Produkty

Product privacy statement

LRC-TE-0046 V28 September 2024

I. General information

Your privacy is important to us. This privacy statement explains what data Barco NV and its subsidiaries collect from you, through our products, and how we use that data (“Product Privacy Statement”). Barco NV is a public limited liability company incorporated under Belgian law, with registered office at President Kennedypark 35, 8500 Kortrijk, Belgium (“Barco”). 

 
This Product Privacy Statement can be modified, e.g. as a result of new functionalities of the Barco products. We thus advise you to check this Product Privacy Statement regularly. Any major changes will be announced via our homepage: change history.

1. When does this Product Privacy Statement apply?

Barco offers a wide range of products from projectors, display systems, medical devices, wireless presentation systems, video walls, services, and software. References to Barco products in this Privacy Statement include hardware, software and services. This Privacy Statement applies to processing of personal data through Barco Products.

The Product Privacy Statement consists of two parts. In a first general part we explain general information which is applicable to almost any Barco product. Further, in the product-specific sections below we describe our data collection practices applicable to specific Barco products. In case of contradictions between the general privacy information of Barco and the information in a product-specific section, the information in the product-specific section will take precedence.

This Product Privacy Statement does not apply to other processing activities by Barco which are not related to Barco products. In such cases the general Privacy Policy available on our website will apply.

2. Who is responsible for the processing of your personal data?

Barco products are intended for use by organizations (“end users”) and are administered and controlled by these end users.

When your organization, as an end user, is using a Barco product, your organization is responsible for the processing of these data through the Barco product and is hence the data controller. This means that your organization determines for what purposes and with what means the data are processed. If you as a data subject wish to exercise your rights as described under the last section of this Product Privacy Statement, you will have to address the end user in the first place. In this case Barco will not have the right to directly assist you.

BARCO ACTING AS A PROCESSOR – For some products, Barco processes personal data on behalf of end users; in those cases Barco acts as a processor, e.g. when Barco is managing the hosting environment of the Barco product. In that respect, Barco has created a “Data Processing Addendum” or data processing agreement as part the End User License Agreement or the Master Services Agreement, as the case may be, that includes all the terms and conditions applicable to the processing of such personal data by Barco as data processor with the aim to ensure that the Parties comply with the applicable data protection laws.

BARCO ACTING AS A CONTROLLER - In addition to the above, Barco also processes personal data on its own initiative for the purposes explained below, without receiving instructions from the end user. With regard to these processing activities, Barco itself is responsible for processing, and therefore data controller next to the processing activities by the end user. Barco only processes the personal data related to the provision of products and services in limited cases; all these cases are explained in this Product Privacy Statement.

Barco has appointed a Data Protection Officer (DPO) who will be your point of contact for any questions regarding this Product Privacy Statement. The contact details of the DPO can be found under point 8 of the general part of this Product Privacy Statement.

3. Which data does Barco process about you?

The data Barco collects as a data controller depends on the context of interactions with Barco, the choices you make, including your privacy settings and the Barco products you use.

We collect data in two ways:

i) Information provided by you

  • Contact data: when you contact Barco to activate your Barco product or for customer support or when you provide information to us, we collect your first and last name, email address, telephone number, address details (street, number, zip code, city, country), your position, your correspondence with Barco, other personal and/or contact details.
  • Login data: when you login to use a Barco service or product, we collect your user name, your email address and your IP address.
  • Support data: when you engage Barco for support and maintenance, we collect data about you and your Barco product, telephone conversations or chat sessions, any problems you experience with them and other details related to an error, incident or defective product. Depending on your product and settings, error reports can include data such as the type or severity of the problem, details of the software or hardware related to an error, contact or authentication data, log files, usernames, the content of your communications with Barco, data about the condition of the Barco product when the fault occurred and during diagnostics, and system and registry data about hardware configurations and software installations.
  • Feedback data: when you provide feedback, product reviews or service reviews, we collect the content of your feedback and review, as well as your contact details.

ii) Automatically obtained information

  • Product usage data: data about usage of the Barco products, data about the used features, the selected settings, the software configurations and performance data which helps us to diagnose problems in the products, and to improve our products and provide solutions.
  • Device, connectivity and configuration data such as hardware model, operating system version, unique device identifiers like IP address, MAC address, device certificate, …

4. For what purposes does Barco process the data?

This section generally explains how Barco uses personal data as a controller in a specific case. More detailed information with regard to the purposes of processing and the categories of personal data can be found in the product-specific sections of this statement.

a) In order to register a Barco product or to activate a license of a Barco product

We use contact data during product registration and license activation for a Barco product through www.activate.Barco.com. Following products require product registration through www.activate.Barco.com: projectors (UDX and UDM), Video walls (UniSee, LCD video walls, RPC video walls), XMS Edge and UniSee present for Windows (UPW). Following Barco products require license activation through www.activate.barco.com: Nexxis, Overture and Enterprise Virtual Matrix (EVM).

For this purpose we process data such as contact data, unique device identifiers, device data and installation location.

These data are processed on the basis of the performance of a contract.

b) In order to support the Barco products

We use data to diagnose product defects, to repair Barco products and use contact data to provide maintenance and support services. We contact you by telephone or email to inform you when warranty services end, your license expires, when a Barco product becomes end of life or end of service, when security updates are available, update you or inquire about a service or repair request.

For this purpose we process data such as contact data, support data, product usage data and device, connectivity and configuration data.

Depending on the individual case, these data are processed on the basis of the performance of a contract or Barco’s legitimate interest in informing you about the Barco Products, Barco’s product and service lifecycle management and the provision of Barco services in relation to the Barco product.

c) In order to improve and secure the Barco Products

We use data to analyse and report on the performance of the Barco products and to continually improve the Barco products, including adding new features or capabilities. For example, we use error reports to improve our products and usage data to determine what new features to prioritize. We use data to protect the security and safety of the Barco products and our customers, to detect and prevent fraud, to confirm the validity of software licenses.

