Product privacy statement

LRC-TE-0046 V15 December 2020

I. General information

Your privacy is important to us. This privacy statement explains what data Barco NV and its subsidiaries may collect from you, through our products, and how we use that data (“Product Privacy Statement”). Barco NV is a public limited liability company incorporated under Belgian law, with registered office at President Kennedypark 35, 8500 Kortrijk, Belgium (“Barco”).

This Product Privacy Statement can be modified, e.g. as a result of new functionalities of the Barco products. We thus advise you to check this Product Privacy Statement regularly. Any major changes will be announced via our homepage (https://www.barco.com/en/about-barco/legal/privacy-policy/change-history).

1. When does this Product Privacy Statement apply?

Barco offers a wide range of products from projectors, display systems, medical devices, wireless presentation systems, video walls, services, and software. References to Barco products in this Privacy Statement include hardware, software and services. This Privacy Statement applies to processing of personal data through Barco Products.

The Product Privacy Statement consists of two parts. In a first general part we explain general information which is applicable to almost any Barco product. Further, in the product-specific sections below we describe our data collection practices applicable to specific Barco products. In case of contradictions between the general privacy information of Barco and the information in a product-specific section, the information in the product-specific section will take precedence.

This Product Privacy Statement does not apply to other processing activities by Barco which are not related to Barco products. In such cases the general Privacy Policy available on our website will apply.

2. Who is responsible for the processing of your personal data?

Barco products are intended for use by organizations (“end users”) and are administered and controlled by these end users.

When your organization, as an end user, is using a Barco product, your organization is responsible for the processing of these data through the Barco product and is hence the data controller. This means that your organization determines for what purposes and with what means the data are processed. If you as a data subject wish to exercise your rights as described under the last section of this Product Privacy Statement, you will have to address the end user in the first place. In this case Barco will not have the right to directly assist you.

BARCO ACTING AS A PROCESSOR – For some products, Barco processes personal data on behalf of end users; in those cases Barco acts as a processor, e.g. when Barco is managing the hosting environment of the Barco product. In that respect, Barco has created a so-called “Data Processing Addendum” that includes all the terms and conditions applicable to the processing of such personal data by Barco as data processor with the aim to ensure that the Parties comply with the applicable data protection laws.

BARCO ACTING AS A CONTROLLER - In addition to the above, Barco also processes personal data on its own initiative for the purposes explained below, without receiving instructions from the end user. With regard to these processing activities, Barco itself is responsible for processing, and therefore data controller next to the processing activities by the end user. Barco only processes the personal data related to the provision of products and services in limited cases; all these cases are explained in this Product Privacy Statement.

Barco has appointed a Data Protection Officer (DPO) who will be your point of contact for any questions regarding this Product Privacy Statement. The contact details of the DPO can be found under point 8 of the general part of this Product Privacy Statement.

3. Which data may Barco process about you?

The data Barco collects as a data controller depends on the context of interactions with Barco, the choices you make, including your privacy settings and the Barco products you use.

We collect data in two ways:

i) Information provided by you

  • Contact data: when you contact Barco to activate your Barco product or for customer support or when you provide information to us, we collect your first and last name, email address, telephone number, address details (street, number, zip code, city, country), your position, your correspondence with Barco, other personal and/or contact details.
  • Login data: when you login to use a Barco service or product, we collect your user name, your email address and your IP address.
  • Support data: when you engage Barco for support and maintenance, we collect data about you and your Barco product, telephone conversations or chat sessions, any problems you experience with them and other details related to an error, incident or defective product. Depending on your product and settings, error reports can include data such as the type or severity of the problem, details of the software or hardware related to an error, contact or authentication data, log files, usernames, the content of your communications with Barco, data about the condition of the Barco product when the fault occurred and during diagnostics, and system and registry data about hardware configurations and software installations.
  • Feedback data: when you provide feedback, product reviews or service reviews, we collect the content of your feedback and review, as well as your contact details.

ii) Automatically obtained information

  • Product usage data: data about usage of the Barco products, data about the used features, the selected settings, the software configurations and performance data which helps us to diagnose problems in the products, and to improve our products and provide solutions.
  • Device, connectivity and configuration data such as hardware model, operating system version, unique device identifiers like IP address, MAC address, device certificate, …

4. For what purposes does Barco process the data?

This section generally explains how Barco uses personal data as a controller in a specific case. More detailed information with regard to the purposes of processing and the categories of personal data can be found in the product-specific sections of this statement.

a) In order to register a Barco product or to activate a license of a Barco product

We use contact data during product registration and license activation for a Barco product through www.activate.Barco.com. Following products require product registration through www.activate.Barco.com: projectors (UDX and UDM), Video walls (UniSee, LCD video walls, RPC video walls), XMS Edge and UniSee present for Windows (UPW). Following Barco products require license activation through www.activate.barco.com: Nexxis, Overture and Enterprise Virtual Matrix (EVM).

For this purpose we may process data such as contact data, unique device identifiers, device data and installation location.

These data are processed on the basis of the performance of a contract.

b) In order to support the Barco products

We use data to diagnose product defects, to repair Barco products and use contact data to provide maintenance and support services. We may contact you by telephone or email to inform you when warranty services end, your license expires, when a Barco product becomes end of life or end of service, when security updates are available, update you or inquire about a service or repair request.

