenlight for managing and creating rooms. Using the open WebRTC protocol, this software stack enables you to share audio, video, text messages and drawings with others. This data includes:
In case a room is configured to be recorded, we store the audio, video, chat, notes, and drawing contributions made in that session for an indefinit time. In case you are trying to join a session that is being recorded, we will inform you about this before you join the session and request your consent to the recording. At the moment, it is sadly technically not possible to selectively record only contributions from participants that consented to being recorded. Hence, in case you do not consent to a recording, it is sadly not possible to join such a session.
A room can be configured for streaming. In that case, voice, video, screensharing, and slides become available to viewers who are not actively participating in the room, and do not show up in the users' list. Rooms have to be explicitly configured for streaming. If you are joining a room that is already being streamed, we will inform you before you join the session. If streaming is enabled by the host during a session, it will be announced in the chat.
In case you create a user account, we will use the information you enter upon registration (name, email address, password, timestamp) and create while using the service (list of created rooms) only for providing this service for you. This data is not shared with third parties. You can always request the complete deletion of your user account and all associated data, or, prior to that, extraction of all data related to your account. For that, please contact firstname.lastname@example.org.
We store daily backups of all data on this platform for seven days. These backups are encrypted and then stored on a data-store provided by Hetzner, located in Finland. In case you request the deletion of your data, we will also remove your data from the collected backups.
We only share your personal data for the reasons outlined below:
By default, recordings are not publicly accessible. However, on the discression of a room's hosts, recording can be made public or shared with others directly via our platform or as downloaded files. As outlined in Section 4, we will solicit your consent to a session being recorded and potentially shared before you can join a room to be recorded. In case you want to retroactively widthdraw your consent to a recording, please contact email@example.com. However, please note that the recording may already have been shared publicly and/or outside of our platform.
We collect aggregate statistics to monitor the utilization, performance, and availability of our servers. While this data is agregated, and does not contain personally identifiable information, personally identifiable information may be utilized for computing these aggregate values, e.g., the number of users and rooms per cluster node. Personally identifiable information used during the computation of aggregate statistics is not stored.
We publish the performance overview and statistics of our service at: https://mgmt.bbb.tbm.tudelft.nl/munin/
The servers we use for this service are rented from Hetzner (https://www.hetzner.de/), a German hosting provider. Our platform does not provide a direct interface to Hetzner to access any stored personal data. As an additional measure, we also hold a data processing agreement with Hetzner. All servers used in our service are located in the European Union.