Depending on the individual case, these data are processed on the basis of the performance of a contract or Barco’s legitimate business interests such as, without being limited to improving and securing the Barco products, systems and services and conducting research and development.

5. Who has access to the data?

Barco is selective in the parties to whom it discloses data and chooses them carefully. In all cases, we will ensure that sufficient safeguards for the protection and confidentiality of the data are in place.

Barco shares the data with other companies of the Barco group e.g. for the provision of technical support, for research and development purposes. 

In addition, Barco shares the personal data with third parties to perform certain (processing) activities or for Business Purposes under the California Consumer Privacy Act (CCPA):

  • cloud service providers to perform certain (processing) activities;
  • business partners who provide customer installation and service support;
  • IT service providers that provide technical support;
  • business partners who assist us in protecting and securing the Barco products and systems
  • in certain cases Barco may transfer your personal data to attorneys and external advisors if this is necessary to give Barco advice or to defend our rights;
  • supervisory authorities in case of a lawful request;
  • possible acquirers of the whole or part of Barco in the event that (a part of) our activities would be taken over by a third party.

Personal information is not sold by Barco within the meaning of the CCPA. 

Your personal data may be transferred to and/or accessible globally by Barco’s affiliated and unaffiliated service providers, including in countries where we operate and countries outside of the EEA in which the level of data protection may not be as high as within the EEA.  Barco complies with applicable legal requirements and provides an adequate level of data protection regardless of where the data are transferred or accessed. Barco also ensures that data processing is conducted in accordance with applicable data protection laws. For transfers of personal data outside the European Economic Area (EEA) Barco relies on the standard contractual clauses approved by the European Commission. If you have any questions or would like more information about the transfer of your personal data outside the EEA, you can send an email to dataprotection@barco.com.

Personal data are not provided to other parties, unless this should be required by law or a court order.

6. How long do we keep the data?

Barco will retain your personal data in a form which permits identification for no longer than needed

  • for the purposes for which it was collected;
  • for the term of the contract; or
  • as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

7. How are your personal data protected?

Barco strives to protect the data by means of technical and organisational measures, such as firewalls and secured servers that may only be accessed by a limited number of persons holding special access rights and with respect to the nature of the data.

8. Collection and use of children's personal data

The Barco products are not intended for use by children under the age of 13. We do not knowingly collect personal data from children under the age of 13 through the use of Barco products. If you are under 13 years of age, please do not submit any personal data through Barco products without the express consent and participation of a parent or guardian. If we learn that we have collected the personal data of any such individual, we will take steps to delete the data as soon as possible.

9. What are your rights and how can you exercise them?

You have a number of rights with regard to your personal data, such as the right of access, the right to rectification of inaccurate personal data, the right to erasure or restriction of processing, the right to data portability, the right not to be subject to profiling and the right to object to the processing. Some of these rights have a very specific scope or are subject to special conditions or exceptions. Please contact our DPO for any questions or requests regarding the processing of your personal data (dataprotection@barco.com). Any request to exercise a relevant right must be duly signed and dated. Barco cannot process your request without proof of your identity.

On grounds relating to your particular situation, you also have the right to object at any time to the processing of your personal data on the basis of the legitimate interest of Barco acting as a controller.

You also have the right to lodge a complaint with the supervisory authority of your habitual residence, your place of work or the place of an alleged infringement. The Belgian Data Protection Authority is the supervisory authority for Belgium and can be contacted at contact@apd-gba.be

Under the CCPA, you have the right to request a disclosure of the personal information Barco has collected about you during the prior 12 months, to request deletion of your personal information, to request a disclosure of your personal information Barco has sold or shared with third parties during the prior 12 months, or to seek information from Barco about your rights under the CCPA. To exercise any of these rights or ask additional questions, you may email dataprotection@barco.com, or send a letter to our U.S. office at :

  • Barco, Inc.
    3059 Premiere Parkway, Suite 400
    Duluth, GA 30097

If you have any further questions or complaints about the processing of your personal data, about Barco’s websites or about this Product Privacy Statement you can always contact us:

  • by e-mail at dataprotection@barco.com
  • by phone at the number 0032/56.26.22.15
  • by mail to
    Barco – Data Protection Officer
    President Kennedypark 35
    8500 Kortrijk, Belgium

If you are dissatisfied with the answer to your request, a written appeal may be filed with the ethics committee, by email, using ethics@barco.com.

Under the Texas Data Privacy and Security Act, you have the right to submit a complaint with Texas Attorney General (File a Complaint | Office of the Attorney General (texasattorneygeneral.gov) if your appeal is denied.

II. Product specific privacy information

1. MediCal QAWeb

MediCal QAWeb is the online service for high-grade quality assurance for PACS display systems. Medical QAWeb is compatible with Barco diagnostic and clinical displays and non-Barco displays.

MediCal QAWeb functionalities manages the following data:

MediCal QAWeb Agent

  • Workstation data: computer name, operating system (name and version), QAWeb Agent version
  • Workstation devices: connected monitors (brand, model name, serial number, firmware version), graphics card (brand, model, serial number, driver version), luminance Sensors (brand, model, serial number)
  • Calibration: results of monitor calibration
  • Quality Assurance / compliance: results of Quality assurance tests / compliance tests
  • a central overview of all the workstation on which a QAWeb Agent is running (asset management) – data are sent with regular intervals;
  • a central overview of all devices that are of importance for the display of medical images connected to the workstation (asset management) – data are sent with regular intervals, and when devices are connected or disconnected;
  • a central overview of calibration status and detailed QA measurements values;
  • a central overview of the compliance test results on all workstations (capable of generating notifications).

