OneMeeting Privacy Policy

Last Updated: March 19, 2024

Overview

Your information will be held by Granicus, LLC ("Granicus"). At OneMeeting ("OneMeeting", "Granicus", or "We"), which is a division of Granicus (previously known as PrimeGov), our focus is to provide government organizations with the tools and services to help facilitate their legislative processes and promote transparency for their constituents. While OneMeeting solutions are primarily designed as a "data processor" for our clients (meaning that we process data as it is received from the user, without manipulation or change), it's important that you understand what information we store and preserve to ensure your successful use of our software.

This page is intended to inform users of our policies regarding the collection, use, and disclosure of user information. Information that is collected within OneMeeting is used for solution functionality and improvement and will be used only in accordance with this privacy statement. For other Granicus Products and modules, please refer to https://granicus.com/privacy-policy/

We will process your personal data in a transparent and lawful way. Any information collected will not be shared-internally or externally-unless noted in this Privacy Policy. Granicus complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Granicus has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Granicus entities which adhere to this Privacy Notice and the DPF Principles are Granicus, LLC, including all U.S. entities and U.S. subsidiaries using the brand name Granicus.

Changes to This Privacy Policy

OneMeeting reserves the right to update this Privacy Policy from time to time. If we do so, we will post the updated policy on our site and will indicate when the Privacy Policy was last revised. If we make material changes, we will provide you with additional notice. You should periodically review our current Privacy Policy to stay informed of our personal data practices.

Contat Us

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Granicus commits to resolve DPF Principles-related complaints about our collection and use of your personal information. If you have questions about this statement or if you would like to exercise any rights you may have in relation to your personal data, please contact us at [email protected]. If you have additional questions or need to escalate an issue, use the below details to contact our Data Protection Officer (DPO):

Full name of legal entity: Granicus, LLC
Email Address: [email protected]
Postal Address: 1152 15th Street NW, Suite 800 Washington, DC 20005, USA
Telephone number: 01 651 400 8730

Information Collection and Use

For the use of OneMeeting solutions, we may require you to provide personally identifiable information such as first name, last name, email and password. All passwords are salted and hashed and are not accessible by systems or by staff. Additional personal information can be included at your discretion, but it is not required by OneMeeting. All user data in OneMeeting is encrypted and stored in customer-specific databases hosted by Microsoft Azure.

We will only use your personal data for the uses and purposes set out in this policy unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform our obligations under the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

We will not use your personal data for decisions based solely on automated processing.

We do not buy and sell your personal data.

Log Data

OneMeeting collects information that your browser sends to us called "log data." Log data may include information such as your computer's Internet Protocol ("IP") address, your browser version, the pages you visit within OneMeeting, the time and date of your visit, and other use statistics. The intent and purpose of preserving log data is to better support and improve our clients' experience within OneMeeting. Your information is not shared-internally or externally-for anything other than this primary purpose.

Service Providers

Clients leveraging OneMeeting's streaming solution are required to authenticate their YouTube channel(s) with their OneMeeting solution. This authentication allows for direct access of your video content within your channels and allows OneMeeting and approved third-party applications within OneMeeting to transmit live and recorded meeting content directly to your publicly accessible channels. Authentication is done through the application with prompts requesting email and password information for your YouTube channel(s). OneMeeting preserves the encrypted login/user information and stores an access token as part of the authentication. As the administering user of the OneMeeting solution, you perform the authentication and it can be updated at your discretion.

OneMeeting's YouTube API Client uses YouTube API Services to create, delete, and upload videos. OneMeeting stores client YouTube access token, YouTube refresh token, YouTube username (encrypted), YouTube password (encrypted), and the YouTube token expiration date in our database, stored within the Microsoft Azure Cloud. The username and password are used to login and provide consent to allow our API Client to create, delete, and upload videos to our customers YouTube channel. The expiration date allows us know when to refresh the access token, with the refresh token used to obtain a new access token. The access token grants us the ability to make the appropriate API calls to create video events, upload videos, and remove videos when a customer deletes a meeting or needs to re-associate a meeting with a different YouTube video.

OneMeeting's access to client YouTube channels can be revoked either by (1) deleting YouTube credentials from the OneMeeting application, removing all associated YouTube data from the OneMeeting database or (2) by removing OneMeeting's third party access from their Google Security Settings page.

  • YouTube's Terms of Service: You acknowledge and accept the YouTube Terms of Service provided by Google. These terms govern your use of the YouTube website, products, software, data feeds, and services.
  • Google Privacy Policy: You also agree to Google's Privacy Policy, which outlines how we collect, use, and protect your information. This Privacy Policy explains what data we collect, why we collect it, and how you can manage your information.

Security

OneMeeting is committed to the safety and security of your information. All our solutions follow a stringent policy of accessibility of your information by ensuring access to your applications are always done through a secure connection. As the data processor, our goal is to provide the vehicle to manage your data in a secure and accessible way, until that information is ready to be made public to your constituents.

OneMeeting's YouTube API Client will access the client's YouTube data, including the Username, Password, Refresh Token, and Access Token, to facilitate the creation of video events and the upload/streaming of YouTube videos. We securely store the Username, Password, Refresh Token, and Access Token in an Azure SQL Server database. Importantly, We do not use or collect any other information related to the client's YouTube data. Additionally, We strictly prohibit any third parties from accessing this information. Furthermore, We do not send or store any of the client's YouTube data in cookies or on user machines, devices, or browsers. Lastly, We refrain from using or storing any YouTube Reporting, YouTube Analytics, or other YouTube statistics from the client.

Cookies

Cookies are files with a small amount of data that is commonly used as an anonymous, unique identifier. These are sent to your browser from the OneMeeting website that you visit and are stored on your computer's hard drive.

OneMeeting's website uses cookies to collect information to improve our service. You have the option to either accept or refuse cookies within our website.

Data Retention

How long we retain your data depends on the type of data and the purpose for which we process your data. Your data will not be retained for a period longer than necessary for the purpose for which we have processed your data, plus any statutory period during which we need to retain the data to resolve any legal claims. In many cases, this means that your data will be retained for the duration of our contract with our client, plus any legal statutory period. Information retained during the legal statutory period will be minimized to only the data strictly necessary to resolve any legal claims that may arise.

However, it may not always be possible to completely remove or delete all your personal data from our databases without some residual data because of backups and other reasons.

To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data, whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Rights

To exercise any of the following rights, please contact [email protected]. Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction or completion of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request the portability of your data to another provider (only where we are relying on consent or contractual necessity).
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data only where we no longer have good reason for us continuing to process it.
  • Request objection to processing of your personal data. This enables you to object to processing of your personal data where we are relying on a legitimate interest.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Withdraw your consent to the processing of certain personal data (only where you have previously provided consent).
  • Make a complaint. You have the right to make a complaint at any time to the relevant local, national or industry privacy regulator.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We will not discriminate against you for exercising any of your rights under applicable law (such as GDPR, CCPA etc.). Unless permitted by the applicable laws, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.