Introduction: Who We Are and Why We Collect Your Information
Wistia, Inc. (“Wistia,” “we,” “us,” “our”) knows that our users (“you,” “your”) create and manage marketing content, video series, and other educational and creative content. Our products permit our customers (“Customers”) to create and distribute videos, audio recordings, and other media (collectively, the “Media”) while also measuring viewer and user engagement with that Media (all such individuals that view and use the Media, the “Users”).
We care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy. By visiting or using the various websites owned and operated by Wistia under the wistia.com domain, including, without limitation, the https://wistia.com/ website (each, a “Website, and collectively, the “Websites”), accessing, listening to, or viewing Media hosted by Wistia and/or accessing or using any other functionalities, features, content, applications or services offered from time to time by Wistia in connection with the Websites or Media (collectively, the “Services”) in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent to our collection, use, and sharing of your information in the following ways.
I. What Does This Privacy Policy Cover?
This Privacy Policy covers our treatment of (1) personally identifiable information, as defined by numerous statutes in the United States (such statutes, the “PII Laws”), (2) information protected by the California Consumer Privacy Act (“CCPA”)and the California Privacy Rights Act (“CPRA”) amendments, and the California Online Privacy Protection Act (“CalOPPA”), (3) the Colorado Privacy Act (“CPA”), (4) the Connecticut Personal Data Privacy Act (“CTDPA”); (5) the Montana Consumer Data Privacy Act (“MCDPA”); (6) the Oregon Consumer Privacy Act (“OCPA”); (7) the Texas Data Privacy and Security Act (“TDPA”); (8) Virginia Consumer Data Protection Act (“VCDP”), and (9) Utah Consumer Privacy Act (“UCPA”); (10) personal data, as defined by the European Union General Data Protection Regulation (“GDPR”), (11) the Switzerland Data Protection Act (“DPA”), and (12) the UK General Data Protection Agreement (“UK GDPR”); and (13) personal information, as defined by Canada’s Personal Information Protection and Electronics Documents Act (“PIPEDA,” and collectively with the PII Laws, CCPA, CalOPPA, the SHIELD Act, and GDPR, the “Privacy Laws”) (collectively, “Personal Information”), which we gather when you are accessing, viewing or using any of our Websites, Media and/or Services.
This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage. For our treatment of the Personal Information of students under the age of 16 (each such student, a “Student,” and collectively, “Students”) collected while providing the Services to public schools, charter schools, private schools, and other entities providing educational or tutoring services (collectively, “Schools” and each individually, “School”) providing such services to Students, please see Section X below and our Schools & Students Privacy Policy Addendum.
II. What Information Does Wistia Collect?
Wistia does not collect Personal Information indiscriminately. We limit the type of Personal Information and the amount of Personal Information to what is necessary to fulfill the purposes identified in this Privacy Policy. With that in mind, we collect the following types of information:
A. Information You Provide to Us
We may collect Personal Information from you when you visit any of our Websites, register for or subscribe to any Media or Services, contact us with questions or concerns, and/or otherwise interact with the Websites, Media, or Services. For example, when you register for our Services, we may collect your name, phone number, user name, and e-mail address in combination with a password or security question to access the Services, and your payment information. Similarly, you may provide information to your user profile or upload video, audio recordings, images, or other content to a Website. Where Users or Customers provide video, audio recordings, images, or other Personal Information of one or more individuals, we rely on that User or Customer to obtain the explicit consent of those individuals. You can choose not to provide us with certain information, although that may affect the functionality of the Services.
