VEWD PRIVACY STATEMENT FOR PRODUCTS AND SERVICES

VEWD PRIVACY STATEMENT FOR PRODUCTS AND SERVICES

Version date: January 7, 2021
(April 5, 2022: Table in Section 3 updated; July 4, 2022: Web Browser by Vewd added; July 11, 2022: Additional paragraphs added to Section 5)

We, Vewd Software AS, aim for full transparency about the personal data we process when you use our products and services. In this Privacy Statement, we explain, among other things, what information we collect, why we collect it, and how we use the information.

The Privacy Statement covers the following Vewd products and services:

  • Vewd Core
  • Vewd OS
  • Vewd OpX
  • Vewd Broadcast Plus
  • Vewd Browser
  • Vewd Atom
  • Vewd App Store
  • Vewd Snap 
  • Vewd Certify
  • Advertising inside Vewd Products

Our products and services are processing personal data differently. To make it easier to understand these differences, part II of the Privacy Statement describes data processing within each product/service. Part I provides general information applicable to all products and services, so part I and II should be read in conjunction. 

When we post changes to this Privacy Statement, we will include the date when the Privacy Statement was last updated. We encourage you to review the Privacy Statement periodically. In case of bigger changes, we will try to notify you directly as appropriate. 

Other privacy statements from Vewd:

1. What data we collect and why

We process different categories of data in our products and services.This includes, but is not limited to:

  • IP-addresses (which we anonymize as soon as we collect them), 
  • Location (will be aggregated at a regional level, for example city, town or other large geographical area).
  • User interaction with our products and services, including by use of Google Analytics. These interactions are anonymized before being processed
  • Vewd device ID 

We collect data for the following purposes:

  • To provide our products and services
  • Improve, debug, and maintain our products and services
  • Product development and improvement of the user experience
  • Health checks, service updates and access control
  • Measure activity with content apps provided through our service
  • Serve ads in the content apps based on your location
  • Fulfill legal requirements

Unless you are offered the option to provide prior consent to our use of your data, we process your data with legal basis in the EU General DataProtection Regulation (GDPR) Article 6 no. 1 litra (b) (because it is necessary for us to be able to provide our services to you), litra (c) (because it is necessary for compliance with a legal obligation), or litra (f) (because it is necessary for us in order to pursue a legitimate interest and this interest is not overridden by your interest in us not processing the data). 

See part II of this Privacy Statement to read more about data usage and purposes within each of our products.

2. How we collect data

Generally, we collect data:

  • When you provide it explicitly to us
  • When you log on to use those of our services that require login
  • When you use our products and services, including when you use our services embedded in third party electronic products such as TVs and set-top boxes
  • If third parties share your data with us

When we collect your data at end user level, we associate it with a Vewd Device ID and an IP-address. The IP-address is anonymized when we receive it. 

To collect information automatically, we use cookies, web beacons, our own data-collection tools and various third-party services.

3. Third party websites and services

Some third-party sites may monitor data traffic from our products and services, such as numbers of hits. The data may include IP addresses, but not other information that may identify you directly or indirectly. 

The user interfaces of Vewd OS, Vewd OpX, Vewd Broadcast Plus, Vewd Browser, Vewd Snap and Vewd App Store may seamlessly include and display third party content originating on servers that are not under our direct control (e.g. lists of videos, images, video content, live TV schedules, etc.) Such content is retrieved using web technologies, similar to those used within any website; you should be aware that in the process of retrieval, some third parties can collect your IP address, and store cookies on your device.

This Privacy Statement does not cover third-party content, apps or websites you access or use through our products and services. We do not control the privacy and security practices or policies of these third parties and their apps/sites. We encourage you to read the privacy statements which apply to the third-party content, apps and websites you use.

For powering the user interfaces of Vewd OS, Vewd OpX, Vewd Broadcast Plus, Vewd Browser, Vewd Snap and Vewd App Store we may use third party services on servers that are not under our direct control (e.g. content delivery networks for improving access to online resources, image or video processing servers for transforming the original video/image material before display in the user interface, etc.). The usage of such services is based on web technologies, similar to those used on websites; you should be aware that some third parties can collect your IP address, and store cookies on your device.