For this purpose we may process data such as contact data, support data, product usage data and device, connectivity and configuration data.

Depending on the individual case, these data are processed on the basis of the performance of a contract or Barco’s legitimate interest in informing you about the Barco Products, Barco’s product and service lifecycle management and the provision of Barco services in relation to the Barco product.

c) In order to improve and secure the Barco Products

We use data to analyse and report on the performance of the Barco products and to continually improve the Barco products, including adding new features or capabilities. For example, we use error reports to improve our products and usage data to determine what new features to prioritize. We use data to protect the security and safety of the Barco products and our customers, to detect and prevent fraud, to confirm the validity of software licenses.

Depending on the individual case, these data are processed on the basis of the performance of a contract or Barco’s legitimate business interests such as, without being limited to improving and securing the Barco products, systems and services and conducting research and development.

5. Who has access to the data?

Barco is selective in the parties to whom it discloses data and chooses them carefully. In all cases, we will ensure that sufficient safeguards for the protection and confidentiality of the data are in place.

Barco can share the data with other companies of the Barco group e.g. for the provision of technical support, for research and development purposes.

In addition, Barco may share the personal data with third parties to perform certain (processing) activities or for Business Purposes under the California Consumer Privacy Act (CCPA):

  • cloud service providers to perform certain (processing) activities;
  • business partners who provide customer installation and service support;
  • IT service providers that provide technical support;
  • business partners who assist us in protecting and securing the Barco products and systems
  • attorneys and external advisors: in certain cases Barco may transfer your personal data to attorneys and external advisors if this is necessary to give us advice or to defend our rights;
  • supervisory authorities in case of a lawful request;
  • possible acquirers of the whole or part of Barco in the event that (a part of) our activities would be taken over by a third party.

Personal information is not sold by Barco within the meaning of the CCPA.

Personal data are not provided to other parties, unless this should be required by law or a court order.

In order to provide the services as explained in this Product Privacy Statement, personal data may be sent to parties outside the European Economic Area (EEA) or the sharing of your data with a third party. If you have any questions or would like more information about the transfer of your personal data outside the EEA, you can send an email to dataprotection@barco.com.

6. How long do we keep the data?

Barco will retain the data for the period reasonably necessary to fulfil the purposes outlined in this Product Privacy Statement unless a longer retention period is required or permitted by law or subject to questions or complaints that force us to retain the data for a longer period. This means that we will keep your data at least for the duration of our business relationship.

7. How are your personal data protected?

Barco strives to protect the data by means of technical and organisational measures, such as firewalls and secured servers that may only be accessed by a limited number of persons holding special access rights and with respect to the nature of the data.

8. What are your rights and how can you exercise them?

You have a number of rights with regard to your personal data, such as the right of access, the right to rectification of inaccurate personal data, the right to erasure or restriction of processing, the right to data portability, the right not to be subject to profiling and the right to object to the processing. Some of these rights have a very specific scope or are subject to special conditions or exceptions. Please contact our DPO for any questions or requests regarding the processing of your personal data (dataprotection@barco.com). Any request to exercise a relevant right must be duly signed and dated. Barco cannot process your request without proof of your identity.

On grounds relating to your particular situation, you also have the right to object at any time to the processing of your personal data on the basis of the legitimate interest of Barco acting as a controller.

You also have the right to lodge a complaint with the supervisory authority of your habitual residence, your place of work or the place of an alleged infringement. The Belgian Data Protection Authority is the supervisory authority for Belgium and can be contacted at contact@apd-gba.be

Under the CCPA, you have the right to request a disclosure of the personal information Barco has collected about you during the prior 12 months, to request deletion of your personal information, to request a disclosure of your personal information Barco has sold or shared with third parties during the prior 12 months, or to seek information from Barco about your rights under the CCPA. To exercise any of these rights or ask additional questions, you may email dataprotection@barco.com, or send a letter to our U.S. office at :

  • Barco, Inc.
    3059 Premiere Parkway, Suite 400
    Duluth, GA 30097

If you have any further questions or complaints about the processing of your personal data, about Barco’s websites or about this Product Privacy Statement you can always contact us:

  • by e-mail at dataprotection@barco.com
  • by phone at the number 0032/56.26.22.15
  • by mail to
    Barco – Data Protection Officer
    President Kennedypark 35
    8500 Kortrijk, Belgium

II. Product specific privacy information

1. MediCal QAWeb

MediCal QAWeb is the online service for high-grade quality assurance for PACS display systems. Medical QAWeb is compatible with Barco diagnostic and clinical displays and non-Barco displays.

MediCal QAWeb functionalities manages the following data:

MediCal QAWeb Agent

  • Workstation data: computer name, operating system (name and version), QAWeb Agent version
  • Workstation devices: connected monitors (brand, model name, serial number, firmware version), graphics card (brand, model, serial number, driver version), luminance Sensors (brand, model, serial number)
  • Calibration: results of monitor calibration
  • Quality Assurance / compliance: results of Quality assurance tests / compliance tests
  • a central overview of all the workstation on which a QAWeb Agent is running (asset management) – data are sent with regular intervals;
  • a central overview of all devices that are of importance for the display of medical images connected to the workstation (asset management) – data are sent with regular intervals, and when devices are connected or disconnected;
  • a central overview of calibration status and detailed QA measurements values;
  • a central overview of the compliance test results on all workstations (capable of generating notifications).

