This Vimeo Data Transfer Statement (“Statement”) sets forth Vimeo’s policies and practices concerning the transfer of personal data across borders.
|Vimeo, Inc.||Vimeo (or Vimeo.com)||https://vimeo.com/privacy|
|Livestream, LLC||Livestream (or Livestream.com)||https://livestream.com/terms/privacy|
|VHX Corporation||Vimeo OTT (formerly known as VHX)||https://www.vhx.tv/privacy|
Vimeo is based in the United States. We provide services globally using computer systems, servers, and databases located in the U.S. When you use our services from outside of the U.S., your information will therefore be transferred to, stored in, and processed in the U.S.
The European Commission has determined that the transfer of personal information of its residents outside of Europe must be subject to a legal framework that adequately protects it. We transfer personal information of European Economic Area (“EEA”) and Swiss residents to the U.S. (or elsewhere) based upon the following legal frameworks:
- Legitimate business interests: We could not provide our services or comply with our obligations to you without transferring your personal information to the U.S.
- Consent: We may transfer your personal information when we receive your express, revocable consent.
- Our use of Standard Contractual Clauses (also known as “Model Clauses”) where appropriate.
- Our self-certification with the EU-US and Swiss-US Privacy Shield frameworks (“Privacy Shield”).
We adhere to the Privacy Shield principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Our Privacy Shield self-certification can be found here: https://www.privacyshield.gov/list (under “Vimeo”). Our Privacy Shield compliance is subject to the enforcement authority of the U.S. Federal Trade Commission. In addition, EEA and Swiss residents may invoke binding arbitration as set forth below.
We comply with the European Union’s General Data Protection Law (“GDPR”), which governs the protection of personal data of EU residents. To find out more about GDPR, please visit the European Union’s website, at https://ec.europa.eu/info/law/law-topic/data-protection_en.
If you require assistance or have a specific request that is not presently covered by our product features, please contact our Data Protection Officer. We may require additional information from you to fulfil your requests. We may charge a reasonable fee if your request imposes an unreasonable cost on us.
We will afford UK-based users with all rights available to EU users, regardless of the UK’s EU member status.
Controllers and Processors
Some laws, including the GDPR, differentiate between controllers and processors of data. A “controller” has a direct relationship with you and exercises control over the use of your data. The third-party vendors that help a controller provide a service are considered “processors” because they process the controller’s customer data at the controller’s request (examples are payment processors and cloud-based hosting providers).
All Vimeo entities are controllers of personal information on users who upload and live stream videos.
With respect to the Vimeo and Livestream platforms, Vimeo, Inc. and Livestream, LLC, respectively, are controllers of personal data of end users who view uploaders’ videos or live streams as these Vimeo entities have direct relationships with the end user viewers.
With respect to the Vimeo OTT platform only, the service provider, VHX Corporation, acts as a processor of the information of persons who subscribe to OTT video channels. OTT channel operators are the controllers of their subscribers’ personal information and must comply with all applicable laws in handling that information.
If you believe that Vimeo is acting as a data processor of personal information of EU residents, you may contact us to request a data protection agreement.
We are committed to working with you to obtain a fair resolution of any complaint. We encourage you to begin by contacting our Data Protection Officer. We endeavor to respond to requests promptly.
If you believe that we have not been able to address your complaint, you may seek redress through other means. We have designated JAMS as our Privacy Shield independent dispute resolution provider. If you are an EEA or Swiss resident, you may invoke binding arbitration against us through JAMS. You can read more about JAMS and how to open a claim here: https://www.jamsadr.com/eu-us-privacy-shield.
EU residents have the right to lodge complaints with the data protection authority of their country of residence.
Data Protection Officer
For any questions, inquiries, or complaints, please contact us at:
General Counsel and Data Protection Officer
555 West 18th Street
New York, New York 10011