Effective August 1, 2024
Summary:
MorphCast Inc. is committed to protecting the privacy and security of users’ personal data, adhering to the GDPR. This Privacy Policy pertains to the MorphCast Emotion AI for Zoom Plugin, detailing the collection, processing, and sharing of personal data from registered users, including identifiers like Zoom IDs, email addresses, and video conference details. Users’ consent is required for data collection, and personal data is used for service provision, legal compliance, and marketing. Data is securely stored and encrypted, and third-party sharing is limited to necessary service providers. Users have rights to access, correct, and delete their data. Changes to the policy are communicated via email, and questions can be directed to privacy@morphcast.com.
MorphCast® Emotion AI for ZOOM – Privacy & Cookie Policy
MorphCast Inc., a Delaware corporation with its legal address in San Rafael, California, is committed to maintaining the privacy and security of your personal data under the applicable privacy legislation, including the General Data Protection Regulation UE 2016/679 (“GDPR”). The contact details of Morphcast are indicated within the “Questions?” section below.
This Privacy Policy applies to the product MorphCast Emotion AI for Zoom Plugin (the “Service”). This Privacy Policy explains Morphcast’s collection and disclosure practices of the Registered User’ Personal Data (as defined below) of the persons, companies or organizations using the Service (“Registered User”) to which the Service is exclusively addressed, as explained by the relevant Terms of Use, and applies solely to the Registered User’ Personal Data that we collect through the Service (and not also through the MorphCast website and/or other tools made available by Morphcast not based on MorphCast Emotion AI for Zoom Plugin). For the privacy regulation of other services offered by Morphcast, including MorphCast Emotion AI Interactive Media Platform, you may refer to the other policies adopted by Morphcast which may apply in this respect, as available in the page at this link: mission. For the privacy regulation of Zoom service embedded in MorphCast Emotion AI for Zoom Plugin you may refer to the policies adopted by Zoom US which may apply in this respect, as available at this link: Zoom Privacy Statement.
Acceptance of Privacy Policy
– By using the Service, you signify your acceptance of the relevant provisions of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Service. Your continued use of the Service following the posting of changes to these terms will mean that you have accepted those changes.
Categories of Registered User’ Personal Data we collect and how we collect it
As for the modalities through which Morphcast can collect the Registered User’ personal data (“Registered User’ Personal Data”), please note that such modalities are determined by your use of the Services. By way of example, you may provide your personal data through sending email in order to voluntarily contact Morphcast, and through other interactions with the Services. Morphcast processes the Registered User’ Personal Data, according to the terms of this Privacy Policy, as data controller. The specific categories of such Registered User’ Personal Data processed by Morphcast consist of the following identifying information:
– You may provide personally identifiable information about yourself when using the Service by expressly authorizing Zoom to provide Morphcast with the data related to your profile and your video conferences:
id | User’s Zoom ID Zoom |
Email the user used to register for the Zoom service | |
first_name | name |
last_name | User |
type | ‘s account type (eg. Basic, licensed, ect) |
timezone | Time zone of the user |
pic_url | URL of the profile picture of the user |
Zoom, always under your authorization, also makes available data relating to your videoconferences. Of these data, Morphcast reads and uses only the following:
id | Id of the meeting |
uuid | Unique id of the meeting |
agenda | Description of the meeting (maximum 2000 characters) |
duration | Duration of the meeting |
type | Type of meeting (e.g. instantaneous, recurring, etc.) |
start_time | Date and start time of the meeting |
start_url | Url with which the Zoom account owner starts the meeting |
status | Status of the meeting (e.g. Waiting, Started) |
topic | Title of the meeting |
join_url | Url that allows Guests to join the meeting |
– You may provide personally identifiable information about you when using the Service, such as: first and last name and Registered User’s or organization’s related administrative contact, email address, physical address and other unique identifier, financial processing and payment information, as well as statistical data daily on the use of the Service, aggregated by reference pages in which the Service is implemented such as, by way of example and for this applicable, the license key assigned to each Registered User under the Terms of Use of the Service available at the link MorphCast Emotion AI for Zoom – Terms of Use and the Conditions of Use of other MorphCast services, available in the links contained in the page mission, number of times the Service has been requested, initialized, authorized and started, number of errors that may have occurred, number of frames analyzed and usage time spent using the Service by each user.