A.1 Google User Data
From time to time, Customers may import and upload Media to the Website or Services directly from the Google drive. While we permit this, we want you to understand that when you provide any such Media to the Website or Services, we may gain access to, collect, and process certain data associated with that Media. This includes but is not limited to: (1) Contents of the Media, such as the actual contents of the uploaded Media including its audio and visual components; (2) Metadata, such as the technical specifications (file format, resolution, size, device used to capture the Media, and software or application used to create the Media, etc.), descriptive elements (title, file name, and keywords, etc.), administrative information (author name or username, copyright information, and the date and time the Media was uploaded or created, etc.), and usage metrics (views, interactions, and user engagement, etc.); and (3) Connected Data, which may include any other data directly or indirectly related to the imported or uploaded Media. Please note that any data collected by us pursuant to this clause will be processed, stored, used, and shared in the same manner and for the same purposes as other information that is subject to this Privacy Policy.
Google’s use and processing of Personal Information is governed by the Google Privacy Policy, available at:
https://policies.google.com/privacy?hl=en-US
B. Information Collected Automatically
Whenever you interact with any of our Websites or Media, we automatically receive and record information on our server logs from your browser including data related to Media viewing, listening to, or accessing (including when you stop and start Media, how many and which Media of a particular Customer you watched, and how many times you watched, listened to, or accessed particular Media), data related to use of Services, IP address, device, “cookie” information, and the page you requested.
An “IP address” is a number assigned to a computer by an Internet service provider “ISP” to access the Internet. In most consumer cases, an IP address is dynamic (changing each time connect to the Internet), not static (unique to a particular user’s computer).
“Cookies” are small text files placed to your computer or mobile device to recognize your browser or mobile device and customize the look and feel of a website for you. Cookies remember information about you, your preferences, and your device for a better user experience. Wistia does not collect any information about you, your preferences or your device using Cookies. If you click on a link to a third party website, such third party may transmit cookies to you. This Privacy Policy does not cover the use of cookies by any third parties.
C. E-mail and Other Communications
We may contact you, by email or other means; for example, we may communicate with you about your use of any of the Websites. When we do this, we may receive a confirmation when you open an email from us. This confirmation helps us make emails more interesting and improve our service.
If you do not want to receive email or other mail from us, please indicate your preference by visiting our email preference page. Please note that if you do not want to receive legal notices from us, those legal notices will still govern your use of the Websites, and you are responsible for reviewing such legal notices for changes.
D. Information Purchased from Third Parties
Wistia may purchase from third parties, like Clearbit, Personal Information about Users who provide their email address or register for the Services, using the Personal Information those Users provide as the basis to obtain further Personal Information. This information may include names, titles, companies, and firmographic information. Wistia may retain YouTube API Services to provide aggregate, statistical information about the access to, views of, and use of Media that Customers post to YouTube. Personal Information generated automatically by your access to, views of, and use of Media may be aggregated and included in that statistical information.
E. Special Categories of Personal Information
In certain situations, Users may provide information to user profile or upload video, audio recordings, images, or other contact to a Website that may reveal certain limited types of Personal Information that is of a sensitive nature (Sensitive Personal Information), including information about the following: (1) Personal Information revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, or trade union membership, (2) data concerning health, and data concerning a natural person’s sex life or sexual orientation. (3) financial information, and your geographic location. In such cases, we may process Sensitive Personal Information to provide Services to Users who provided such information. For purposes of this Privacy Policy, Sensitive Personal Information is considered to be a special category of Personal Information.
Where we collect and use such information as a controller (as defined in the GDPR), we will provide you with a form explaining the collection of such Personal Information and requesting your explicit consent. Where we collect and use such information as a processor (as defined in the GDPR), we rely on the controller to obtain your explicit consent.
F. Sensitive Personal Information
Wistia may collect Sensitive Personal Information, as defined under the CPRA and PIPEDA, in the form of your financial information, messages sent via the Services, and your geographic location.