The MediCal QAWeb Agent does not store any user identification data or any patient related data.

MediCal QAWeb Relay
The relay does not store data from the MediCal QAWeb Agents; it forwards information received from the Agents to the MediCal QAWeb online service.

BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for MediCal QAWeb and is hence a processor of the organization which uses the product. Barco engaged the Microsoft Azure Services of the Microsoft Corporation as sub-processor in order to provide cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/).
BARCO ACTING AS A CONTROLLER

MediCal QAWeb hosted server application

  • Account information
    We collect information about the individual user and his organization as it is entered in the application.

    For this purpose we process contact data. On the organization level, the main contact details (name, business address and phone number) of key users are stored in order to enable Barco to make contact for support purposes.

    The data is processed on the basis of the performance of a contract.

  • Web logs
    The MediCal QAWeb hosted server application contains internal audit logs of user activity occurring through interaction on the website (user login, configuration changes).

    This is needed to be able to provide the necessary support and troubleshooting and also to create an audit trail when changes to configuration are made. The data is processed on the basis of the performance of a contract.

2. WeConnect

WeConnect is a subscription-based solution which offers a new way to optimize collaboration experiences. It supports BYOD devices through seamless network integration and promotes interaction for both in-room and remote participants. The host is in this case end user and hence the data controller.

WeConnect functionalities provide the following data:

Data viewable by the attending audience

  • Screen sharing content is visible to the audience 
  • Whiteboard content is visible to the audience attending the session
  • Silent questions, chat messages and whiteboard annotations by individual participants are visible to the audience attending the session

     

Data downloadable by host during the session
Silent questions, number of correct answers to quizzes, number of raised hands can be downloaded by the host during a session. The host can use this data to evaluate the participants. 

Data viewable when joining a session from a remote location
In order to enable participation to a session by remote participants and create an interactive experience, the following data are shared: 

  • Camera video and microphone audio of the personal device of the participant are permanently exposed to the participants s who are on-site in the same room as the host
  • Camera video and microphone audio of the personal device of the participantcan be shared with other remote participants when voice activity is detected or during a debate session. Whenever this happens an "on-air" indicator is visible in the self-view image
  • The participant can turn on/off either her camera or his microphone
BARCO ACTING AS A PROCESSOR

Barco is managing the hosting environment for WeConnect and is hence a processor of the organization which uses the product. Barco engaged Amazon Web Services Inc. as sub-processor in order to provide cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/). Barco engaged MongoDB Atlas of Mongo DB Inc., as sub-processor (https://www.mongodb.com/security) for database services and Vonage Business Limited as sub-processor for audio and video streaming services https://www.vonage.com/legal/privacy-policy/?icmp=footer_novalue_privacy.

BARCO ACTING AS A CONTROLLER  
  • In order to activate/use the service
    • Login data such as user name, email address and IP address in order to activate the service. The user has to confirm the login creation via email.
    • In case “Single Sign On” is not activated for the institute, the password chosen by the user is stored in a secure way. Barco has no access to the passwords.
    • Uploaded avatar picture to identify the participant in the session.
    The data is processed on the basis of the performance of a contract.

  • In order to evaluate the session
    Session related information such as attendance, answers to polls and quizzes, start/stop screen sharing, chats, raise hands, silent questions and whiteboard annotations.

    The data is processed on the basis of the performance of a contract and/or on the basis of Barco’s legitimate interest to continually improve its products.

  • In order to provide support
    When joining a lecture from a remote location audio and video streaming data and settings are collected in order to optimize the connection between the participant and the host:
    • The selection by the user of what content is shown in main area of the user interface, mute/unmute actions for microphone and camera.
    • Video/audio streaming quality related information such as packet loss, bandwidth, stream (dis)connection info, selected camera and microphone and screen resolution are stored.
    • Camera and microphone settings for reuse in next sessions.

    The data is processed on the basis of the performance of a contract and/or on the basis of Barco’s legitimate interest to continually improve its products.

3. Barco XMS Cloud

Barco XMS Cloud is Barco’s central management solution for ClickShare devices. This cloud-based software suite consists of a gateway, available as an appliance (XMS Edge) or as a software suite (XMS Virtual Edge). The gateway XMS (Virtual) Edge allows for monitoring, diagnostics and maintenance on premise of ClickShare devices, whilst the cloud dashboard provides a consolidated dashboard for monitoring of the ClickShare devices across multiple sites and remotely accessible. 

 BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for XMS Cloud and is hence a processor of the organization which uses XMS Cloud. Barco engaged the Microsoft Azure Services of the Microsoft Corporation as subprocessor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/). Barco engaged MongoDB Atlas of Mongo DB Inc., as sub-processor (https://www.mongodb.com/security) for database services.
 BARCO ACTING AS A CONTROLLER
  • In order to activate the service

    The user needs to create a MyBarco account. This account is used for secure authentication purposes to access the XMS Cloud portal. The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy. The user that performs the installation creates the organization tenant. This user receives an email upon completion of the registration process.

  • In order to use the service and provide support
    We process contact data such as username, email address and ip-address. The main contact details (name, address and phone number) of key users are stored in order to enable Barco to provide support (break/fix use cases and field support). 

The data is processed on the basis of the performance of a contract.

  • In order to improve the product

    We collect pseudonymized XMS Cloud platform usage data in order to generate statistics, analytics and insights. 

    The data is processed on the basis of Barco’s legitimate interest to continually improve its products.

  • In order to inform about updates 
    We process contact data such as name and email address of the key user of the organization tenant in order to inform about security updates and/or a temporary unavailability of the platform due to an update.
    The data is processed on the basis of Barco’s legitimate interest of informing the key user of the organization about security updates 

  • In order to communicate via in app notifications

    The data is processed on the basis of Barco’s legitimate interest of informing its users about issues with regard to their installation base.