– Furthermore, if the Registered User, Zoom account owner, as organizer of the videoconference/webinar, henceforth also called “Host“, has activated the MorphCast Emotion AI analysis available in the Service and the guest of the videoconference/webinar has expressly agreed to be analyzed, Morphcast is appointed responsible of the processing by the Registered User, as data controller, of additional categories of personal data (“Guest Personal Data”) exclusively for the purpose of their conservation and related accessibility by the Registered User. The specific categories of Guest Personal Data consist of the following information: name entered by the guest prior to participation in the video conference/webinar; with a certain degree of accuracy, the dominant emotions according to the model of Paul Ekman; mood, level of attention and involvement (Russell’s circumflex model of affects based on arousal and valence).
– As regards the Host, Morphcast, through the MorphCast For Zoom application, uses cookie and localstorage of the browser for its correct functioning. When you connect with your Zoom account, a cookie is provided to your browser containing:
Mph JWT | JSON web token used to authenticate all requests that occur between client and server. Without it, no requests from the client will be processed by the server |
Zoom Access Token | Token provided at login via OAuth 2.0 flow, allows the server to interact with the Zoom APIs. This token has a fixed validity time decided by Zoom. |
Zoom Refresh Token | Token that allows you to obtain a valid Access Token in case the previous one has expired. |
The data indicated above are not accessible from the Host as they are encrypted and decrypted by the server. Encryption takes place using the advanced AES-256 encryption standard with a unique initialization vector (Techtarget: definition of initialization vector). This makes it very difficult for a hacker to decrypt the contents of the cookies.
In addition to this, MorphCast for Zoom saves the timestamp indicating the expiration of the tokens in the Host’s browser local storage, information that is used to decrease Client-Server interactions and therefore speed up the user experience.
In addition to those used by Morphcast in the MorphCast for Zoom application, once you enter a video conference/webinar, Zoom also uses cookies to:
· enable basic functionality
· analyze trends
· understand when and how you visit and interact with Zoom websites
· collect information about your device and settings
· enable third-party advertising on its websites
Source: Information Cookie Statement powered by zoom.us.
Depending on your jurisdiction, Zoom requires your prior consent for different types of cookies or allows you to refuse them. Zoom cookies are also used for Guests, who instead will not have cookies or data in localstorage by MorphCast for Zoom.
– Finally, Morphcast may also collect personal data when users browse the MorphCast website through their browser’s cookies. In that case, please refer to the Website Privacy & Cookie Policy available on the website.
– Under no circumstances does Morphcast collect any special categories of personal data, as defined by Article 9 of the GDPR.
– Under no circumstances does Morphcast collect any special categories of personal data, as defined by Article 9 of the GDPR.
Methods of processing Registered User’ Personal Data
Morphcast will process Registered User’ Personal Data using manual, paper, computer and electronic instruments, even to store, manage or process such Registered User’ Personal Data, suitable to ensure their security and confidentiality, according to the terms of this Privacy Policy and the applicable privacy legislation, including GDPR.
Morphcast will not sell, rent, license, or trade the Registered User’ Personal Data with third parties for their direct marketing use unless we receive your express consent to do so.
Furthermore, Morphcast may share specific Personal Data, such as the name and email address of Registered User, with TrustPilot solely for the purpose of allowing Trustpilot to send requests to review Morphcast’s services. This sharing of information is done with the understanding that Registered User may receive review requests from TrustPilot as part of our effort to enhance our service quality. In this process, Morphcast acts as the data controller for the personal data of the Registered User. This means that we are responsible for the collection, processing, and management of your personal data in relation to the sending of these invitations. Trustpilot, on the other hand, serves as the data processor, managing the personal data of the Registered User according to our instructions and in compliance with the applicable data protection laws.