G. Personal Information Wistia Has Collected in the Last 12 Months
Wistia has collected the following categories of Personal Information in the 12 months immediately preceding the Effective Date of this Privacy Policy, listed at the bottom of this document: names; contact information; payment information; IP addresses; geographic location (inferred from IP addresses, as described in Section III below); browser information; device information; information related to the use of the Websites, Media, and Services; email confirmations; user name or e-mail address in combination with a password that would permit access to the Services; the content of communications; user profile information and submissions; job titles; employers; and firmographic information. Please see the other portions of Section II above for an explanation of the categories of sources from which we collect the information described in the previous sentence. The business purposes of this information are described in Section III below. The categories of third parties we share this information with are described in Section IV.
III. What Does Wistia Do With Personal Information?
A. Use of Personal Information
Wistia uses all categories of Personal Information listed above for any and all legal and legitimate businesses purposes, including:
- To personalize and improve our Services, to administer and improve our Media and Websites;
- To allow Users to set up their user accounts and profiles;
- To communicate with Users and fulfill your requests for certain products and services;
- To understand how Users utilize the Websites; Media, and Services
- To protect user accounts with user names or e-mail addresses in combination with passwords;
- To process payments to Wistia;
- To infer your geographic location;
- To operate, maintain, develop, and grow Wistia.
At times, we may anonymize your Personal Information so that you cannot be individually identified, and provide that information to our partners. For example, if you have provided your email address or other Personal Information while accessing Media, we may anonymize that Personal Information when providing Media usage information to our partners.
When we collect IP addresses, geographic location, browser information, device information, information related to the use of the Websites, Media, and Services, we may also use such information in two ways.
- First, we may use such information in aggregate form (including the aggregate statistical information obtained from YouTube API Services), and not in a manner that would identify you personally. For example, this aggregate information tells us how often Users use parts of a Website, so that we can make such Website appealing to as many Users as possible.
- We may also provide this aggregate information (including the aggregate statistical information obtained from YouTube API Services) to our partners; our partners may use such information to understand how often and in what ways people use our Websites, so that they, too, can provide you with an optimal experience. In addition, we may also provide Customers with the information listed above so that they may (i) assess, improve, and develop the Media that they make available through the Websites and Services, and (ii) use their Media to maintain and grow their organizations. Such information may include how many and which Media of a particular Customer was watched by a particular user, from where particular Media was watched, listened to, or accessed by a particular user and how many times particular Media was watched, listened to, or accessed by a particular user.
B. Storage of Personal Information
We store and process all electronic Personal Information that we collect in the United States.
V. What Is Wistia’s Legal Basis for Collecting and Using Your Personal Information?
As relevant, Wistia collects and uses your Personal Information (1) pursuant to your informed consent, which you have granted by confirming the prompts produced by the Websites and by continuing to use the Websites, Media, and Services, consistent with the Privacy Policy and Wistia’s terms of use, (2) in order to pursue Wistia’s legitimate business interests in hosting the Media, providing the Services, and maintaining the Websites, and/or (3) in order to perform a contract to which you are a party. Any one or more of the bases in the previous sentence are the legal basis for Wistia’s collection and use of your Personal Information, depending on how your use of the Websites, Media, and Services, and your relationship with Wistia.
Where individuals appear in Media, Wistia relies on the Media creators to obtain the necessary legal basis for the collection and use of those individuals’ Personal Information.
VI. How Long Does Wistia Retain Your Personal Information?
Except upon the request of an individual, as explained in Section VII below, and except as the law permits and requires, Wistia maintains Personal Information as follows:
A. Logs of unknown users of the Websites are retained for 30 days before deletion.
B. Logs of known users of the Websites are retained while Wistia has reason to believe that particular user may return to use the Websites.
C. Emails submitted and used for marketing are retained while Wistia pursues relevant marketing efforts.
D. Media is hosted and stored for the life of the relevant Customer account, plus up to three years.
Other than as listed above, we will determine the retention period for Personal Information based on the following criteria:
- The nature of our relationship with the relevant Customer;
- The existence of other ongoing or expected projects with the relevant Customer;
- The nature of the Personal Information in question; and
- Our business needs.