Here is a list of third parties that we use to support our products:

Service Name Purpose Privacy policy
Google Analytics Provide analytics services https://policies.google.com/privacy 
Amazon Web Services Web hosting https://aws.amazon.com/privacy  
SpotX Advertising https://www.spotx.tv/privacy-policy 
Imgix Image processing https://www.imgix.com/privacy
Nielsen/Gracenote Metadata delivery https://www.gracenote.com/privacy-policy/
Freeview Play Metadata delivery in UK only https://www.freeview.co.uk/privacy-notice
Google Firebase Cloud Messaging Server-pushed notifications, only for Vewd Device Management https://firebase.google.com/support/privacy

4. Information security – how we protect your data

We have implemented organizational and technical procedures and measures that will ensure that your personal data is not compromised, not unintentionally changed, and available when required. Such measures include for example access restrictions and controls, back up routines, and disaster recovery routines.

We review and update our working procedures regularly to improve your privacy and ensure that our internal policies are followed. We strive to promptly correct any non-conformance with these policies.

5. How we share your data

We may share your data:

  • To government bodies and law enforcement agencies to comply with the law, for example in judicial proceedings, by court order or other legal process;
  • To third parties (including professional advisors) to enforce or defend our legal rights, including our terms of service and/or end user license agreement;
  • To a third-party purchaser or seller (including professional advisors) in connection with a corporate event such as a merger, business acquisition or insolvency situation; 
  • To data processors processing the data on our behalf, such as advertising networks, cloud storage providers and providers of analytics services; and
  • As described elsewhere in this statement.

Some of our products and services include third-party technology or code that may use the collected data. We may share anonymized and/or aggregated sets of data with our partners and other trusted third parties.

If we transfer personal data to processors or other controllers who are not located in the EU or otherwise not approved as safe countries by the EU, such transfer is safeguarded by entry into the EU’s standard contractual clauses for transfer of personal data to third countries.

When using Google analytics, we will share data with Google Ireland. As Google Ireland is part of Google, an American company, American authorities may request that Google Ireland disclose your data to them. U.S. privacy law does not meet the privacy requirements protecting European citizens. US authorities have a broad right to demand access to the information Vewd stores about you, and you do not have the right to complain about the processing of your data.

To minimize the privacy impact of use of Google analytics, we have:

  • Turned off sharing in Google Analytics
  • Turned on IP anonymization
  • Signed our Agreement with Google Ireland, and they have provided us with a transfer impact assessment (TIA).

6. Retention and deletion

We retain personal data only as long as necessary for processing it in accordance with the purposes described in this statement, or as otherwise necessary to comply with applicable laws. When your data is no longer necessary or relevant for our purposes, or required by applicable laws, we take steps to have it deleted, aggregated or made anonymous.

You can find out if we hold any personal data about you by contacting us. You may be asked to prove your identification so that we can verify who is making the request. If we hold information about you, you can ask us to correct any mistakes and delete any excessive information.

7. Access, correction and deletion of personal data

You have the right to access the personal data we have registered about you. For profile information, if any of the information we have registered about you is incorrect, we encourage you to make changes to your profile. You may also withdraw any consents you have given at any time. Feel free to contact us for assistance.

8. Cookies

We use cookies and other similar technologies to enhance the user experience and make the most effective use of the service. A cookie is a piece of data sent from an online site that is visited and stored locally on the user’s device. The purpose for using cookies is to maintain data related to device identity, device-level preferences, user accounts, account settings, user preferences as well as to evaluate and compile statistics about user activity. Most browsers accept cookies as default. For Vewd Snap and Vewd App Store you cannot decline cookies as the use of cookies is inherent to the technology. 

9. Your right to file a complaint

If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (Norw: “Datatilsynet). You should always contact us directly before sending a complaint to the Norwegian Data Inspectorate, so that we can try to solve or clarify the issue. 

10. Controller and contact information

Vewd Software AS, organization number 916 368 011, Fridtjof Nansens Plass 5, 0160 Oslo, Norway is the controller of personal information processed under this Privacy Statement. 