  • In order to receive email notifications 

    Email notifications regarding system and installation base, marketing communication, surveys.

    For this purpose we process your contact data such as your name and email address.

    These data are processed on the basis of the individual user’s unambiguous consent. The user can at any time revoke its consent in the notification centre in XMS Cloud.

4. Demetra

Demetra is Barco’s all-in-one skin imaging system for improved skin lesion screening and follow-up. It consists of a hardware device with embedded software (the Demetra Scope) and a stand-alone web application (the Demetra Web Application). It brings multispectral dermoscopy, clinical imaging, and workflow and documentation tools as a service to make skin lesion screening and follow-up smarter and faster. 

Demetra functionalities, supported by the device and/or web application, process the following data:

User data

  • User identification data: user name, IP address
  • User contact details: name, email address, phone number, address 
  • User preferences (settings)
  • Usability data automatically captured by Barco Demetra: user activity logs, error reports, environmental data (type of browser, operating system, etc.), device internal metrics (temperature, battery status)
  • Performance feedback data: manual adjustments in output of algorithms, scoring of outputs of Demetra Analytics tools

     

Patient data/PHI

  • Patient identification data: name, date of birth, gender, patient ID
  • Patient health data: patient risk information, patient history, patient images (incl. user annotations and scoring on images, localization of those images on the body), clinical & pathology diagnosis, management/treatment, conclusion and reports of consultations 
  • Analysis data: the outcomes of applying image analysis, post-processing and algorithms on the patient data

Using the Demetra integration API, the Barco Demetra solution can exchange data with trusted 3rd party systems like EMRs (Electronic Medical Records). Via this API, patient identification data and demographics can be fed into the Demetra database from the customer’s EMR system, and consultation reports and/or patient images can be fed back from Demetra into the EMR system. This integration API is enabled on a per account basis, upon the customer’s request. 

 BARCO ACTING AS A PROCESSOR AND BUSINESS ASSOCIATE
 

Barco is managing the hosting environment for Demetra and is hence a processor and a “business associate” under HIPAA regulations of the organization which uses the product. Barco engaged Amazon Web Services Inc. as sub-processor and business associate in order to provide cloud services, (eu-west-1, EU (Ireland) and us-east-1, US East (N. Virginia)  https://aws.amazon.com/about-aws/global-infrastructure/).

Patient health data identified above, including dermoscopic images, patient health records, and other Protected Health Information (PHI), will be collected or created by the end user and will be stored in the Amazon Web Services cloud environment.  End user has entered into a Business Associate Agreement (BAA) with Barco that authorizes Barco and Amazon Web Services to transmit, store, access, and otherwise process PHI for certain purposes, including for medical care and treatment and as otherwise authorized by the patient. End user is solely responsible for properly notifying patients of the permitted uses of their PHI and, to the extent required by law, retaining proof of patients’ consent to such use. 

Barco reserve the right to make any revisions to this notice effective for PHI received or maintained prior to the date the revised notice becomes effective. 

Users with questions about this notice or the use of PHI may contact Barco’s HIPAA Privacy Officer at dataprotection@barco.com.  

 BARCO ACTING AS A CONTROLLER
 
  • In order to activate/use the service
    We collect information about the individual user and his organization as it is entered in the Demetra applications. 
    For this purpose we process contact data such as name, email address, address and phone number. Specifically, name and email address are stored for all users in order to provide functionalities such as identification and email notifications. 
    The data is processed on the basis of the performance of a contract. 

  • In order to provide access to shared patient data
    The Demetra applications allow to securely share patient data with other medical professionals through the collaboration functionality. This data is shared with non-Demetra customers by means of the creation of a Demetra guest account. This is required to grant the guest user secure access to the shared patient data (via user authentication). For this purpose we process the guest user’s contact data such as name and email address, as entered by the Demetra user who initiates the collaboration request in the Demetra applications.
    The data is processed for the purpose of the provision of health care.

  • In order to provide support
    The Demetra applications automatically collect usability data such as user activity logs, error reports, environmental data (type of browser, operating system, etc.) and device internal metrics.
    This is required to be able to provide the necessary support and troubleshooting to the individual users. 
    The data is processed on the basis of the performance of a contract.

  • In order to optimize subscription and usage
    The Demetra applications automatically collect usability data such as user activity logs, error reports, environmental data (type of browser, operating system, etc.) and device internal metrics and database statistics on account and/or user level (number of images per image type, number of patients, number of diagnoses, etc.). 
    This is required to offer information on the subscription status and usage; to provide usage recommendations to optimize the subscription and to allow the user to make optimal use of the Demetra functionalities.
    The data is processed on the basis of the performance of a contract.

  • In order to improve the product
    The Demetra applications automatically collect usability data on an aggregated level such as user activity logs, error reports, environmental data (type of browser, operating system, etc.), device internal metrics and performance feedback data (such as manual adjustments by the user in the output provided by algorithms, user scoring of outputs of algorithms) and database statistics on an aggregated  level (number of images per image type, number of patients, number of diagnoses, etc.). This is required for Barco to continuously improve the performance of the Demetra services and to provide analytics (e.g., user experience, feature set and functionality, performance of algorithms, etc.).
    The data is processed on the basis of Barco’s legitimate interest to continually improve its products.