VII. What Are Users’ Rights to Control Their Personal Information?
Except where permitted or required by Privacy Laws, you have the following rights regarding Wistia’s collection and use of your Personal Information.
A. Requests to Wistia
You may request the following from Wistia with respect to your Personal Information:
- The correction and updating of your Personal Information;
- The restriction and deletion of select portions of your Personal Information or all Personal Information;
- The categories of Personal Information Wistia has collected about you;
- The categories of sources from which Wistia has collected your Personal Information;
- The expected period for which the Personal Information will be stored, or, if not possible, the criteria used to determine the retention period;
- The business or commercial purpose(s) for collecting, sharing, and disclosing your Personal Information;
- An account of how Wistia has used or is using your Personal Information;
- A copy of your Personal Information retained by Wistia, to be delivered in a structured, commonly used and machine readable format to review or to transfer or transmit to another entity without hindrance, to the extent that that is technically feasible;
- The categories of third parties with whom Wistia shares your Personal Information;
- The categories of your Personal Information that we have shared with third parties, including customers, and the categories of third parties to which we have shared each particular category of Personal Information;
- The Personal Information Wistia collects, uses, discloses, and sells;
- A list of all third parties that have received your Personal Information from Wistia; and
- The specific pieces of Personal Information Wistia has collected about you.
If you request that your Personal Information be erased or deleted or that Wistia otherwise restrict its collection and use of Personal Information, Wistia may not being to avoid terminating or limiting your access to the Websites, Media, and Services.
If Wistia has not collected or used your Personal Information, or has not disclosed your Personal Information to another party, Wistia will inform you of that in response to any of the above requests.
Some information may remain in Wistia’s backup media after erasure or deletion for a period of time. When you request that Wistia update information, Wistia may retain a copy of the unrevised information in Wistia’s records. Wistia also may use any anonymized aggregated statistical data derived from or incorporating Personal Information after it is updated, erased, or deleted, but not in a manner that would identify you.
We will confirm receipt of all such Personal Information requests and provide information about how Wistia will process the request within 10 days of receipt. We will substantively respond to all such requests within 30 days, subject to lawful extension of that period, and there may be a delay in processing a request while we verify that the request is valid and originates from you as opposed to an unauthorized third party.
Our verification process varies based on the source and nature of the request, but may include: comparing data in the request against Personal Information we retain; contacting you using other contact information; requesting further information, although we will avoid doing so to the extent possible; and the consideration of certain factors, including the type, sensitivity, and value of your Personal Information, the risk of harm to you posed by an unauthorized request, the likelihood that fraudulent or malicious actors would seek your Personal Information, the manner in which we interact with you, the available technology, and whether the information you have provided to verify your identity is sufficiently robust to protect against fraudulent requests. To the extent permitted by the Privacy Laws, Wistia retains the right to deny any request if we cannot verify that it originated from you.
Wistia retains records of all of the above requests and our responses for 24 months, unless otherwise prohibited by the Privacy Laws.
With regard to the right to be forgotten online, Wistia will take reasonable steps to inform our Third Parties of your request. In order to make any of the requests above,
or by contacting us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
- All other of the above requests may be made by contacting us at the following link:
https://wistia.com/data-request
Or by sending requests to:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
When you update information, we may maintain a copy of the unrevised information in our records. Please note that some information may remain in our private records after your deletion of such information from your account. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.
B. YouTube API Services
If you create and log into a Wistia account using a username or email and password combination, you can revoke Wistia’s access to the information Wistia obtains from YouTube API Services that is derived from your use of the Services and access to Media. You may exercise this right at the Google security settings page, https://security.google.com/settings/security/permissions.
C. Withdrawal of Consent
You may withdraw your consent at any time by visiting our Privacy & Data Requests page at https://wistia.com/data-request or by contacting us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
Please be aware that such withdrawal does not affect the lawfulness of Wistia’s use of your Personal Information before such withdrawal. If your consent is withdrawn, Wistia may not being to avoid terminating or limiting your access to the Websites, Media, and Services.