If you have any questions about the Privacy Statement or any other questions regarding our privacy practices, please contact us at: privacy@vewd.com.  

PART II – PRODUCT AND SERVICE SPECIFIC INFORMATION

Below, we describe, for each of our products and services, what data we collect, how we collect it and why.

VEWD CORE

Vewd Core is a comprehensive software package embedded in TVs and set-top boxes (devices) and used mainly to present web technology based content (such as web sites, applications and user interfaces), and to stream video and audio from content owners.

When in use, Vewd Core gathers some data from the device, and reports these to Vewd Software AS periodically.

Vewd Core is also the underlying technology for other Vewd Products, such as Vewd Snap, Vewd Browser and the Vewd App Store, and when these products are in use, Vewd Core collects data in the same way as when other applications are used (in addition to any data gathering performed by each application)

All data collection by Vewd Core is governed by the following principles:

  1. Any data collected by Vewd Core is in accordance with this Privacy Statement
  2. In order to continually innovate and improve Vewd Core and related products and services, Vewd collects certain usage statistics from devices including, but not limited to, information on how the product is being used and how it behaves.
  3. Data from Vewd Core is always anonymised immediately, and un-anonymised data is not stored or shared internally or externally
  4. The data collected is used in the aggregate to improve Vewd Core and related products and services. To detect usage and market trends, and to track quality problems with Vewd products.
  5. Manufacturers and Content (App) Owners may have access to certain aggregated data collected by Vewd via their Vewd Analytics Console but personal data from Vewd Core is not shared with any 3rd party.

A more detailed overview of the data gathered by Vewd Core:

Data we collect Purpose Legal basis Retention
Unique Device ID 

Identification of the device.

Without the ID we cannot link the other data points mentioned below to a device, or create aggregated analytics.

Legitimate interest. 

The processing is necessary to provide both our customers and end users with the service they reasonably can expect to receive from us, including a service that is error free, and which is being improved.

 Device lifetime
IP Address Network identifier of the device, anonymised as soon as it is received  Legitimate interest, see above. IP Address: 3 days until Geo-IP is obtained.
Anonymised IP Address: 26 Months

Geographical data found from the IP address:

  • Region/continent
  • Country
  • City
 Quality improvement, be able to understand usage and deployment patterns Legitimate interest, see above. 26 months

Platform data, such as:

  • Vewd Core version, build and configuration
  • Device manufacturer, model and version
  • Hardware configuration, such as available disk and memory
  • Operating system, version and configuration 
  • User-defined country and language
 Quality and improvement, link problems back to the right configuration Legitimate interest  see above. 26 months

Aggregation of usage data

  • Number of  and aggregated length of Vewd Core sessions
  • Number of  and aggregated length of sessions with App Store, HbbTV, Media Synchronisation, HbbTV OpApp, Vewd Browser and Vewd Broadcast Plus/OpX Sessions
 Product improvement, prioritise further work Legitimate interest, see above. 26 months

Video metrics

  • Number of videos started
  • List of video formats (protocol, container, codec, subtitle format, DRMm resolution and bandwidth)
  • Number of and Aggregated length of video sessions per video format

Quality improvement, prioritise further work

Problem resolution, finding patterns in problems linked to video format

 Legitimate interest, see above. 26 months

Stability data

  • Vewd Core crashes, Out-of-memory events
  • Number of video sessions with non-start, stuttering (re-buffering) and stopped playout
  • Total length of pauses due to problems 

Quality improvement, prioritise further work, monitor product quality

Problem resolution, finding patterns in problems

 Legitimate interest, see above. 26 months

HbbTV metrics

  • Number of times HbbTV App found
  • Number of HbbTV App startups
  • Number of times HbbTV App is actually used
  • Number of HbbTV Operator Apps downloaded and installed
 Quality improvement, prioritise further work Legitimate interest, see above. 26 months

Usage data

  • List of application and web site hosting domains
  • List of video hosting domains
  • List of HbbTV Application names and hosting domains with channel ID
  • List of HbbTV OpApps Application names and hosting domains
  • The number of times the URL field, search field, a Speed Dial tile and a bookmark is used from the Vewd Browser interface

Quality improvement, prioritise further work, monitor product quality

Problem resolution, finding patterns in problems

 Legitimate interest, see above. 26 months

WEB BROWSER BY VEWD

Web Browser by Vewd is an Internet Browser for TVs and set-top boxes that can be used to navigate to any web site or web application reachable on the Internet.