The MediCal QAWeb Agent does not store any user identification data or any patient related data.

MediCal QAWeb Relay
The relay does not store data from the MediCal QAWeb Agents; it forwards information received from the Agents to the MediCal QAWeb online service.

Barco acting as a processor 
Barco is managing the hosting environment for MediCal QAWeb and is hence a processor of the organization which uses the product (cf. Barco Data Processing Addendum). Barco engaged the Microsoft Azure Services of the Microsoft Corporation as sub-processor in order to provide cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). 
Barco acting as a controller 

MediCal QAWeb hosted server application

  • Account information
    We may collect information about the individual user and his organization as it is entered in the application.

    For this purpose we may process contact data. Specifically, name and email address are stored for all users in order to provide functionalities such as identification and email notifications. On the organization level, the main contact details (name, business address and phone number) of key users are stored in order to enable Barco to make contact for support purposes.

    The data is processed on the basis of the performance of a contract.

  • Web logs
    The MediCal QAWeb hosted server application contains internal audit logs of user activity occurring through interaction on the website (user login, configuration changes).

    This is needed to be able to provide the necessary support and troubleshooting and also to create an audit trail when changes to configuration are made. The data is processed on the basis of the performance of a contract.

2. WeConnect

WeConnect is a subscription-based solution which offers a new way to optimize collaboration experiences. It supports BYOD devices through seamless network integration and promotes interaction for both in-room and remote participants. The host is in this case end user and hence the data controller.

WeConnect functionalities provide the following data:

Data viewable by the attending audience

  • Screen sharing content is visible to the audience and hence can be subject to snapshot taking.
  • Whiteboard content is visible to the audience attending the session.
  • Silent questions, chat messages and whiteboard annotations by individual participants are visible to the audience attending the session.
  • We do not knowingly collect personal data from children under the age of 16 through Barco Products and we will delete any such information later determined to be from such young person, unless we have received consent to collect such personal data from the child’s parent or guardian.

Data downloadable by host during the session
Silent questions, number of correct answers to quizzes, number of raised hands can be downloaded by the host during a session. The host can use this data to evaluate the participants. When the lecture is closed this data is no longer available to the host.

Data viewable when joining a session from a remote location
In order to enable participation to a session by remote attendees and create an interactive experience, the following data are shared:

  • Camera video and microphone audio of the personal device of the attendee are permanently exposed to the attendees who are on-site in the same room as the host.
  • Camera video and microphone audio of the personal device of the attendee can be shared with other remote attendees when voice activity is detected or during a debate session. Whenever this happens an "on-air" indicator is visible in the self-view image.

 

Barco acting as a processor 

Barco is managing the hosting environment for WeConnect and is hence a processor of the organization which uses the product (cf. Barco Data Processing Addendum). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).

Barco acting as a controller 
  • In order to activate/use the service
    o Login data such as user name, email address and IP address in order to activate the service. The user has to confirm the login creation via email.
    o In case “Single Sign On” is not activated for the institute, the password chosen by the user is stored in a secure way. Barco has no access to the passwords.
    o Uploaded avatar picture to identify the participant in the session.

    The data is processed on the basis of the performance of a contract.

  • In order to evaluate the session
    Session related information such as attendance, answers to polls and quizzes, start/stop screen sharing, chats, raise hands, silent questions and whiteboard annotations.

    The data is processed on the basis of the performance of a contract and/or on the basis of Barco’s legitimate interest to continually improve its products.

  • In order to provide support
    When joining a lecture from a remote location audio and video streaming data and settings are collected in order to optimize the connection between the participant and the host:
    o The selection by the user of what content is shown in main area of the user interface, mute/unmute actions for microphone and camera.
    o Video/audio streaming quality related information such as packet loss, bandwidth, stream (dis)connection info, selected camera and microphone and screen resolution are stored.
    o Camera and microphone settings for reuse in next sessions.

    The data is processed on the basis of the performance of a contract and/or on the basis of Barco’s legitimate interest to continually improve its products.

3. Overture Cloud

Overture Cloud is Barco’s software-based A/V Control and monitoring solution that uses the company’s normal network infrastructure to manage all A/V devices. Overture can integrate with Active Directory for authentication and authorization reasons and with Microsoft Exchange for automatic scheduling of actions within Overture.

 BARCO ACTING AS A PROCESSOR
 Barco is managing the hosting environment for Overture Cloud and is hence a processor of the organization which uses the product (cf. Barco Data Processing Addendum). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).
 BARCO ACTING AS A CONTROLLER
 
  • In order to activate/use the service
              o Login data such as user’s first and last name, username, preferred language, email address and IP address in order to use the service. 
              o In case no integration is done with Active Directory, the password chosen by the user is stored in a secure way. Barco has no access to the passwords.

    The data is processed on the basis of the performance of a contract.

  • In order to offer Device usage logs
    Every operation on a device monitored or controlled by Overture, that is triggered via Overture (manually or automatically) is logged in the Overture Logs. Those logs are accessible to the designated administrator(s) of the customer and enable them to gather insights in the device’s usage and to debug issues with the A/V installation.

    The data is processed on the basis of the performance of a contract.