D. “Do Not Sell or Share My Personal Information”
Wistia does not sell Personal Information as the CCPA (as amended under the CPRA) defines “sell,” but your Personal Information is shared as described in Section IV above. You may opt out of Wistia’s disclosure and sharing of your Personal Information to Customers and other Third Parties by visiting our Privacy & Data Requests page at https://wistia.com/data-request or by contacting us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
We will act upon any request to opt out of all sales of your Personal Information within 15 days of receiving your request. We will notify all Customers to whom we have disclosed your Personal Information of your request within 90 days of receiving your request and will inform you when we have done so. If you exercise your right to opt out of the disclosure of your Personal Information to Customers, Wistia will cease disclosing your Personal Information to Customers as of the date Wistia receives the form at the link above.
Wistia will not contact you about opting in to disclosing your Personal Information for at least 12 months following receipt of the form.
Please see Section VIII for an explanation how opting out of the disclosure of your Personal Information to Customers may affect service differences offered by Wistia.
E. “Limit the Use of My Sensitive Personal Information”
As described in Section II, we do not knowingly collect Sensitive Personal Information under any of the Privacy Laws, with the exception of messages sent via the Services, your geographic location, and certain financial information that may be collected during the payment process.
You may contact Wistia to request that Wistia limits its use of this Sensitive Personal Information at any time. Doing so may impact certain functions of the Services, including your ability to have ongoing subscriptions with us, allowing other Users to read your messages, and functions that are geographically-based.
To request that Wistia limit its use of your Sensitive Personal Information, please visit our Privacy & Data Requests page at https://wistia.com/data-request or contact us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
We will act upon any request to limit your Sensitive Personal Information within 15 days of receiving your request.
F. Authorized Agent
You may authorize an agent to take any of the acts permitted in this Section VII on your behalf. To do so, you must provide written and signed authority to the agent, and written and signed notice to Wistia that Wistia may act on such requests by that agent.
G. Requests Regarding Media
Wistia does not collect, process, use, disclose, share, or sell Personal Information from the Media created and distributed by our Customers, e.g., images, voice recordings, etc. If you have any questions regarding the Personal Information contained in particular Media, please contact the party that created or distributed that Media.
H. Object or Challenge
You may object to, or otherwise challenge, Wistia’s collection and use of your Personal Information by visiting our Privacy & Data Requests page at https://wistia.com/data-request or by contacting us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
Wistia will respond within 30 days. Where such objection is received from an individual whose Personal Information Wistia collects and uses as the processor for a controller (as those terms are defined in the GDPR), Wistia will inform the controller of the objection within 30 days.
I. Filing a Complaint
Regulatory authorities that oversee the Privacy Laws typically advise individuals to file an objection or challenge with the company before lodging a formal complaint with a regulatory authority. Please contact us as outlined in the Contact Information section of this Privacy Policy for any complaints and inquiries. We appreciate the opportunity to discuss and solve your complaint.
If you are dissatisfied with Wistia’s response or you wish to file a complaint with a regulatory authority first, please contact the appropriate agency below:
- CCPA/CPRA: California Attorney General
- PII Laws: the relevant states’ Attorney General’s office.
- CPA: Colorado Attorney General
- CTDPA: Connecticut Attorney General
- MCDPA: Montana Attorney General
- OCPA: Oregon Attorney General
- TDPA: Texas Attorney General
- UCPA: Utah Attorney General
- VCDPA: Virginia Attorney General
- GDPR: the supervisory authority in your European Union member state;
- SW DPA: Federal Data Protection and Information Commissioner (FDPIC)
- PIPEDA: Office of the Privacy Commissioner of Canada
- UK GDPR: Information Commissioner’s Office
J. Accessibility for Users with Disabilities
If you are unable to review this Privacy Policy or any portion of this Policy, please use the following information to contact us and request an alternative format.
