MRView Privacy Notice
The following Notice outlines how we use that information. This Notice was established in 2021 and was last updated on 1st September 2021.
MRView is an independent company headquartered in France.
Where is the data stored?
- Data is stored and hosted by Microsoft Azure Services in France
- Data is encrypted at rest and in transit.
What personal data do we process?
The following information may be processed:
- Video image, specifically of the research participant when the webcam facility is engaged
- Audio, specifically the voice of the research participant when the microphone is engaged.
- Any stimuli, material, written responses, or messages exchanged within the platform.
- Downloading and exporting recordings for access, distribution or sharing
- The date and time of access (specifically when you log in), your web-browser type and operating system, and your IP address.
- Information including name, postal address, telephone number, invoicing information, bank account / payment details, and any booking information provided when using the platform.
Purposes of data processing
Your information is used only for administration of video conferencing and streaming services, assignments, and projects, and for no other purpose, and as such your details will not be passed to third party vendors for selling non-relevant services and products.
Our purpose in collecting the information is to engage in legal commerce and to offer products and services of value to our customers.
- The information is used to: Provide services that you request; Communicate with you; Personalize the information we send you; We may also use this information to generate a quote for our services, and to manage any project that may be commissioned; To let you know about our other services and products, that may be of interest; Information provided may be used to update data we currently hold; To evaluate, assess and improve our services; To contact you to undertake customer satisfaction surveys; To process our invoices; For other business-related purposes permitted or required under applicable local law and regulation; and As otherwise required by law.
- Participant data is used by MRView as per the instructions of our clients
- MRView is the data processor / sub-processor of information and data, and the Client is the data controller.
What is our legal basis for processing?
Our legal bases for the processing of your personal data are:
1) your consent; 2) our contract with your organization; 3) any other applicable legal bases, such as our legitimate interest in engaging in commerce and offering products and services of value to our clients
How long is data retained?
You retain full control over who has access to the project and the associated materials. You can also share content with additional stakeholders (assuming appropriate transfer mechanisms and sharing agreements are in place).
- Project data, including video and audio files, is stored according to the following schedule: PAYG /Bronze: Deleted automatically after 72 hours, subject to agreed storage limits; Silver, Gold and Platinum: Deleted automatically after 3 months, subject to agreed storage limits
- Your information is accessible and editable by you and is retained for the duration stipulated in the contract.
What are our obligations?
MRView employs best endeavours to ensure:
- All personal data will be kept confidential.
- To notify any data breach to the data controller.
- To ensure the security of our processing
- To keep records of our processing activities, as instructed by the data controller
- Clients are reminded to keep your access credentials confidential.
MRView may engage external service providers, specifically IT service providers. In providing such services, the external services providers may access and/or process personal data.
What access controls do Clients have?
For client’s access to the platform is by password
- You control who may access specific project materials, and in setting access rights, you have total control of the sharing of insights.
- You can control, correct, and update your information including names (of individuals and organisations), your contact information and your proprietary branding
- You retain the ability to choose which participants are invited into the meeting room, to prevent unauthorized access
- You can control the video feed (switching it off if required).
- You can control the audio feed as required
- You can provide access to recordings as required.
Transfers of personal data related to EU/EEA data subjects is subject to GDPR compliance, and must meet the adequacy, security and transfer requirements stipulated by the European Union. For locations without adequacy status revised (June 2021) EU Standard contract clauses are available.
- Right to Access: You have the right to obtain confirmation about whether Personal Data is included about you in our databases. Upon request, MRView will provide an individual access to his or her Personal Data within a reasonable time frame. MRView will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which MRView collected the Personal Data. You may review your own Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete. Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a instance, we will provide you with an explanation of our determination and respond to any inquiries you may have. You may access and modify your Personal Data by contacting MRView by phone, post or email. In making modifications to your Personal Data, you must provide only truthful, complete, and accurate information.
- Rectification and Erasure: You may request that we rectify or delete any of your personal data that is incomplete, incorrect, unnecessary, or outdated.
- You may object, at any time, to your personal data being processed.
- Restriction of Processing You may restrict processing of your personal data for certain reasons, such as, for example if you consider your personal data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration.
- Data Portability You may request the data you provided to us in a commonly used and machine-readable form.
- Right to Withdraw Consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our products and services. To exercise any of the above-mentioned rights, please contact us as set forth below. We will process any requests in accordance with applicable law and within a reasonable period. We recommend that you include documents that prove your identity and a clear and precise description of your request. Please note that in some cases, especially if you wish us to delete or cease the processing of your personal data, we may no longer be able to provide our services to you. Via Email: [firstname.lastname@example.org] Via Postal Mail: MRView, 6 route de Lanserre, 49610 Les-Garennes-sur-Loire, France ]
Consistent with applicable data protection and privacy laws and principles, this Policy may be amended.
Requests for personal data
MRView will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from Research participants.
If you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with your local supervisory authority responsible for data protection matters.