  • In order to provide support and improve the product
    The Overture Cloud hosted server application contains internal audit logs of user activity occurring through interaction on the website (user login, accessing of the different pages etc.).

    This is needed to be able to provide the necessary support and improve Overture. Depending on the individual case, the data is processed on the basis of the performance of a contract or on the basis of Barco’s legitimate interest to continually improve its products.

4. Barco XMS Cloud

Barco XMS Cloud is Barco’s central management solution for ClickShare and WePresent devices. This cloud-based software suite consists of a gateway, available as an appliance (XMS Edge) or as a software suite (XMS Virtual Edge). The gateway XMS (Virtual) Edge allows for monitoring, diagnostics and maintenance on premise of ClickShare and WePresent devices, whilst the cloud dashboard provides a consolidated dashboard for monitoring of the ClickShare and WePresent devices across multiple sites and remotely accessible.

 BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for XMS Cloud and is hence a processor of the organization which uses XMS Cloud (cf. Barco Data Processing Addendum). Barco engaged the Microsoft Azure Services of the Microsoft Corporation as subprocessor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/). Barco engaged MongoDB Atlas of Mongo DB Inc., as sub-processor (https://www.mongodb.com/security) for database services.
 BARCO ACTING AS A CONTROLLER
 
  • In order to activate the service
    The person identified as administrator of the organization as well as the person performing the installation, receive an email upon completion of the registration process. The administrator needs to create a myBarco account in order to use the XMS Cloud portal. This account is used for secure authentication purposes to access the XMS Cloud portal. The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy.

  • In order to use the service and provide support
    We may process contact data such as name, email address, address and phone number. Specifically, name and email address are stored for all key users in order to provide functionalities such as identification and email notifications. On the organization level, the main contact details (name, address and phone number) of key users are stored in order to enable Barco to provide support (break/fix use cases and field support) and to create reports. 

    The data is processed on the basis of the performance of a contract.


  • In order to improve the product
    We may collect anonymized data on the device usage in order to provide statistics, analytics and insight to the users of XMS Cloud.

    The data is processed on the basis of Barco’s legitimate interest to continually improve its products.

5. Demetra

Demetra is Barco’s all-in-one skin imaging system for improved skin lesion screening and follow-up. It consists of a hardware device with embedded software (the Demetra Scope) and a stand-alone web application (the Demetra Web Application). It brings multispectral dermoscopy, clinical imaging, and workflow and documentation tools as a service to make skin lesion screening and follow-up easier, faster and more accurate.

Demetra functionalities, supported by the device and/or web application, provide the following data:

User data

  • User identification data: user name, IP address
  • User contact details: name, email address, phone number, address
  • User preferences (settings)
  • Usability data automatically captured by Barco Demetra: user activity logs, error reports, environmental data (type of browser, display resolution, etc.), device internal metrics (temperature, battery status)

Patient data/PHI

  • Patient identification data: name, date of birth, gender, patient ID
  • Patient health data: patient risk information, patient history, patient images (incl. user annotations on images, localization of those images on the body), clinical & pathology diagnosis, management/treatment, conclusion of consultations
  • Analysis data: the outcomes of applying image analysis, post-processing and algorithms on the patient data
 BARCO ACTING AS A PROCESSOR AND BUSINESS ASSOCIATE
 

Barco is managing the hosting environment for Demetra and is hence a processor and a “business associate” under HIPAA regulations of the organization which uses the product (cf. Barco Data Processing Addendum). Barco engaged Amazon Web Services Inc. as sub-processor and business associate in order to provide cloud services, (eu-west-1, EU (Ireland) and us-east-1, US East (N. Virginia) https://aws.amazon.com/about-aws/global-infrastructure/).

Patient health data identified above, including dermascopic images, patient health records, and other Protected Health Information (PHI), will be collected or created by the end user and will be stored in the Amazon Web Services cloud environment. End user has entered into a Business Associate Agreement (BAA) with Barco that authorizes Barco and Amazon Web Services to transmit, store, access, and otherwise process PHI for certain purposes, including for medical care and treatment and as otherwise authorized by the patient. End user is solely responsible for properly notifying patients of the permitted uses of their PHI and, to the extent required by law, retaining proof of patients’ consent to such use.

Barco reserve the right to make any revisions to this notice effective for PHI received or maintained prior to the date the revised notice becomes effective.

Users with questions about this notice or the use of PHI may contact Barco’s HIPAA Privacy Officer at dataprotection@barco.com.

 BARCO ACTING AS A CONTROLLER
 
  • In order to activate/use the service
    We collect information about the individual user and his organization as it is entered in the Demetra applications. 
    For this purpose we process contact data such as name, email address, address and phone number. Specifically, name and email address are stored for all users in order to provide functionalities such as identification and email notifications. 
    The data is processed on the basis of the performance of a contract. 

  • In order to provide support
    The Demetra applications automatically collect usage data such as user activity logs, error reports, environmental data (type of browser, display resolution, etc.) and device internal metrics.
    This is required to be able to provide the necessary support and troubleshooting to the individual users. 
    The data is processed on the basis of the performance of a contract.