Except for this specific purpose, and unless you provide us with permission, Morphcast will not share Registered User’ Personal Data, as collected through the use of the Service covered by this Privacy Policy, other than as specified in this Privacy Policy.
Purposes and legal basis of the processing of Registered User’ Personal Data
We may use the Registered User’ Personal Data you provide to us, in compliance with the applicable privacy legislation, when you use the Service, in the following ways:
- for the execution of pre-contractual and contractual obligations with the Registered User, including, without limitation, to allow us to provide you with a better service answering your requests and to quickly process your transactions. In this case, the legal basis for the processing of the Registered User’ Personal Data is the execution of an agreement of which you are part or, as applicable, the execution of pre-contractual measures adopted upon your request;
- to comply with the obligations provided for by the laws, the regulations and, in general, by the law applicable from time to time, to fulfill fiscal and accounting obligations or other obligations deriving from an order of the Authority that are related, directly and/or indirectly, to the Service. In this case, the legal basis for the processing of the Registered User’ Personal Data is the fulfillment of a legal obligation of the data controller;
- to exercise Morphcast’s rights, including, but not limited to, the right to defend itself in Court and to carry out sale, assignment, merger or other transfer of all or a portion of Morphcast’s business. In these cases, the legal basis for the processing of the Registered User’ Personal Data is the data controller’s legitimate interest.
- to send communications of promotional nature via email concerning the Service already purchased by the Registered User and/or services similar to the same offered by Morphcast (“Soft Spam Communications“); also in this case, the legal basis for the processing of the Registered User’ Personal Data is the data controller’s legitimate interest;
- to carry out direct marketing activities by sending newsletters. In this case the legal basis for the processing of the Registered User’ Personal Data is the consent that will be provided by the Registered User once they subscribe to the newsletter through the relevant consent form.
- To carry out activities to collect feedback through the Trustpilot platform, from its Registered User in order to improve the services offered in the legitimate interest of Morphcast. The user has the right to object to this processing at any time by contacting us directly or by following the instructions provided in each review invitation email.
The provision and processing of the Registered User’ Personal Data for the purposes under points a), b), and c) above is necessary for the provision of the Service and does not require your consent. Any refusal to provide the requested Registered User’ Personal Data or their inaccuracy could make it impossible for you to use the Service.
It is acknowledged that the Registered User may revoke his/her consent to receive the newsletter and/or communicate its intention to interrupt the delivery of Soft Spam Communications by sending an email to Morphcast or by using the link found in each newsletter email or Soft Spam Communication, as indicated in the following section “Rights of the Registered User”.
Data retention. The Registered User’ Personal Data that are collected for the purposes identified under the above-mentioned section “Purposes and legal basis of the processing of Registered User’ Personal Data” may be stored, in accordance with the proportionality principle, for the fulfillment of contractual and legal obligations, including those of a social security and/or tax nature, for a period not exceeding (i) the data retention period provided for by the regulations in force for each category of data, and (ii) the limitation period provided for by law in order to enforce or defend a legal claim against you or against third parties, provided that the Registered User’ Personal Data collected for the sending of newsletter for the purposes identified under letter e) above will be stored for a maximum period of 24 months unless Registered User withdraw their consent previously.
At the end of the above-mentioned data retention periods, the Registered User’ Personal Data will be deleted or made anonymous.
The Registered User’ Personal Data of Registered User that delete their personal account, where applicable, will be no longer stored, unless such storage is specifically required by a legislative provision.
Disclosures to Third Parties Assisting In Our Operations. Morphcast may share the Registered User’ Personal Data under proper data processing agreements with other companies that work with, or on behalf of Morphcast, to provide products and services, such as a cloud hosting service, a document storage company or payment processing services. These companies shall have access only to the Registered User’ Personal Data that are necessary to carry out their duties and, in any case, shall process the Registered User’ Personal Data in accordance with this Privacy Policy , the relevant data processing agreement and the applicable privacy legislation. However, these companies do not have any independent right to share this information.