Visit our Privacy & Data Requests page at https://wistia.com/data-request or by contact us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
K. Non-Discrimination
Wistia will not discriminate against you because you have exercised any of the rights above or any other rights you retain pursuant to Privacy Laws, including, but not limited to by:
- Denying goods or services to you;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Providing a different level or quality of goods or services to you; and
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Consistent with Privacy Laws, Wistia: (i) retains the right to charge you a different price or rate, or provide a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to Wistia by your Personal Information; (ii) may offer financial incentives, including payments to you as compensation, for the collection, disclosure, or deletion of your Personal Information; (iii) may enter you into a financial incentive program only if Wistia clearly describes the material terms of the financial incentive program, so long as you give Wistia prior opt-in consent, which you may revoke at any time; and (iv) shall not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature. Please see Section VIII for an explanation of Wistia’s service differences.
VIII. What Are Wistia’s Service Differences?
Wistia does not offer any financial incentives for providing your Personal Information. However, there are some service differences when users create an account and provide the necessary Personal Information to do so.
Although much Media and parts of the Services may be used and accessed without providing your Personal Information, other Media, portions of Media, and parts of the Services require users to create and log in to a Wistia account. In doing so, you will provide us with a user name or e-mail address and a password. In return we will permit access to Media and Services that are not viewable or accessible to anonymous users. By creating and logging into an account, you will provide your name and contact information, in addition to your username or email and password combination. Per the terms of this Privacy Policy, you will also permit Wistia to automatically collect, use, and share IP addresses, browser information, device information, and information related to the use of the Websites, Media, and Services. Wistia will also collect, use, and share any information you voluntarily provide in your communications to us, your user profile, and other user-generated submissions and content, consistent with the terms of this Privacy Policy.
Consistent with the CCPA, this service difference represents Wistia’s good-faith calculation of how one individual’s Personal Information increases the value of the data we provide to Customers, on average. We calculate this value in conjunction with Customers by comparing the utility of the data collected anonymously against the utility of the Personal Information collected from identified users.
Once you have opted in to this incentive program by creating an account, you may opt-out of this incentive program at any time by deleting your account and/or contacting us:
Visit our Privacy & Data Requests page at https://wistia.com/data-request or by contact us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
In light of the value Wistia derives from your Personal Information, if, after creating a Wistia account, you exercise your right to request that Wistia delete your Personal Information or to opt out of the sale of your Personal Information, you will not be able to access some Media and parts of the Services, as described above, because we will not be able to provide that Personal Information to our Customers. However, other requests to exercise your data privacy rights that do not affect Wistia’s ability to provide data to our Customers will not affect such access.
IX. Is Personal Information About Me Secure?
We employ appropriate administrative, organizational, technical, and physical measures to protect your Personal Information, which we regularly review and update as necessary.
Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
The Websites may contain links to other sites. We are not responsible for the privacy policies and/or practices on other sites. When following a link to another site you should read that site’s privacy policy.
X. Children’s Privacy
Except when providing the Services to Schools that provide educational and tutoring services to Students, we do not knowingly collect or solicit Personal Information from anyone under the age of 16 or knowingly allow such persons to register for the Services. For further information regarding our treatment of Personal Information of Students collected while providing the Services to please see our Schools & Students Privacy Policy Addendum. Otherwise, if you are under 16, please do not attempt to register for the Services or send any information about yourself to us, including your name, telephone number, or email address. No one under age 16 may provide any Personal Information to us or through the Services except when doing so as part of receiving educational or tutoring services from a School.