  • In order to optimize subscription and usage
    The Demetra applications automatically collect usage data such as user activity logs, error reports, environmental data (type of browser, display resolution, etc.) and device internal metrics and database statistics on account and/or user level (number of images per image type, number of patients, number of diagnoses, etc.). 
    This is required to offer information on the subscription status and usage; to provide usage recommendations to optimize the subscription and usage, allowing the user to make optimal use of the Demetra functionalities.
    The data is processed on the basis of the performance of a contract.

  • In order to improve the product
    The Demetra applications automatically collect usage data on an aggregated level such as user activity logs, error reports, environmental data (type of browser, display resolution, etc.), device internal metrics and performance feedback data (such as adjustments by the user in the output provided by algorithms, user scoring of outputs of algorithms) and database statistics on an aggregated level (number of images per image type, number of patients, number of diagnoses, etc.).
    The data is processed on the basis of Barco’s legitimate interest to continually improve its products.

  • In order to improve service performance and to provide analytics
    The Demetra application may collect anonymized demographic data and dermoscopic images and related meta-data entered in or generated with the Demetra applications for this purpose – the anonymity of this data is guaranteed by the type of data that is selected for inclusion or by aggregating the data:
                   o Only demographic data and general risk factors are included, i.e., no data by which the patient can be identified
                   o Only dermoscopic images, visualizing a limited skin area of 23,7 x 13,3 mm, and related meta-data (such as image capture settings, image localization, diagnosis, etc.) are copied, i.e., no clinical images, from which the patient might be identified, are included

    This data can eg. be used to provide statistical information to the end user about analytics/AI algorithm performance on an aggregated level (i.e., aggregated across all patients and users in the Demetra database) and for the end user’s own patient population. 
    These data are processed on the basis of Barco’s legitimate interest to continually improve its products.
    The collection of these data can be disabled on account level via the settings in the Demetra web application. 

  • In order to improve service performance and to provide analytics
    The Demetra application may collect individual user performance feedback data (such as adjustments or corrections by the user in the output provided by algorithms, user scoring of outputs of algorithms), whereby Barco can identify the user who generated the data. 
    This data can eg. be used to provide information about analytics/AI algorithm performance on individual user level. 
    These data are processed on the basis of the individual user’s unambiguous consent.

 

6. QAWeb Enterprise

QAWeb Enterprise is an online service for high-grade quality assurance. It is the successor product of Medical QAWeb. The secure service provides functionalities to achieve consistent image quality and uptime of all PACS display systems throughout a healthcare organization, as well as features to manage display assets usage and lifecycle. The system is compatible with Barco diagnostic and clinical displays and non-Barco displays.

QAWeb Enterprise is a cloud-based software which consists of two main components:

  • QAWeb Enterprise Agent
  • QAWeb Enterprise Server

QAWeb Enterprise Agent is installed on every workstation which is intended to be connected to the QAWeb Enterprise Server.

QAWeb Enterprise Agent processes the following data and sends the information to the QAWeb Enterprise Server:

  • Workstation data: computer name, operating system (name and version), QAWeb Agent version
  • Workstation devices: connected monitors (brand, model name, serial number, firmware version), graphics card (brand, model, serial number, driver version), luminance sensors (brand, model, serial number)
  • Calibration: results of monitor calibration
  • Quality Assurance(QA) / compliance tests: results of executed QA tests

QAWeb Enterprise Server processes the data to provide the following functionalities:

  • a central overview of all the workstation on which a QAWeb Enterprise Agent is running (asset management) – data are sent with regular intervals;
  • a central overview of all devices that are of importance for the display of medical images connected to the workstation (asset management) – data are sent with regular intervals, and when devices are connected or disconnected;
  • a central overview of calibration status and detailed QA measurements values;
  • a central overview of the QA test results on all workstations (capable of generating notifications).

The QAWeb Enterprise Agent and QAWeb Enterprise Server do not store any individual user identification data or any patient related data.

 BARCO ACTING AS A PROCESSOR
 Barco is managing the hosting environment for QAWeb Enterprise and is hence a processor of the organization which uses the product (cf. Barco Data Processing Addendum). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide cloud services (region: eu-west-1, location: Ireland https://aws.amazon.com/about-aws/global-infrastructure/regions_az/).
 BARCO ACTING AS A CONTROLLER
 
  • In order to activate/use the service
    We may collect information about the user and his organization as it is entered in the application (https://signup-qaweb.healthcare.barco.com).
    For this purpose, we may process contact data such as name, email address, business address and phone number. 
    The data is processed on the basis of the performance of a contract.

  • In order to provide support
    We collect audit logs of user activity occurring through interaction on the QAWeb Enterprise webclient (user login, configuration changes). The audit logs are encrypted at rest with strict permission controls.
    This is needed to be able to provide the necessary support and also to create an audit trail when changes to the configuration are made (for example changes to quality assurance policies, user & permission changes, changes to organizational structure, etc …). For this purpose, we may process contact data such as name, email address, address and phone number. On the organization level, the main contact details (name, business address and phone number) of key users are stored in order to enable Barco to make contact for support purposes.
    The data is processed on the basis of the performance of a contract.

7. Barco Synergi

Barco Synergi is a solution to streamline multi-disciplinary team meetings in healthcare organizations by efficient and automated data aggregation, visualization and team alignment.
It is a software service for preparation and management of patient case discussions by healthcare providers. Barco Synergi has interoperability with the Electronic Health Record (EHR) of a healthcare organization in order to retrieve patient information and to store the outcome of the multi-disciplinary team discussion.