The Web Browser is based on Vewd Core, and therefore inherits the exact same metrics collection features as described for Vewd Core (as described in the Vewd Core section above), with some additions specific to the browser:

  • The Vewd Browser’s search feature, accessed by typing a string in the URL field or a search field, will send a search request to the currently selected search provider and display the result returned. This interaction is fully controlled by the search provider and regulated by its Privacy Policy.
  • When you access video that is protected by a licensing system (DRM), the browser accesses the services of the protection provider. This access is regulated by the Privacy Policy of the DRM Provider.
  • The Web Browser’s Home Screen feature displays bookmarks or tiles for relevant websites. These bookmarks are fetched from Vewd Cloud. Access to Vewd Cloud is regulated by the Vewd Cloud section in this Privacy Policy.
  • Private mode:
    • You can limit the information stored and collected by web pages you visit and the data collected by the browser by opening content in a Private Tab.
    • In Private Tabs, only essential usage data is collected and all data that is stored on your device by the web page (cookies, passwords etc.) is deleted when you close the tab.
  • Usage Data
    • When you install the Browser, you are asked for consent to share some data on your use of the product. With data on the usage of features such as menus, favorites, search and the Home Screen, we can optimize the browser and ensure it works efficiently and reliably. By accepting this, you consent to the use of analytics, and to the sharing and transfer of information to and from the analytics provider (at present, Google, a US corporation). At Google, the data is under US Privacy law and access may be granted to US Authorities. The actual data gathered are pseudonymised by the provider on reception (at Google Ireland).
    • We do not use this information for any kind of profiling or tracking, and do not share this data with other companies.
    • The data collected is information about the usage of the browser, such as:
      • The use of features, use of menus, buttons and features of the browser
      • The domains and videos visited with the Browser, – stripped for any personal or private information
      • Searches on the web
      • Use of the system while in the browser, such as the use of Google Assistant and Android Accessibility (Having the browser read out web content)
    • Usage data is stored up to 26 months before deleted from the analytics service.

Note that you can withdraw your consent to data sharing at any time by using the Share Usage Data command under the About command in the main menu. You can also find a link to this Privacy Policy under this About command.

VEWD BROWSER

Vewd Browser is an Open Internet Browser for TVs and set-top boxes that can be used to navigate to any web site or web application reachable on the Internet.

The Vewd Browser is based on Vewd Core, and therefore inherits the exact same metrics collection features as described for Vewd Core, with a few additions:

  1. The Vewd Browser’s search feature, accessed by typing a string in the URL field or a search field, will send a search request to the Google Search engine, and display any result from that. This interaction is fully controlled by Google, and Google’s privacy policy applies.
  2. Vewd Browser’s Home Screen feature displays bookmarks or tiles for relevant websites. Access to Vewd Cloud for this is regulated by the Vewd Privacy Policy.
  3. The Vewd Browser MAY ask for user consent to gather additional data using Google analytics or similar tools. Data collected will be information about user interactions, such as navigation in menus and on web pages, and information about features used. 

VEWD SNAP

Snap is an easy to use publishing tool to create, distribute and monetize video apps on TV. It allows content owners to create and submit an app in minutes, and enables distribution through the Vewd App Store on millions on devices.

Data we collect Purpose Legal basis Retention

Data to create content owner user account, including username, email and organization name

The support email of the CSP is displayed within the Snap app.