Disclosures Under Special Circumstances. As already indicated under the section above “Purposes and legal basis of the processing of Registered User’ Personal Data”, letter c), we may provide the Registered User’ Personal Data to respond to subpoenas, court orders, legal process or governmental regulations, or to establish or exercise our legal rights or defend against legal claims. We believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any Registered User or any other person, or as otherwise required by law.
Referrals/Links
The Service may contain links to third-party websites that may offer information of interest. This Privacy Policy does not apply to those websites. Therefore, Morphcast recommends you to review those websites’ privacy policies individually.
Security
Morphcast understands that storing data in a secure manner is essential. Morphcast stores the Registered User’ Personal Data and other data using industry standard physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Please note, however, that while Morphcast has endeavored to create secure and reliable Service for Registered User, the confidentiality of any communication or material transmitted to or from the Service or via e-mail cannot be guaranteed in case of breaches attributable to third parties or in any case outside of Morphcast’s control.
Important Notices to European Registered User
The provided Registered User’ Personal Data are stored within the European Union. However, considering that the Service is available worldwide, as a result of technical services provided by third parties, the Registered User’ Personal Data may be transferred also to third countries outside the European Union subject to the verification of the existence of appropriate measures to ensure that the above-mentioned Personal Data is adequately protected in the country of destination, such as the existence of an adequacy decision of the European Commission, the adoption of standard contractual clauses for the protection of personal data pursuant to Article 46, paragraph 2, letters c) and d) of GDPR, or the adoption of the binding corporate rules pursuant to Article 47 of GDPR.
Rights of the Registered User
For EU regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22,
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.
2. The data subject has the right to be informed of:
- the source of the personal data;
- the purposes and methods of processing;
- the logic applied if the data are processed by electronic devices;
- the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
- the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State’s territory, as data processors or as persons in charge of the processing.
3. The data subject is entitled to obtain:
- the updating, rectification or, where interested therein, integration of the data;
- the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
- certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
- the portability of the data.
4. The data subject has the right to object, in whole or in part:
- on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
At any time, you may ask Morphcast to verify and obtain access to the Registered User’ Personal Data that Morphcast has collected in order to integrate, update, rectify, cancel or request the limitation of the processing of such data, or object to the processing (including the nature of the same in case of automated processing). You also have the right to receive the above-mentioned Personal Data in a readable and commonly used format, and have the right to transmit those data to another controller without any obstacle from Morphcast. Registered User may also oppose the processing of Registered User’ Personal Data for the sending of newsletters as well as to refuse to continue receiving Soft Spam Communications.
You can send your request via email to privacy@morphcast.com.
If you prefer, you can also mail your request to the following postal address: MorphCast Inc. 845 Fifth Avenue – San Rafael, CA 94901 (USA).
With particular regard to newsletter emails or Soft Spam Communications, Registered User may object to receiving such communications also by clicking on the link contained in each newsletter email or Soft Spam Communication they have received.
Pursuant to Article 13 of the GDPR, if you believe that the processing of the Registered User’ Personal Data infringes the legislation on the protection of personal data, you will also have the right to lodge a complaint with the competent Authority for the protection of personal data or, alternatively, appeal to the competent judicial authority.
Policy Updates
This Privacy Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display an effective date on the policy in the upper right corner of this Privacy Policy so that it will be easier for you to know when there has been a change. If we make any change to this Privacy Policy regarding use or disclosure of the Registered User’ Personal Data, we will provide advance notice through email reporting any changes to allow you to exercise your rights under the applicable privacy legislation. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.
Questions?
If you have any questions about this Privacy Policy or about MorphCast’s handling of your Registered User’ Personal Data, please contact privacy@morphcast.com or mail your request to the following postal address: MorphCast Inc. 845 Fifth Avenue – San Rafael, CA 94901 (USA).
You can use the contact details above also if you need to obtain a copy of the list of third parties to whom the Registered User’ Personal Data may be disclosed, pursuant to the terms of this Privacy Policy; this list is constantly updated and, together with a copy of the appropriate or suitable guarantees, is available at MorphCast’s head office.