Barco Synergi manages following data:

User data

  • User identification data: user name, IP address
  • User contact details: name, email address
  • User preferences (settings)
  • Usability data automatically captured by Barco Synergi: user activity logs, error reports, environmental data (type of browser, display resolution, etc.),

Patient data/PHI

  • Patient identification and demographic data: name, date of birth, gender, patient ID
  • Patient health data: patient risk information, patient history, clinical, radiology & pathology diagnosis and findings, management/treatment, conclusion of consultations, recommended outcome of group discussions
  • Analysis data: the outcomes of applying analysis, post-processing and algorithms on the patient data
 BARCO ACTING AS A PROCESSOR AND BUSINESS ASSOCIATE
 

Barco is managing the hosting environment for Barco Synergi and is hence a processor of the organization which uses the product (cf. Barco Data Processing Addendum). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide cloud services, (eu-west-2, EU (London) https://aws.amazon.com/about-aws/global-infrastructure/). Barco engaged MongoDB Atlas of Mongo DB Inc., as sub-processor (https://www.mongodb.com/security) for database services.
Patient health data identified above, including clinical diagnoses, results of consultations and discussions, patient history, patient health records, and other Protected Health Information (PHI), will be collected or created by the end user and may be stored in the Amazon Web Services cloud environment. End user has entered into a Business Associate Agreement (BAA) with Barco that authorizes Barco and Amazon Web Services to transmit, store, access, and otherwise process PHI for certain purposes, including for medical care and treatment and as otherwise authorized by the patient.
End User is solely responsible for properly notifying patients of the permitted uses of their PHI and, to the extent required by law, retaining proof of patients’ consent to such use.
Barco reserve the right to make any revisions to this Notice effective for PHI received or maintained prior to the date the revised Notice becomes effective.

Users with questions about this Notice or the use of PHI may contact Barco’s HIPAA Privacy Officer at dataprotection@barco.com.

 BARCO ACTING AS A CONTROLLER
 
  • In order to activate/use the service
    We collect information about the individual users and its organization as it is entered in Barco Synergi. For this purpose, we process contact data such as name, role, email address and phone number.
    The data is processed on basis of the performance of a contract. 

  • In order to provide support
    Barco Synergi automatically collects usage data such as such as user activity logs, error reports, environmental data (type of browser, display resolution, etc.), application metrics (number of patients being discussed, elapsed time, number of meetings etc.).
    This is required to be able to provide the necessary support and troubleshooting to the individual users. 
    The data is processed on the basis of the performance of a contract.

  • In order to further develop Barco Synergi
    Barco Synergi automatically collects usage data such as user activity logs, error reports, environmental data (type of browser, display resolution, etc.), application metrics (number of patients being discussed, elapsed time, number of meetings etc.).
    This is required to improve the workflow of these meetings and implement future product improvements.
    The data is processed on basis of the performance of a contract and/or on basis of Barco’s legitimate interest to continually improve its products.


8. Projection Insights

Projection Insights is Barco’s platform that allows users to manage their fleet of projectors in the cloud. The platform consists of a gateway embedded in the projector software, that allows communication of the projector with the cloud, and a cloud dashboard that provides fleet management functionalities, e.g. tracking usage parameters and enhancing remote diagnosis of projectors.

 BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for Projection Insights and is hence a processor of the organization which uses Projection Insights (cf. Barco Data Processing Addendum). Barco engaged the Microsoft Azure Services of the Microsoft Corporation as subprocessor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).
 BARCO ACTING AS A CONTROLLER
 
  • In order to activate/use the service
    We collect information about the user and his organization as it is entered during the registration and activation process of the projector. For this purpose we process contact data such as name, email address, address and phone number. Specifically, name and email address are stored for all users in order to provide functionalities such as identification and email notifications. 

  • In order to improve the product
    The Projection Insights application automatically collects usage data such as user activity logs, error reports, environmental data (type of browser, display resolution, etc.) and device internal metrics. The data is processed on the basis of the performance of a contract and/or on the basis of Barco’s legitimate interest to continually improve its products.

9. SecureStream

SecureStream is a subscription-based streaming media solution which enables control room operators to collaborate with remote users. It consists of a gateway deployed on the end-user’s premise that connects to their local media infrastructure and a hosted SaaS portal that provides service management and remote collaboration functionalities.

SecureStream functionalities involve the following user data:

  • User Identification data: username, email address, IP address
  • User Environmental data: type of browser, network info
  • User Media data: Camera video and microphone audio of the personal device of the participant
  • Audit log data: user identification data is logged including information about the performed action (ie. create, delete, start, stop)
  • Usage data: start and stop stream actions are logged and usage records are created
BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for SecureStream and is hence a processor of the organization which uses SecureStream (cf. Barco Data Processing Addendum). Barco engaged Microsoft Azure Services of Microsoft Corporation as sub-processor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).
BARCO ACTING AS A CONTROLLER
 
  • In order to activate the service
    We may collect contact about the individual user and his/her organization as it is entered in the Barco activation / SecureStream registration portal(s):
    Upon completion of the registration process, the person identified as end-user administrator as well as the person performing the installation, receives an email based on the user identification data provided.