  • In order to improve service performance and to provide analytics
    The Demetra application collects anonymized patient demographic data and dermoscopic images and related meta-data entered in or generated with the Demetra applications for this purpose – the anonymity of this data is guaranteed by the type of data that is selected for inclusion or by aggregating the data:
                   o Only demographic data and general risk factors are included, i.e., no data by which the patient can be identified
                   o Only dermoscopic images, visualizing a limited skin area of 23,7 x 13,3 mm, and related meta-data (such as image capture settings, image localization, diagnosis, etc.) are copied, i.e., no clinical images, from which the patient might be identified, are included

    This data can eg. be used to provide statistical information to the end user about analytics/AI algorithm performance on an aggregated level (i.e., aggregated across all patients and users in the Demetra database) and for the end user’s own patient population. 
    These data are processed on the basis of Barco’s legitimate interest to continually improve its products.
    The collection of these data can be disabled on account level via the settings in the Demetra web application.  

  • In order to improve service performance and to provide analytics
    The Demetra application  collect individual user performance feedback data (such as adjustments or corrections by the user in the output provided by algorithms, user scoring of outputs of algorithms), whereby Barco can identify the user who generated the data. 
    This data can eg. be used to provide information about analytics/AI algorithm performance on individual user level. 
    These data are processed on the basis of the individual user’s unambiguous consent.
  •  In order to send marketing communication to guest users
    During the guest user onboarding flow, initiated when a Demetra user makes use of the collaboration functionality (see above), the guest user can choose to give consent to Barco for using their contact data for marketing purposes.
    These data are processed on the basis of the individual user’s unambiguous consent.

5. QAWeb Enterprise

QAWeb Enterprise is an online service for high-grade quality assurance. It is the successor product of Medical QAWeb. The secure service provides functionalities to achieve consistent image quality and uptime of all PACS display systems throughout a healthcare organization, as well as features to manage display assets usage and lifecycle. The system is compatible with Barco diagnostic and clinical displays and non-Barco displays.

QAWeb Enterprise is a cloud-based software which consists of two main components:

  • QAWeb Enterprise Agent
  • QAWeb Enterprise Server

QAWeb Enterprise Agent is installed on every workstation which is intended to be connected to the QAWeb Enterprise Server.

QAWeb Enterprise Agent processes the following data and sends the information to the QAWeb Enterprise Server:

  • Workstation data: computer name, operating system (name and version), QAWeb Agent version
  • Workstation devices: connected monitors (brand, model name, serial number, firmware version), graphics card (brand, model, serial number, driver version), luminance sensors (brand, model, serial number)
  • Calibration: results of monitor calibration
  • Quality Assurance(QA) / compliance tests: results of executed QA tests

QAWeb Enterprise Server processes the data to provide the following functionalities:

  • a central overview of all the workstation on which a QAWeb Enterprise Agent is running (asset management) – data are sent with regular intervals;
  • a central overview of all devices that are of importance for the display of medical images connected to the workstation (asset management) – data are sent with regular intervals, and when devices are connected or disconnected;
  • a central overview of calibration status and detailed QA measurements values;
  • a central overview of the QA test results on all workstations (capable of generating notifications).

The QAWeb Enterprise Agent and QAWeb Enterprise Server do not store any individual user identification data or any patient related data.

 BARCO ACTING AS A PROCESSOR
 Barco is managing the hosting environment for QAWeb Enterprise and is hence a processor of the organization which uses the product (cf. Barco Data Processing Addendum). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide cloud services (region: eu-west-1, location: Ireland https://aws.amazon.com/about-aws/global-infrastructure/regions_az/).
 BARCO ACTING AS A CONTROLLER
 
  • In order to activate/use the service
    We collect information about the user and his organization as it is entered in the application (https://signup-qaweb.healthcare.barco.com).
    For this purpose, we process contact data such as name, email address, business address and phone number. 
    The data is processed on the basis of the performance of a contract.

  • In order to provide support
    We collect audit logs of user activity occurring through interaction on the QAWeb Enterprise webclient (user login, configuration changes). The audit logs are encrypted at rest with strict permission controls.
    This is needed to be able to provide the necessary support and also to create an audit trail when changes to the configuration are made (for example changes to quality assurance policies, user and permission changes, changes to organizational structure, etc …). For this purpose, we process contact data such as name, email address, address and phone number. On the organization level, the main contact details (name, business address and phone number) of key users are stored in order to enable Barco to make contact for support purposes.
    The data is processed on the basis of the performance of a contract.

6. Insights Management Suite

Insights Management Suite is Barco’s platform that allows users to manage their fleet of projectors in the cloud. The platform consists of a gateway embedded in the projector software, that allows communication of the projector with the cloud, and a cloud dashboard that provides fleet management functionalities, e.g. tracking usage parameters and enhancing remote diagnosis of projectors.

 BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for Insights Management Suite and is hence a processor of the organization which uses Insights Management Suite. Barco engaged the Microsoft Azure Services of the Microsoft Corporation as subprocessor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).
 BARCO ACTING AS A CONTROLLER
 
  • In order to activate/use the service
    We collect information about the user and his organization as it is entered during the registration and activation process of the projector. For this purpose we process contact data such as name, email address, address and phone number.

    The data is processed on the basis of the performance of a contract.
  • In order to inform about updates or outages
    We process contact data such as name and email address in order to inform about security updates and/or a temporary unavailability of the platform.
    The data is processed on the basis of Barco’s legitimate interest of informing users about security and availability of the platform.

7. SecureStream

SecureStream is a subscription-based streaming media solution which enables control room operators to collaborate with remote users. It consists of a gateway deployed on the end-user’s premise that connects to their local media infrastructure and a hosted SaaS portal that provides service management and remote collaboration functionalities.