In the event that we learn that we have collected Personal Information from a child under age 16 without the involvement of a School or without verification of parental consent, we will delete that information as quickly as possible, except as provided below. If you believe that we might have any information from or about a child under age 16 who did not provide such information through a School’s use of the Services, please contact us:
Visit our Privacy & Data Requests page at https://wistia.com/data-request or by contact us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]
Except for Students’ Personal Information obtained while providing the Services to a School, upon request, we will provide a parent or guardian who has provided proper identification with the following: (1) a description of the specific types of Personal Information collected from the child, (2) the opportunity to refuse or permit Wistia’s further collection and use of Personal Information from the child, and (3) a reasonable means for the parent or guardian to obtain any Personal Information collected from the child. If a parent or guardian does not permit Wistia’s continued collection and use of a child’s Personal Information, Wistia will delete the child’s Personal Information and terminate the account of the child, as applicable.
XI. Contractual or Statutory Requirement
Except as noted in this Privacy Policy or in contractual documents, Wistia’s collection and use of Personal Information is not a contractual or statutory requirement or a requirement necessary to enter into a contract.
XII. Failure to Provide Personal Information
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features.
XIII. Automated Decision Making
Wistia does not rely on automated decision making, including profiling, and will not subject you to decisions based solely on automated processing which will produce legal effects concerning you or similarly significantly affecting you.
XIV. Data Privacy Framework
Wistia complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively, the “Data Privacy Framework”) with respect to Personal Information we process from the EEA, the UK or Switzerland and transfer to the United States. Wistia has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Information received from the European Union and the United Kingdom (and Gibraltar) in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Wistia has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/. The Federal Trade Commission has jurisdiction over Wistia’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
A. Liability for Onward Transfers
We remain responsible and liable for the Personal Information that we receive under the Data Privacy Framework and subsequently transfer or disclose to third parties for external processing on our behalf, as described in section IV of this Privacy Policy. Wistia shall remain liable under the DPF Principles if such third parties process Personal Information in a manner inconsistent with the DPF Principles, unless Wistia proves that it is not responsible for the event giving rise to the damage.
B. Compelled Disclosure
In certain situations, Wistia may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Wistia will notify you of any such requests unless prohibited by law.
C. Recourse Mechanism and Binding Arbitration
In compliance with the Data Privacy Framework, we commit to resolve DPF Principles-related complaints about our processing of Personal Information. EU, UK, and Swiss citizens with inquiries or complaints regarding our processing of Personal Information received in reliance on the Data Privacy Framework should first contact Wistia. In the event such complaints concerning our processing of Personal information received in reliance on the Data Privacy Framework remain unresolved, EU, UK, and Swiss citizens may refer such unresolved complaints to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information or to file a complaint. The services of BBB National Programs are provided at no cost to you.
In case your complaint indicates a violation of obligations under the DPF Principles and your complaint cannot be resolved directly with Wistia, or through the independent dispute resolution mechanism, you may have the right to invoke binding arbitration under certain circumstances. For additional information on this option, please see Annex I of the Data Privacy Framework.
D. Periodic Review and Verification
Wistia will renew its Data Privacy Framework certification annually, unless we subsequently determine that we no longer need such certification or employ a different adequacy mechanism. Prior to such re-certification, Wistia will conduct a self-assessment to ensure that our attestations and assertions with regard to processing of Personal Information is accurate and that Wistia has appropriately implemented these practices.
XV. Changes to this Privacy Policy
We may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we use Personal Information, we will notify you by posting an announcement on our Website or sending you an email. You are bound by any changes to the Privacy Policy when you use the Website or the Services after such changes have been first posted.
XVI. Questions or Concerns; Contact Information
If you have any questions or concerns regarding our privacy policies, please contact our data protection officer by sending detailed message to [email protected]. Alternatively, you may contact us by postal service as follows. We will make every effort to resolve your concerns.
Visit our Privacy & Data Requests page at https://wistia.com/data-request or by contact us at:
Attention: Data Protection Office\ Wistia, Inc.\ 120 Brookline Street\ Cambridge, Massachusetts, 02139 USA\ (888) 494–7842\ [email protected]