  • In order to use the service
    We may collect user identification in order to get access to the SecureStream portal:
                   • The end-user administrator needs to create a myBarco account 
                   • The end-user administrator can decide which individuals have access to use the SecureStream service. Authenticated access may be enabled by requiring users to create a myBarco account.
                   • The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy.
                   • Usage of SecureStream results in the collection of audit logs and usage data. All user interactions with the SecureStream portal are audit logged. All streaming activity on SecureStream is logged for usage accounting. Log data is aggregated to provide statistics,analytics and insight to the users of SecureStream.
                   • We may handle user media data through the use of the media streaming functionality. The primary functionality of SecureStream is to share media content among users. If user media is shared this will be visible/audible to the other participants. As such it can also  be subject to snapshot taking/recording by external means. Thumbnail snapshots of the shared media are also visible to end user designated administrators.

    The data is processed on the basis of the performance of a contract.

  • In order to provide support 
    We may collect user identification and environmental data as part of debug, info, error logs of user interactions with the SecureStream portal. All SecureStream components generate logs that are used to monitor, operate and provide support for the service.

    The data is processed on the basis of the performance of a contract.

  • In order to improve the product
    User identification and environmental data is collected as part of debug, info, error logs of user interactions with the SecureStream portal which is aggregated in order to provide statistics, analytics and insight to the users of SecureStream and improve the product.

    This data is processed on the basis of Barco’s legitimate interest to continually improve its products.

10. ClickShare

ClickShare is the wireless presentation and conferencing solution allowing users to share content from their personal device to the meeting room display and to use the meeting room camera and speakerphones in their conference calls.

A ClickShare setup typically consists of these components:

  • ClickShare base unit is connected to the meeting room display (ClickShare wireless presentation), camera and speakerphone (ClickShare wireless conferencing) and processes all audio and video streams of the connected peripherals, as well as all shared content.
  • ClickShare button which the user plugs in to his computer to set up the wireless connection to the base unit and exposes the room audio and video as USB devices to the computer.
  • ClickShare app which can be used with or without the button plugged in to macOS and windows devices, and processes all shared content, whether the full screen or a specific application, as well as the users’ local outlook calendar items, such as meeting title, start and end time, location and conference call links, to show them in the ClickShare app.
  • ClickShare mobile app which allows the user to share content from iOS and Android mobile devices through a wireless connection with the base unit to the meeting room screen and processes the devices screen content to do so.

Data viewable by people in the room

  • Any content shared by the host will be visible to all people in the room. If the host shares his full desktop, any pop-ups, reminders or open windows may become visible to everyone in the room.
  • Any content shared to the meeting room display can be shared to remote participants by the host of the conference call and can hence be subject to snapshot taking (ClickShare conference).
  • The meeting room audio and video can be shared to remote participants by the host of the conference call and can hence be subject to snapshot taking (ClickShare conference).

Data viewable when joining a session from a remote location

  • Any content shared to in the conference call by the remote participants is subject to being shared to the meeting room display by the host and can hence be subject to snapshot taking.
  • The camera video and microphone audio of the personal device of the attendee are subject of being exposed to the participants in the same room as the host.

Data processed by the ClickShare App installed on the user’s device for One Click Join: meeting information from the local Microsoft Outlook client, such as meeting title, start and end time, location and conference call links in order to simplify connecting to the meeting room and joining the conference call. For this purpose the ClickShare App is using the Messaging Application Programming Interface (MAPI) to connect to the local Outlook database. This interface allows a local application to access the calendar and meeting details on the computer through the privilege context of the currently logged in user. The accessed meeting information is only displayed to the user on his computer. No data is stored locally (in logs or cache files) nor does any of this data leave the user’s device. The ClickShare App only parses meeting time, subject, location and join links.

Feedback star rating after using the ClickShare App: Barco only gets access to the number of stars and optional feedback given when rating the ClickShare experience after having used the App. No personal data is being processed. This star rating is used to measure the global satisfaction level of the ClickShare experience and to measure if new features and improvements have the expected impact. The optional feedback is used to identify specific improvement opportunities for the ClickShare experience.

Barco acting as a controller 

a) In order to download and use the ClickShare Desktop App
We process your personal data when you download and use the application. For this purpose we can process data such as your name, your username and any personal data shared by you.

We may also collect device-specific information, such as your hardware model, operating system version, unique device identifiers and network information.

These data are processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services while you make use of the application.

b) In order to use the ClickShare Mobile App
We process your precise location and your product interactions for app functionality, both not linked to your user identity.

These data are processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services while you make use of the application.

c) In order to improve the ClickShare App
We process device-specific information not linked to your user identity, such as your hardware model, operating system version, unique device identifiers, localization and regional settings and network information, as well as what features were used, in order to further improve the products and services that Barco provides to you.

Barco processes this data for its legitimate interest to gain insight in the use of the application in order to improve its application.


11. NexxisCare

NexxisCare is Barco’s remote service product for the surgical market. This cloud-based software tool allows service engineers from our partners to remotely monitor devices in the operating room by means of collection of technical data from these devices. NexxisCare remote service allows you to detect and diagnose technical issues in the operating room proactively in order to prevent outages during surgery.

BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for NexxisCare and is hence a processor of the organization which uses the product (cf. Barco Data Processing Addendum). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).
BARCO ACTING AS A CONTROLLER
  • In order to activate the service

    We may collect identification/contact information about the user and his/her organization as it is entered in the Barco activation portal (https://activate.Barco.com) and the NexxisCare cloud application:
    o The user needs to create a myBarco account in order to get authenticated access to the NexxisCare cloud application. The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy. 
    o Up on completion of the registration process, the person identified as administrator who created an account receives an email based on the user identification data provided.

    The data is processed on the basis of the performance of a contract.

  • In order to provide support

    We may collect information about the end user and his organization as it is entered in the application.

    For this purpose we may process contact data such as name, email address, address and phone number. Specifically, name and email address are stored for all key users in order to provide functionalities such as identification and email notifications. On the organization level, the main contact details (name, business address and phone number) of key users are stored in order to enable Barco to make contact for support purposes break-fix use cases, field support and to create reports.

    The data is processed on the basis of the performance of a contract.

12. WallConnect Cloud

WallConnect Cloud is Barco’s platform that allows organizations to manage their fleet of video walls in the cloud. The platform consists of a gateway (WallConnect edge) deployed on the end-user’s premises that allows communication of the video wall (displays) data to the cloud, and a cloud dashboard that provides remote video wall management functionalities, e.g. monitoring operating conditions and critical display specific parameters and enhancing remote diagnosis of video walls.

WallConnect Cloud functionalities manages the following data:

  • User Identification data: username, email address, IP address

  • User Environmental data: type of browser, network info

  • User interactions with the WallConnect Cloud application are audit logged, meaning user identification and environmental data about the user is logged including information about the performed action (i.e. create, delete, …).

  • Display(s) and gateway specific information is collected during the wall operation as part of debug, info, system events and error logs.

 BARCO ACTING AS A PROCESSOR
 

Barco is managing the hosting environment for WallConnect Cloud and is hence a processor of the organization which uses WallConnect Cloud (cf. Barco Data Processing Addendum).

Barco engaged the Microsoft Azure Services of the Microsoft Corporation as sub-processor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/). Barco engaged MongoDB Atlas of Mongo DB Inc., as sub-processor for the provision of audit logging.

 BARCO ACTING AS A CONTROLLER
  • In order to activate the service

    We may collect information about the user and his/her organization as it is entered in the Barco activation portal (https://activate.Barco.com) and WallConnect Cloud application (https://wallconnect.cloud.barco.com):
    • The user needs to create a myBarco account in order to get authenticated access to the WallConnect Cloud application. The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy.
    o During registration we will collect identification / contact information related to the user and his end-user organization.
    o Up on completion of the registration process, the person identified as administrator who created an account receives an email based on the user identification data provided.

    The data is processed on the basis of the performance of a contract.

  • In order to use the service

    We may collect user identification to get access to the WallConnect Cloud application:
    o The user needs to create a myBarco account in order to get authenticated access to the WallConnect Cloud application. The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy.
    o The admin user can decide which individuals have access to use the WallConnect Cloud application

    All WallConnect Cloud components generate logs that are used to monitor, operate and provide support for the WallConnect Cloud application service.

    The data is processed on the basis of the performance of a contract.

  • In order to improve the product
    The user identification and environmental data that is collected as part of debug, info, error logs of user interactions with the WallConnect Cloud application is aggregated and anonymized in order to provide statistics, analytics and insights regarding the usage of WallConnect Cloud and to improve the product.

    This data is processed on the basis of Barco’s legitimate interest to continually improve its products.
 

13. MirrorOp App

The MirrorOp Desktop App (MirrorOp Sender) allows Windows/macOS/Chromebook users to connect to meeting rooms and classrooms equipped with authorized receivers (e.g. wePresent receivers). With MirrorOp Sender, real-time screen sharing and remote desktop operations are enabled.

The MirrorOp Mobile App (MirrorOp Presenter) is the workplace/classroom companion for users on iOS and Android devices, allowing them to share content from their devices to the display. MirrorOp Presenter adds more flexibility for presenters by including the built-in browser (for showing web pages) and live camera (for sharing non-digital contents) as well as annotation tools.

Barco acting as a controller  

In order to download and use the MirrorOp App

We process your personal data when you download and use the application. For this purpose we can process data such as your username, your e-mail address and any personal data shared by you

We may also collect device-specific information, such as your hardware model, operating system version, unique device identifiers and network information.

These data are processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services while you make use of the Application.


14. Web Analyzer

Web Analyzer is a tool developed for cinema service technicians (on Series 4 cinema projectors) to open, read, interpret, sort, filter, analyse,… a diagnostics package exported from the projection system (a combination of all log files, settings files, …). This tool is hosted on myBarco. In order for a user to consult the uploaded diagnostic packages, Web Analyzer stores for each packages by which user it was uploaded.

BARCO ACTING AS A PROCESSOR; 
Barco engaged Microsoft Azure Services of the Microsoft Corporation and Amazon Web Services as sub-processor in order to provide cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/).
BARCO ACTING AS A CONTROLLER  
  • In order to access Web Analyzer
    The user needs to create a myBarco account in order to get authenticated access to the Web Analyzer tool. The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy.
    • During registration we will collect identification / contact information related to the user and his end-user organization.
    • Up on completion of the registration process, the person identified as administrator who created an account receives an email based on the user identification data provided.

The data is processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services.