 The Snap app is created using an active Vewd Cloud account. Without an account, you cannot create and submit a Snap app Necessary to fulfil an agreement with the content owner. 26 months
(resets every time user is logged in)Accounts that have not been active the past 24 months will be provided with the chance to confirm that the account is still active. If not, the account and the personal data will be deleted

Google Analytics

Metrics include:

Active devices and  session data, split by

  • Day
  • Country
  • Device model

App usage data, by country and device model, such as:

  • Amount of sessions
  • Session time spent
  • Video play
  • Video loaded
  • Video close
  • Video ad impression
  • App load
  • App close
  • Search terms
 We use Google Analytics to track and monitor user behaviour within the app. The purpose is to ensure we are able to verify if the app and its features are working as expected health wise, but to also see which features we need to improve

Legitimate interest.

The processing is necessary to be able to detect and fix errors and to develop the service. 

 After 26 months the data will be anonymized. Thus, the data will no longer be possible to connect to you or any indirect identifier. 

VEWD CERTIFY

Vewd Certify is a developer program offering extensive tools and specifications ensuring content and platform owners can build and scale apps across Vewd enabled devices.

Vewd Certify consists of four web-pages towards external developers, content owners & customers, where we have applied standard configured Google Analytics for user behaviour reasons. We also store user account information for login purposes.

Overview of the Vewd Certify web pages:

  1. Submission portal (Vewd Cloud)
    1. URL: https://submission.cloud.vewd.com/ & https://my.cloud.vewd.com/
    2. Purpose: Landing page & submission portal – requires login
  2. Account portal (Vewd Cloud)
    1. URL: https://accounts.cloud.vewd.com/
    2. Purpose: Account creation, login & reset
  3. Vewd Certify for Devices (VCD)
    1. https://certify.vewd.com/ & https://auth.vewd.com/
    2. Purpose: Certify Vewd enabled devices by running automated test-cases 
  4. Developer wiki
    1. URL: https://developer.vewd.com/
    2. Purpose: Technical documentation portal – requires no login, publicly available
Data collected  Purpose Legal basis Retention

Log of anonymous user behaviour data using Google Analytics:

  • User location
  • User language
  • Page info
    • URL
    • Title
  • Behaviour:
    • Number of users and sessions
    • Session duration
    • Device models
    • Operating systems
 To provide statistics about how end-users are using the webpage and its features Legitimate interest. 26 months

User account data

  • Full name
  • Email address
  • Username
  • Organization name
 To be able to use login to Vewd Cloud services, such as Submission & VCD  Necessary to fulfil an agreement 26 months
(resets every time user is logged in)Accounts that have not been active the past 24 months will be provided with the chance to confirm that the account is still active. If not, the account and the personal data will be deleted

Additional data

  • App metadata
  • App monetization details
  • App agreement status
  • Customer project details
  • Customer device details
  • Customer certification reports
 To be able to complete app submission & and run device certification Necessary to fulfil an agreement 26 months
(resets every time user is logged in)

VEWD APP STORE

Vewd App Store is a cloud based storefront for Smart TVs and STBs with access to hundreds of apps managed from the Vewd Cloud. The service consists of a storefront user-interface which is rendered on the device using Vewd Core as a client and a backoffice which manages the lifecycle of apps using Vewd Cloud on the server-side.

The Vewd App Store consists of two main components:

1. Device Storefront: accessed by end-users

It uses Google Analytics to track end-user behaviour similar to Snap, just tailored towards events and use-cases for the storefront. It only measures end-user activities within the user-interface and doesn’t measure activities in 3rd party non-Snap applications.

2. Vewd Backoffice: accessed by Vewd and customers

Vewd Backoffice uses Google Analytics with default configuration for regular web-pages. To access the service, user account and authentication is required similar to as Vewd Certify.

Data collected Purpose Legal basis Retention
Unique device ID Identification of the device using a persistent cookie, needed to be able to link data points to a device and create aggregates and analytics

Legitimate interest.

The processing is necessary to provide both our customers and end users with the service they reasonably can expect to receive from us, including a service that is error free, and which is being improved.