SecureStream functionalities involve the following user data:

  • User Identification data: username, email address, IP address
  • User Environmental data: type of browser, network info
  • User Media data: Camera video and microphone audio of the personal device of the participant
  • Audit log data: user identification data is logged including information about the performed action (ie. create, delete, start, stop)
  • Usage data: start and stop stream actions are logged and usage records are created
BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for SecureStream and is hence a processor of the organization which uses SecureStream . Barco engaged Microsoft Azure Services of Microsoft Corporation as sub-processor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).
BARCO ACTING AS A CONTROLLER
  • In order to activate the service

    We collect contact about the individual user and his/her organization as it is entered in the Barco activation / SecureStream registration portal(s):

    Upon completion of the registration process, the person identified as end-user administrator as well as the person performing the installation, receives an email based on the user identification data provided.

  • In order to use the service

    We collect user identification in order to get access to the SecureStream portal:

    • The end-user administrator needs to create a myBarco account
    • The end-user administrator can decide which individuals have access to use the SecureStream service. Authenticated access may be enabled by requiring users to create a myBarco account.
    • The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy.

    The data is processed on the basis of the performance of a contract.

     

  • In order to provide support

    We collect user identification and environmental data as part of debug, info, error logs of user interactions with the SecureStream portal. All SecureStream components generate logs that are used to monitor, operate and provide support for the service.

    The data is processed on the basis of the performance of a contract.

  • In order to improve the product

User identification and environmental data is collected as part of debug, info, error logs of user interactions with the SecureStream portal which is aggregated in order to provide statistics, analytics and insight to the users of SecureStream and improve the product.

This data is processed on the basis of Barco’s legitimate interest to continually improve its products.

  • In order to inform about updates

We process contact data such as name and email address of the person identified as administrator of the organization in order to inform about security updates and/or a temporary unavailability of the platform due to an update.

The data is processed on the basis of Barco’s legitimate interest of informing its key users about security updates 

             

8. ClickShare

ClickShare is the wireless presentation and conferencing solution allowing users to share content from their personal device to the meeting room display and to use the meeting room camera and speakerphones in their conference calls.

A ClickShare setup typically consists of these components:

  • ClickShare base unit is connected to the meeting room display (ClickShare wireless presentation), camera and speakerphone (ClickShare wireless conferencing) and processes all audio and video streams of the connected peripherals, as well as all shared content.
  • ClickShare button which the user plugs in to his computer to set up the wireless connection to the base unit and exposes the room audio and video as USB devices to the computer.
  • ClickShare app which can be used with or without the button plugged in to macOS and windows devices, and processes all shared content, whether the full screen or a specific application, as well as the users’ local outlook calendar items, such as meeting title, start and end time, location and conference call links, to show them in the ClickShare app.
  • ClickShare mobile app which allows the user to share content from iOS and Android mobile devices through a wireless connection with the base unit to the meeting room screen and processes the devices screen content to do so.

Data viewable by people in the room

  • Any content shared by the host will be visible to all people in the room. If the host shares his full desktop, any pop-ups, reminders or open windows may become visible to everyone in the room.
  • Any content shared to the meeting room display can be shared to remote participants by the host of the conference call and can hence be subject to snapshot taking (ClickShare conference).
  • The meeting room audio and video can be shared to remote participants by the host of the conference call and can hence be subject to snapshot taking (ClickShare conference).

Data viewable when joining a session from a remote location

  • Any content shared to in the conference call by the remote participants is subject to being shared to the meeting room display by the host and can hence be subject to snapshot taking.
  • The camera video and microphone audio of the personal device of the attendee are subject of being exposed to the participants in the same room as the host.

Data processed by the ClickShare App installed on the user’s device for One Click Join: meeting information from the local Microsoft Outlook client, such as meeting title, start and end time, location and conference call links in order to simplify connecting to the meeting room and joining the conference call. For this purpose the ClickShare App is using the Messaging Application Programming Interface (MAPI) to connect to the local Outlook database. This interface allows a local application to access the calendar and meeting details on the computer through the privilege context of the currently logged in user. The accessed meeting information is only displayed to the user on his computer. No data is stored locally (in logs or cache files) nor does any of this data leave the user’s device. The ClickShare App only parses meeting time, subject, location and join links.

Feedback star rating after using the ClickShare App: Barco only gets access to the number of stars and optional feedback given when rating the ClickShare experience after having used the App. No personal data is being processed. This star rating is used to measure the global satisfaction level of the ClickShare experience and to measure if new features and improvements have the expected impact. The optional feedback is used to identify specific improvement opportunities for the ClickShare experience.

Microphone usage to detect a user presence in the meeting room (PresentSense): 
The ClickShare Desktop App and the ClickShare Mobile App use the ultrasound signals (inaudible to the human ear) emitted by the ClickShare Base Units to detect when a user walks in a ClickShare equipped meeting room, in order to help the user to connect to the ClickShare Base Unit instantly. The ClickShare Apps filter out all non-ultrasound frequencies. No audio is kept after use, nor is it sent to Barco. The ClickShare Desktop App and the ClickShare Mobile App only use the ultrasound signals when they’re running on the users device.

BARCO ACTING AS A CONTROLLER  

a) In order to download and use the ClickShare Desktop App
We process your personal data when you download and use the application. For this purpose we can process data such as your name, your username and any personal data shared by you.

We also collect device-specific information, such as your hardware model, operating system version, unique device identifiers and network information.

These data are processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services while you make use of the application.

b) In order to use the ClickShare Mobile App
We process your precise location and your product interactions for app functionality, both not linked to your user identity.

These data are processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services while you make use of the application.

c) In order to improve the ClickShare App
We process device-specific information not linked to your user identity, such as your hardware model, operating system version, unique device identifiers, localization and regional settings and network information, as well as what features were used, in order to further improve the products and services that Barco provides to you.

Barco processes this data for its legitimate interest to gain insight in the use of the application in order to improve its application.

