Privacy Statement



Legal base
The base on which data is processed. That can be consent, vital interests, legal obligation, execution of contract, general interest or legitimate interest.

Legitimate interest
Trade-off between the interest of BIT and the interests of the client whose data will be processed.

BIT respects your privacy. The privacy-by-design and the privacy-by-default principles are both enforced. As far as it is not vital for the services we provide for you, it will not be attempted to identify personal data to a specific individual. With the exception of legal obligations or in cases that require sharing for servicing purposes, BIT will never sell, rent or otherwise share your personal data with others. BIT does not share your data with processors outside the European Union. No automated decisions will be made and no profiling of individuals will be done based on your data.
The video conferencing service is offered by BIT and can be used freely. When using this service you agree with this privacy statement and comply with our acceptable use policy and abuse policy that will be enforced in case of non conformation to the acceptable use policy. The (personal)data that BIT processes while you are using the service is necessary to deliver the service, for usage statistics and for debugging purposes. The legal base for these processes is legitimate interest.
The sound and video stream of the user is encrypted on the user's device in use for the service. This stream is de-crypted at BIT's infrastructure and re-encrypted transmitted to other users of the same conference. The protocol in use for this service, WebRTC, does not make end to end encryption possible. BIT does not save the stream, neither listens to or watches the streams.

The following (personal)data will be processed when you use the service:

The service does not set any cookies. When available local storage on the user's device will be used to store conference identifiers and user settings. This information will be used by the client's device when starting a new conference or joining an existing conference.

On BIT does not offer a data processing agreement. It is the responsibility of the controller to verify if the offered video conferencing service is sufficient for the use they have intended. We can enter into a data processing agreement with Hosted Video Conferencing from BIT.

You are the owner of your own personal data. This means that you also have rights over this data, even if they are processed by BIT. The rights that you can claim, are listed below. You can always contact BIT about these rights. The rights you can claim are:

* Right of access; you can request access to your personal data processed by BIT. In BIT’s portal you can access (almost) all of your personal data. You need an account to access this portal and your data.
* Right of rectification: you can change the personal data processed by BIT if they are incorrect (or have them changed).
* Right of transfer: you can request the personal data processed by BIT in a ‘machine-readable’ format so you can transfer the services provided by BIT to another supplier.
* Right of removal: you can remove the personal data processed by BIT if you withdraw your consent for processing and when there is not other legal base for the processing of your data (or have them removed).
* Right of objection: you can object against the processing of your personal data by BIT. Based on your objection and the interest of BIT, there will be an assessment on whether the processing needs to be stopped or altered.
* Right to submit a complaint: you can file a complaint the Dutch Data Protection Authority (AP) if you feel that BIT is not handling your personal data correctly. You can file your complaint on the AP website.

Contact details
If you wish to exercise one or more of the rights described in this statement, you can contact BIT, the data controller:

Subject: processing personal data
PO Box 536
6710 BM Ede
The Netherlands
T: +31 318 648 688

If you have questions about the processing of your data, this privacy statement or if you want to report a data breach, please contact BIT’s Data Protection Officer (FG). This officer is registered with the Dutch Data Protection Authority with AP FG number FG002803. The contact details of this official are:

Attn.: Data Protection Officer
PO Box 536
6710 BM Ede
T: +31 318 648 688

BIT has taken the following generic security measures to keep your data safe and available:
* Flooding and water damage: data storage in data centers that are at least 6 meters above NAP, water detection and water pumps connected to emergency power supplies.
* Lightning: lightning protection installation installed and certified in accordance with the NEN standard 1014 class LP4, for data centers and offices.
* Fire: fire detection systems (monthly checks, annual tests with maintenance party), reporting to the RAC, customised plan with fire brigade, gas extinguishing installation (monthly checks, annual tests with maintenance party) for the data centers per server room, a large number of in-house emergency officers, a large number of fire alarm system administrators and quarterly evacuation exercises.
* Power failure: generators N+1 for BIT-2A data center, generators N+1 for BIT-2BVD data center, generator N for BIT-1, UPS sets with A and B side per server room, power redundant to every rack, monthly loaded test of all generators and offices also equipped with UPS.
* Burglary: zoning, electric fence, burglary detection and alarm system on all premises, switch-on monitoring, camera surveillance, two independent surveillance services, VEB (security class 4*) certified.
* Climate: three building control systems (‘GBS’), one for BIT-1, one for BIT-2A and one for BIT-2BCD which ensure the right temperature and humidity in the server rooms, minimum setup of N+1 cooling and N+1 humidification.
* Cables (interference): cables are located in cable ducts in the offices and server rooms, in the server room there are two ducts beneath the raised computer floor: one for power and fibre optic cables and one for UTP network cables, heavy connections (cooling and UPSs) in the server room in separate cable ducts.
* Network redundancy: network equipment is spread over locations BIT-1 and BIT-2, redundancy in the fields of routers, switches, internal and external connections (multiple connections to transit suppliers and all large European Internet Exchanges), geographically separated routes between BIT-1 and BIT-2, between BIT-1 and a PoP in Amsterdam and between BIT-2 and another PoP in Amsterdam. The entire network is based on dynamic routing where different paths are automatically selected in case of failure in components in order to lead the traffic around the failing components.
* Storage: fully redundant storage. Storage runs on different software than the production storage.
* Backup: fully redundant storage. Storage runs on hardware other than the production storage.
* Load balancing: a large number of services are available with standard load balancing. For most other services, load balancing is optionally available. The load balancers and servers for the load balanced services are located in geographically separated buildings BIT-1 and BIT-2.
* Logical access: mandatory password policy, access lists for access of IP addresses to BIT’s information systems, RBAC, VPN with 2 factor authentication, firewalls, central logging of BIT information systems and detection systems for certain unauthorised changes.
* Organisational: ISO 27001 and NEN 7510 certification on the entire range of services, confidentiality agreements for all employees and engaged third parties, obligation of police clearance certificate for all employees, a security officer within the organisation, security awareness trainings for all employees, encryption policy for sensitive information.

In the event of conflict between the English version and the Dutch version of this document, the Dutch version prevails.