 Device lifetime
IP address Network identifier of the device, anonymised by Google Analytics  Legitimate interest, see above. 26 months

Geographical data based on IP address lookup:

  • Region
  • Country
 Quality improvement & optimizations in regions and countries Legitimate interest, see above. 26 months

Platform data:

  • Customer organization name
  • Device group
  • Device model
  • App Store version including API
  • Client software version

Quality and health check: 

Ensure product is working as expected with correct configuration

 Legitimate interest, see above. 26 months

Usage data

1. Devices & Sessions:

  • Session
  • Session per user
  • Session time spent
  • Users
  • New users

2. Applications:

  • App launches
  • Average session duration
  • Top apps by usage 
    • time
    • users

3. App Store UI:

  • Visits
  • Pageviews
  • Pages per visit
  • Category impression

4. Backoffice:

  • Same as Vewd Certify
 Product improvement, prioritise further work Legitimate interest, see above. 26 months

ADVERTISING INSIDE VEWD PRODUCTS

We may display advertising in our products. Subject to your consent, such ads may be targeted, meaning that we can for example show you ads that we believe are relevant for you, or avoid showing you ads that you have seen before. Note that if you do not consent, you will still receive ads, but they will not be targeted to you.

Data collected Purpose Legal basis Retention
IP address, device make/model, app name, UA string (browser information), consent to advertising Y/N To provide ads in our products, including targeted ads.  Consent 26 months

VEWD OS / VEWD OPX / VEWD BROADCAST PLUS

Vewd OS / Vewd OpX / Vewd Broadcast Plus include the following products and services:

  • Vewd Core
  • Advertising inside Vewd Products
  • Vewd Device Management

Vewd OS / Vewd OpX / Vewd Broadcast Plus collects all data specified under the aforementioned products with the purpose and on the legal basis as indicated.

Additionally, these products collect the following data:

Data collected Purpose Legal basis Retention

Log of (anonymized) end-user behaviour

  • static labels referencing the different user interface elements displayed on the screen of the device (no screen captures);
  • navigation actions as initiated by user within the user interface;
  • application launches and exits; no activity is collected within a launched application;
  • TV channels and programmes watched by the user;
  • user interactions with the device (e.g. volume up / volume down / start / stop) and system parameters as result of these interactions
  • system parameters at regular intervals (e.g. Bluetooth enabled, quality of TV reception, etc.)
  • system events and system parameters as resulting from these events (e.g. HDMI cable connected, network lost, etc)

Providing business essential data to partners and customers, data without which such business would not be possible;

Feature prioritization and new product features rollout, A/B testing;

Problem resolution, finding patterns in problems, monitoring product quality;

Legitimate interest.

The processing is necessary to provide both our customers and end users with the service they reasonably can expect to receive from us, including a service that is error free, and which is being improved.

 26 months
Log of Vewd server-side calls connected to the calling device’s Device Identifiers.

Conducting business and allocating cost to each customer;

Feature prioritization and new product features rollout;

Performance monitoring and improvement;

Problem resolution, finding patterns in problems, monitoring product quality;

 Legitimate interest, see above. 26 months

VEWD DEVICE MANAGEMENT

Vewd Device Management is a complete end-to-end solution to register, update, configure and manage devices in the field. It is comprised of thin client software client(s) running on the devices and a suite of services available in Vewd Cloud.   

Data collected Purpose Legal basis Retention
Device identifiers (including hardware ID, Vewd Secure Device ID and other Vewd IDs)

The data is necessary for the Device Management functionality to work properly.

The system needs to identify each device individually, in order to implement proper targeting. Note that these device identifiers are not linked to actual user information (name, address, account number, etc.).

Legitimate interest.

The processing is necessary to provide both our customers and end users with the service they reasonably can expect to receive from us, including a service that is error free, and which is being improved.

 Device lifetime
Data related to the actual function of Device Inventory and Software Update (device model, device attributes, location, date/time of registration, date/time of connections to DM server, device configuration, software packages installed, their versions, info about update processes, potential errors)

The data is necessary for various parts of Device Management functionality to work properly

For example we cannot implement software update properly without knowing what software packages and what versions are installed on the device.

 Legitimate interest, see above. Device lifetime
Device logs created by any Vewd software running on the device, like for example Vewd Core These data might be needed for troubleshooting problems and improving the products. Legitimate interest, see above. 26 months