9. NexxisCare

NexxisCare is Barco’s remote service product for the surgical market. This cloud-based software tool allows service engineers from our partners to remotely monitor devices in the operating room by means of collection of technical data from these devices. NexxisCare remote service allows you to detect and diagnose technical issues in the operating room proactively in order to prevent outages during surgery. 

BARCO ACTING AS A PROCESSOR
Barco is managing the hosting environment for NexxisCare and is hence a processor of the organization which uses the product. Barco engaged Amazon Web Services Inc. as sub-processor in order to provide cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/). Barco engaged Mongo DB as sub-processor (Ireland) in order to provide data base services (https://www.mongodb.com/security)
BARCO ACTING AS A CONTROLLER
  • In order to activate the service

    We collect identification/contact information about the user and his/her organization as it is entered in the Barco activation portal (https://activate.Barco.com) and the NexxisCare cloud application:
    o The user needs to create a myBarco account in order to get authenticated access to the NexxisCare cloud application. The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy.
    o Up on completion of the registration process, the person identified as administrator who created an account receives an email based on the user identification data provided. 

    The data is processed on the basis of the performance of a contract.

  • In order to provide support

    We collect information about the end user and his organization as it is entered in the application. 

    For this purpose we process contact data such as name, email address, address and phone number. On the organization level, the main contact details (name, business address and phone number) of key users are stored in order to enable Barco to make contact for support purposes, break-fix use cases, field support and to create reports regarding the historical performance of Nexxis devices in the operating room. 

    The data is processed on the basis of the performance of a contract. 
In order to receive email notifications about anomalies concerning the operating room and device status updates or issues

For this purpose we process contact data such as name and email address. 

These data are processed on the basis of the individual user’s unambiguous consent. The user can at any time revoke its consent via the user preferences. 

10. MirrorOp App

The MirrorOp Desktop App (MirrorOp Sender) allows Windows/macOS/Chromebook users to connect to meeting rooms and classrooms equipped with authorized receivers (e.g. wePresent receivers). With MirrorOp Sender, real-time screen sharing and remote desktop operations are enabled.

The MirrorOp Mobile App (MirrorOp Presenter) is the workplace/classroom companion for users on iOS and Android devices, allowing them to share content from their devices to the display. MirrorOp Presenter adds more flexibility for presenters by including the built-in browser (for showing web pages) and live camera (for sharing non-digital contents) as well as annotation tools.

BARCO ACTING AS A CONTROLLER

In order to download and use the MirrorOp App

We process your personal data when you download and use the application. For this purpose we can process data such as your username, your e-mail address and any personal data shared by you

We also collect device-specific information, such as your hardware model, operating system version, unique device identifiers and network information.

These data are processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services while you make use of the Application.

11. Web Analyzer

Web Analyzer is a tool used for projector log file visualization and analysis

BARCO ACTING AS A PROCESSOR

Barco is managing the hosting environment for Web Analyser and is hence a processor of the organization which uses Web Analyser.
Barco engaged Microsoft Azure Services of the Microsoft Corporation as sub-processor in order to provide cloud services (region: North Europe, location: Ireland  https://azure.microsoft.com/en-us/global-infrastructure/locations/).

Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).

BARCO ACTING AS A CONTROLLER  
  • In order to activate/use the service
    We collect information about the individual user and his organization when the user creates a myBarco account in order to access the Web Analyser application.
    For this purpose we process contact data such as name, email address, address and phone number.
    The data is processed on the basis of the performance of a contract.
  • In order to inform about updates or outages
    We process contact data such as name and email address in order to inform about security updates and/or a temporary unavailability of the platform.

The data is processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services.

12. NexxisLive

NexxisLive is a subscription-based streaming media solution which enables surgeons to collaborate with remote users. It consists of a gateway deployed on the end-user’s premise that connects to their local media infrastructure and a hosted SaaS portal that provides service management and remote collaboration functionalities.

NexxisLive functionalities involve the following user data:

  • User Identification data: username, email address, IP address
  • User Environmental data: type of browser, network info
  • User Media data: Camera video and microphone audio of the personal device of the participant
  • Audit log data: user identification data is logged including information about the performed action (ie. create, delete, start, stop)
  • Usage data: start and stop stream actions are logged and usage records are created
BARCO ACTING AS A PROCESSOR

Barco is managing the hosting environment for NexxisLive and is hence a processor of the organization which uses NexxisLive (cf. Barco Data Processing Addendum). Barco engaged Microsoft Azure Services of Microsoft Corporation as sub-processor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).

 

BARCO ACTING AS A CONTROLLER
  • In order to activate the service

    We collect contact info about the individual user and his/her organization as it is entered in the Barco activation / NexxisLive registration portal(s):

    Upon completion of the registration process, the person identified as end-user administrator as well as the person performing the installation, receives an email based on the user identification data provided.

     

  • In order to use the service

    We collect user identification in order to get access to the NexxisLive portal:

    • The end-user administrator needs to create a myBarco account
    • The end-user administrator can decide which individuals have access to use the NexxisLive service. Authenticated access may be enabled by requiring users to create a myBarco account.
    • The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy.

    The data is processed on the basis of the performance of a contract.

     

  • In order to provide support

    We collect user identification and environmental data as part of debug, info, error logs of user interactions with the NexxisLive portal. All NexxisLive components generate logs that are used to monitor, operate and provide support for the service.

    The data is processed on the basis of the performance of a contract.

     

  • In order to improve the product

User identification and environmental data is collected as part of debug, info, error logs of user interactions with the NexxisLive portal which is aggregated in order to provide statistics, analytics and insight to the users of NexxisLive and improve the product.

This data is processed on the basis of Barco’s legitimate interest to continually improve its products.

  • In order to inform about updates

We process contact data such as name and email address of the person identified as administrator of the organization in order to inform about security updates and/or a temporary unavailability of the platform due to an update.

