Last Updated: 4-April-2022
Brightcove Inc. and its affiliates (“Brightcove” or “we”) want our customers (“Customers” or “you”) to be familiar with how we collect, use, share and store information relating to your use of our services and to end users who view your videos via our services (“Viewers”).
We do not have a direct relationship with Viewers. Information collected from Viewers on Customers’ websites or apps is subject to our Customers’ privacy policies. Viewers who have questions or concerns about information collected when they view a video via Brightcove Services, or about the content of any such video, should contact our Customer through the website or app on which such video is available. Viewers who are uncertain about whom to contact may contact us at firstname.lastname@example.org..
Information Collected from Viewers. In connection with our provision of Brightcove Services, we may collect certain information about Viewers. Such information may include personal information, which is information that identifies an individual or relates to identifiable person. Information that may be collected when videos are viewed via Brightcove Services includes:
Information Collected from Customers. To enable us to effectively provide Brightcove Services, we may collect the following information from individuals authorized by Customers (such as a Customer’s employees) to use Brightcove Services:
Cookies and Other Tracking Technologies. We, and our third-party service providers, may use technologies such as cookies and beacons to quantify use, to analyze viewing and engagement with videos displayed using Brightcove Services, to conduct benchmarking, to generate metrics, to report to Customers and to assess the quality of Brightcove Services.
Web Beacons. We may also use web beacons, tags and scripts in connection with Brightcove Services. Web beacons, also known as clear GIFs or single-pixel GIFs, are small image files that Brightcove Services use to communicate analytics data on Viewer activity and service usage. Alongside cookies, web beacons allow us to accurately count the number of unique Viewers who have viewed a video and activity during a viewing session. This information enables us to measure the performance of our Customer’s videos and allows Customers to evaluate Viewer interaction with their video content.
HTTP Headers. HTTP headers are information that is transmitted whenever a webpage is viewed, and contain technical information required for communication between a browsing device and a website server. Other electronic communication protocols (such as those used for email) also use headers to transmit information. Information may be transmitted through HTTP (or other electronic communication protocol) headers to Brightcove from the Customer’s use of Brightcove Services or from Viewer interaction with a Customer's video. This may include information about the device browser, the requested webpage and the computer or device being used (such as a carrier or device identifier).
Analytics. We may use third-party analytics services, such as Google Analytics, to track the use of Brightcove Services by our Customers. For information on how Google collects and processes information and how to opt out from Google’s collection of your information, please click here.
Do Not Track. Brightcove Services do not recognize if a browser sends a “do not track” signal or similar mechanism to indicate the user does not wish to be tracked or receive interest-based ads. Please see our Cookies Policy for more information including how to exercise your rights to opt-out of cookies, analytics, and personalized advertising.
To the extent permitted by applicable law, we may use information about our Customers and Viewers for the following purposes or in the following ways:
To the extent permitted by applicable law, we may share, disclose and transfer information, including personal information as follows:
Payment Processing. We use third-party payment service(s) (“Payment Service”) to process credit card payments for certain editions of Brightcove Services. Customers acknowledge and agree within their Brightcove Services agreement that when prompted to provide credit card information, that information gets transmitted directly to the Payment Service. Brightcove does not have access to full credit card numbers and does not store such information in its own systems. Information transmitted to the Payment Service is encrypted using SSL technology. The Payment Service is required to comply with all applicable privacy and security laws and the rules and regulations issued by the payment card industry and the credit card companies. Please contact us at email@example.com if you would like Brightcove to facilitate the correction or deletion of your personal information with the Payment Service.
Cross-Device Tracking. When Customers or Viewers use devices to display and/or view a Customer’s video content, we may receive information about their devices, including a unique identifier for each device. We and our service providers and third parties we collaborate with, including ad networks, may use cross-device/cross-context tracking. For example, a Viewer might use multiple browsers on a single device, or use various devices (such as desktops, smartphones and tablets), which can result in the individual having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.
Aggregate Information. To the extent permitted by applicable law, we may use, process, transfer and store any data about Viewers and Customers in a non-personal, aggregated manner. We may combine personal information with other information, collected online and offline, including information from third-party sources. We may also use information in other ways with consent or as otherwise permitted by applicable law. By using Brightcove Services, our Customers agree that we may collect, use, share and store non-personal, aggregated data collected through Brightcove Services for benchmarking, analytics, metrics, research, reporting, machine learning and other legitimate business purposes.
Automated Decisions. To the extent permitted by applicable law, we may collect data in an automated manner and make automated decisions, including using machine-learning algorithms, about Viewers and Customers in order to provide and/or optimize Brightcove Services, for security or analytics purposes and for any other lawful purpose.
European Residents: If you are a resident of the European Union (the “EU”), the European Economic Area or Switzerland or the United Kingdom, please see our Notice for Certain European Residents and our Privacy Shield below.
In some of the countries to which we transfer personal data, like the United States, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those of your country. The United States data protection framework is comprised of state laws and sector-specific regulations based on entity type - like banks or credit bureaus - or the information type - like financial information or electronic medical records. As such, not all information at the state level is treated similarly.
No matter where your personal information is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal information. These steps may include implementing encryption when the information is outside of our networks and during transfer, standard contractual clauses where recognized by law, obtaining your consent for that purpose or relying on other lawful means of transferring personal information and restricting or limiting access to that information. By using the Website, you consent to this transfer.
