skip to Main Content

    Sonic Foundry’s GDPR Compliance

    November 12, 2020

    This post was updated March 2019  — The General Data Protection Regulation (GDPR) is a comprehensive data protection law that took effect in the European Union (EU) on 25 May 2018. The regulation imposes broad data privacy protections for EU individuals, and provides a new framework for any company that collects, processes or handles personal data. GDPR replaces the 1995 EU Data Protection Directive.

    The Sonic Foundry team is focused on GDPR compliance efforts. We are continually evaluating the new requirements and have taken necessary actions to ensure we handle customer data in compliance with the law.

    What personal data does Sonic Foundry collect?

    We collect and process data through our video platform, Mediasite, including but not limited to email, IP addresses, and display name. We also collect information about videos watched, in-video quizzes, and actions performed.

    Our customers and partners may collect data relating to university registration, event registration, LMS use and more, which is passed into Mediasite.

    Sonic Foundry also collects information when individuals choose to share it with us to use our sites, products or services, register with, purchase or access certain products or services, sign up for newsletters or our e-mail list, submit inquiries, participate in online surveys or promotions, participate in user groups and discussion forums, or otherwise contact us.

    The information we collect may include your name, address, telephone number, mobile telephone number, e-mail address, photograph when provided and more. Sonic Foundry also includes an optional default privacy notice on the login page in its Mediasite product, which can be customized to suit an organization’s needs, to set up expectations for users signing into Mediasite and sharing personal information. Most of our content is available without registration, and users may opt out anytime.

    This is outlined in our Privacy Policy, updated December 2020.

    Sonic Foundry’s Ongoing Commitment to Data Protection

    Our tech and security teams have been hard at work to ensure we’re compliant with the highest standards of privacy and security.

    • European Data Center

    Mediasite Video Cloud customers in Europe are hosted in our datacenter in the Netherlands. In 2016 we adopted the Guidance Security Controls SURF Framework of Legal Standards for (Cloud) Services. SURF is the Collaborative organization for ICT in Dutch education and research. The Guidance Security Controls are a list of Security Controls that are based on international security standards and guidelines such as the ISO/IEC 27001, 27002 and NIST SP800-61r2 standards. Adopting the SURF’s Security controls is the first step to being ISO/IEC 27001 certified and provides the technical and operational foundation necessary to demonstrate GDPR compliance across employees, processes and technology. Under the framework we are subject to regular audits, updates and reviews. The most recent audit framework can be reviewed here.

    • Right to Be Forgotten

    Mediasite integrates with user stores, such as Active Directory and others, in real time. Administrators of these third-party user stores have the ability to deactivate and delete users, which is reflected in Mediasite in real time. Mediasite administrators can also anonymize user activity in Mediasite, such as viewing activity, comments and quiz results. Sonic Foundry has developed procedures to help with customer and partner queries related to GDPR compliance. Questions for those procedures should be directed to getinfo@sonicfoundry.com.

    • Data Protection Officer

    Sonic Foundry has appointed a data protection officer to oversee Sonic Foundry’s compliance efforts, including our IT policies and general business practices. If you have questions about Sonic Foundry’s GDPR efforts, please contact getinfo@sonicfoundry.com.

    Additional Resources

    Sonic Foundry Privacy Policy

    Summary of Sonic Foundry Security Control Audit

    Full text of GDPR

    European Data Protection Supervisor


    Back To Top