The data is processed on the basis of Barco’s legitimate interest of informing its key users about security updates. 

13. Helios

Helios is a cloud application that is designed to monitor projector usage in support of SmartCare warranty contracts.  Data about how a projector is configured and being used, as well as contract details and projector installation location are used to determine if contractual obligations are being met and to give guidance about how to bring a projector into compliance.

BARCO ACTING AS A PROCESSOR

Barco is managing the hosting environment for Helios and is hence a processor of the organization which uses Helios.

Barco engaged the Microsoft Azure Services of the Microsoft Corporation as sub-processor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/).

Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).

BARCO ACTING AS A CONTROLLER 
  • In order to activate/use the service
    We collect information about the individual user and his organization when the user creates a myBarco account in order to access the Helios application. 
    For this purpose we process contact data such as name, email address, address and phone number.
    The data is processed on the basis of the performance of a contract.

  • In order to inform about updates or outages
    We process contact data such as name and email address in order to inform about security updates and/or a temporary unavailability of the platform. 
The data is processed on the basis of the performance of a contract with Barco to which you are a party, being the provision of the services.

 

14. Barco Pulse Mobile App

The Barco Pulse Mobile App allows the user to log in to one or more Barco projectors, to control these projectors, change different settings and monitor the status of these projectors. From installation, configuration, control to monitoring, users can operate multiple projectors on their personal mobile device from a distance. 

The setup requires:

  • One or more Barco projectors installed physically and connected to the LAN via either wired or wireless connection, i.e., Wi-Fi; and
  • An iOS or Android device with the Barco Pulse Mobile installed connected to the same LAN as Barco projectors.

Barco Pulse Mobile App users can add specific projectors into the projector device list either by manually adding the hostname or IP address of the projector or by selecting the discovered projectors. Barco projectors are discovered by the Barco Pulse Mobile App connected in the same Local Area Network (LAN) based on the Simple Service Discovery Protocol (SSDP). Therefore, the app will ask permission to access the local network.

Feedback star rating after using the Barco Pulse Mobile App

Barco only gets access to the number of stars and optional feedback given when rating the Barco Pulse Mobile experience after having used the app. No personal data is being processed. This star rating is used to measure the global satisfaction level of the app experience and to measure if new features and improvements have the expected impact. The optional feedback is used to identify specific improvement opportunities for the Barco Pulse Mobile experience.

BARCO ACTING AS A CONTROLLER 
  • In order to improve the product

    We process device-specific information not linked to your user identity, such as your hardware model, operating system version, unique device identifiers, localization and regional settings and network information, as well as what features were used, in order to further improve the products and services that Barco provides to you.

    Barco processes this data for its legitimate interest to gain insight in the use of the application in order to improve its application.

 

15. BPT (Barco Peripheral Test) for Alliance Partners

ClickShare Alliance Partners are companies who entered into agreement with Barco to ensure both ClickShare & Partner solutions (ie peripherals such as camera, speakerphone) stay compatible. Each quarter ClickShare will release new firmware version and Barco partners need to ensure their peripherals still work with this latest ClickShare firmware. The BPT web application helps our partners to carry out peripheral compatibility tests and submit final test report back to Barco 

BPT contains a separate software (BPT proxy software) which complements the web application, users need to download and run this software in order to collect information from ClickShare base unit and peripherals connected to the user computer.

BARCO ACTING AS A PROCESSOR

Barco is managing the hosting environment for BPT web application and is hence a processor of the organization which uses BPT. Barco engaged the Microsoft Azure Services of the Microsoft Corporation as subprocessor in order to provide certain cloud services (region: North Europe, location: Ireland https://azure.microsoft.com/en-us/global-infrastructure/locations/). Barco engaged Amazon Web Services Inc. as sub-processor in order to provide certain cloud services (eu-west-1, EU (Ireland) https://aws.amazon.com/about-aws/global-infrastructure/).

Barco engaged MongoDB Atlas of Mongo DB Inc., and Microsoft Dataverse as sub-processor (https://www.mongodb.com/security) for database services.

BARCO ACTING AS A CONTROLLER
  • In order to activate the service
    The user needs to create a MyBarco account. This account is used for secure authentication purposes to access the BPT portal. The personal data processed by Barco when setting up and activating a myBarco account is further explained in the Barco.com privacy policy . The user that performs the installation creates the organization tenant. This user receives an email upon completion of the registration process.

The data is processed on the basis of the performance of a contract.

  • In order to use the service and provide support
    We process following contact data: user name, email address and company. These contact data are stored in order to enable Barco to provide support (break/fix use cases and field support). 

The data is processed on the basis of the performance of a contract.

  • In order to improve the product
    We collect device-specific information not linked to your user identity, such as clickshare base unit and peripheral information as part of debug, info, error logs of user interactions with the BPT application, in order to further improve the products and services that Barco provides to you. 

This data is processed on the basis of Barco’s legitimate interest to continually improve its products.

16. Barco CTRL

Barco CTRL is a software platform for control rooms that simplifies workflows, deployment, and serviceability. The platform allows users to securely connect to their sources, from any location, and interact with the content on any video wall or operator desk.

Barco CTRL is an on-premise solution so the end user's system administration team is in full control of all operational data. There is an initial activation via activate.Barco.com.

BARCO ACTING AS A CONTROLLER
  • In order to activate/use the product:
    We collect information about the individual user and his organization when the user creates a myBarco account in order to access the activation portal.
    For this purpose, we process contact data such as name, email address, address and phone number.
    The data is processed on the basis of the performance of a contract.
  • In order to inform about updates or security fixes:
    We process contact data such as name and email address in order to inform about security or general updates of the product.
    The data is processed on the basis of Barco’s legitimate interest of informing users about the security and availability of the product.