Opt-Out. If you no longer wish to receive marketing-related communications from us, you may opt out by following the “unsubscribe” instructions in the latest such message received or by contacting us at firstname.lastname@example.org. Customers may not opt out of certain communications, such as those necessary to keep Customers aware of Brightcove Service status and service issues.
Retention Period. To the extent permitted by applicable law, we may retain information for as long as the account of the Customer for whom we collected the information is active, or as long as is reasonably necessary to provide Brightcove Services, or as needed for other lawful purposes. We may retain cached or archived copies of information. We may retain non-personal, aggregated data indefinitely, to the extent permitted under applicable law. We also will retain information as long as reasonably necessary to comply with our contractual and/or legal obligations, to resolve disputes, and to enforce our agreements.
Accuracy of Information. Accuracy of data is very important to us. Customers should ensure that any information provided to us is up-to-date and Customers may correct information by either logging into their Customer account or by contacting Brightcove’s customer support team. In certain situations, Customers may need assistance from customer support in making a change. We will respond to requests to make changes to Customer records as soon as reasonably practicable. We may require Customer representatives to prove their identity before granting access to, or agreeing to update, correct or delete personal information belonging to Customers.
You may request access to, or correction or deletion of personal information, by contacting us at email@example.com. We will attempt to answer all requests that we correct inaccurate personal information or delete personal information, unless we are required to retain it by law or for legitimate business purposes.
“Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Our lawful bases for the Processing of Personal Data are: (i) consent and/or (ii) any other applicable legal bases, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of Brightcove Services, preventing fraud, ensuring information and network security, direct marketing and advertising and complying with industry practices.
Additional Rights for European Residents. As a resident of the EU or a country following substantially-similar legislation regarding the protection of personal data, you may have one or more of the following additional rights available to you:
To exercise any of the above-listed rights (with the exception of the right to lodge a complaint with a DPA, which you may do directly to a DPA), please contact us at firstname.lastname@example.org. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify your identity before processing your request. Certain information may be reviewed, corrected and updated by logging into your Brightcove Service account and editing the profile information.
If Brightcove receives a request from a Viewer, we may refer the request to the Customer and support the Customer in responding to the request.
Compelled Disclosures. Brightcove may be required to disclose Personal Data in response to lawful requests by public authorities, including disclosures necessary to meet national security or law enforcement requirements, or pursuant to judicial orders.
Given the judgment of the Court of Justice of the European Union dated 16 July 2020 which invalidated the adequacy of the Privacy Shield Framework, we are increasingly relying on the European Commission Standard Contractual Clauses as a transfer compliance mechanism. We also continue to process relevant Personal Data in line with our obligations under the Privacy Shield Framework. For further information, please see our Privacy Shield Notice below.
Canadian residents may have additional rights under Canadian law. Please see the information provided by the Office of the Privacy Commissioner of Canada for additional details.
EU-U.S. and Swiss-U.S. Privacy Shield Notice. We have certified our compliance with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield (collectively, the “Privacy Shield Framework”) with respect to the Personal Data of users of Brightcove Services who are residents of the European Union (“EU”), European Economic Area (“EEA”), the United Kingdom, and Switzerland that we receive and process through Brightcove Services. We certify that we adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access and enforcement (hereinafter, “Privacy Shield Principles”) for personal data of Viewers and Customers in participating European countries. We are responsible for the processing of personal data we receive under the Privacy Shield Framework and subsequently transfer to a third party agent, and may be liable for onward transfers in violation of the Privacy Shield Principles. Click the link to view our certification. We may also process Personal Data relating to individuals in Europe via other compliance mechanisms, including use of the European Commission Standard Contractual Clauses.
Questions and Complaints. If you are a resident of a country participating in the Privacy Shield Framework, you may direct any questions or complaints concerning our Privacy Shield compliance to our Privacy Shield and Data Protection Contact listed below. We will work with you to resolve your issue.
If you have not received timely response to your concern relating to data processed under the Privacy Shield Framework, or we have not addressed your concern satisfactorily, you may contact our U.S.-based dispute resolution provider, at no cost to you, at https://feedback-form.truste.com/watchdog/request. If neither Brightcove nor our independent dispute resolution provider resolves your complaint, you may use the right to invoke binding arbitration through the Privacy Shield Panel. However, prior to initiating such arbitration, a resident of a country participating in the Privacy Shield Framework must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from our designated independent dispute resolution provider and (3) contact the U.S. Department of Commerce (either directly or through a European DPA) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
U.S. Federal Trade Commission Enforcement. Brightcove’s commitments under the Privacy Shield Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Privacy Shield and Data Protection Contact. Your Privacy Shield and Data Protection Contact for the Personal Data that we Process in connection with Brightcove Services is:
Attn: Chief Privacy Officer
281 Summer Street
Boston, MA 02210
Phone: +1 617 500 4947
Please include sufficient information so we can understand and respond to your specific question.
The security of personal information that Brightcove collects while operating the Brightcove Service is of great importance to Brightcove. We use organizational, technical and administrative measures to protect personal information under our control. No data transmission over the Internet or data storage system, however, can be guaranteed to be 100% secure. If you have any questions about the security of your personal information, you can contact us at email@example.com.
Attn: Privacy Team
281 Summer Street
Boston, MA 02210
Please be sure to include sufficient information so we can understand and respond to your specific question or request.