The Broadband Forum of 5177 Brandin Court, Fremont, CA 94538, USA (BBF, We, Us) is committed to protecting and respecting your privacy.
This policy describes the personal data that we collect, how we use it, how we store it, and when we delete it.
We host several software tools to support our work. Users sign up for the tools using their full names and corporate email addresses and can then optionally enter personal profile information (photos, phone numbers, social media usernames, website addresses, descriptive text, company name, job title, department and location).
The stored personal data consists of users’ full names, corporate email addresses, (optional) personal profile information, and hashed passwords. If requested, personal email addresses are also stored (and are used for communicating with the user).
The tools also store additional information that is necessary for their operation. This data indicates how and when the tools were used by individual users.
The tools maintain log files in order to diagnose and resolve problems. These log files may contain information relating IP addresses to user email addresses.
The tools use “cookies”, i.e., information that is placed on your computer or other device when you visit the tools’ web sites. These cookies allow you to remain logged into the tools and to move between tools without the need to log in again. You can use browser privacy functions to delete or block cookies, but this may make use of the tools less convenient.
We use Google G Suite groups for BBF email lists. Users are subscribed to these groups using their email addresses, and no other personal information is stored.
You may be automatically subscribed to some BBF email lists, e.g., BBF members are automatically subscribed to the “memgen” (all members) list. You can directly manage your subscriptions to other email lists, and you may also be subscribed to other lists appropriate to your role(s) within BBF.
We use Google G Suite calendars for BBF teleconferences. Users are invited to teleconferences using their email addresses, and no other personal information is stored.
Google maintains log files in order to diagnose and resolve problems. These log files may contain information relating IP addresses to user email addresses.
We use other legacy and external systems to store company and user information, manage teleconferences and webinars, handle meeting registrations and payment, manage interactions with individuals and companies who have expressed interest in our work, and send emails on our behalf.
These legacy and external systems include:
In all these systems, users are identified by full name and/or email address (usually corporate email address, but personal email addresses are used if requested).
The following company and user information is stored:
Email addresses may be provided directly and voluntarily by individuals who have supplied business cards or signed up for webinars in the expectation that we will store their details. We keep track of the provenance of this information, and we never purchase contact lists from third parties.
We do not usually process or store credit card details (these are supplied directly to a third party payment processor). However, we can receive credit card details, e.g., via secure email, from users who are unable to access the payment processor. In this case the data is deleted immediately after use.
We sometimes receive passport details to be included in visa letters for users who wish to attend our meetings. It can be helpful to retain these details for future use, but we only do this on the explicit request of the passport owner.
We use Google Analytics for tracking usage of our web sites. The data collected is associated with IP addresses, and may contain information relating IP addresses to individual users or households.
Legacy and external systems may maintain log files in order to diagnose and resolve problems. These log files may contain information relating IP addresses to user email addresses.
Email addresses are used to identify users, i.e., as usernames for the various tools. They can be used in several ways:
Email addresses are also used for contacting users. This can happen in several ways:
We use full names to provide “user-friendly” ways of referring to users, e.g., we might refer to a user as “Edgar Example” rather than as firstname.lastname@example.org.
Personal profile information is (optionally) provided by users for use by other users. We don’t rely on this information or make use of it in any way.
As already discussed, we may receive and use credit card details, but we will never store them. Also, we may receive and use passport details, but we will only store them at the explicit request of the owner.
Authorized users of our software tools and email lists can view the following personal information:
Webinar attendance lists are shared with:
Meeting attendance lists (full names, email addresses and companies) are shared with:
Your personal data will never be made publicly available, will never be shared with any other third parties, and it will certainly never be sold.
All personal data is stored on secure servers, and all communication with these servers is encrypted using industry-standard technologies. Passwords are never stored in plain text (only hashed passwords are stored).
Personal data may be transferred to and stored at a destination outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA.
On your request, or if you change employer, or if your employer's relationship with BBF lapses, we will disable your access to all tools and remove you from all BBF email lists.
All messages sent to email lists include information on how to unsubscribe from the list. Requests to unsubscribe from email lists are always dealt with in a timely manner, but note that we will not normally be able to unsubscribe you from lists that are associated with your role(s) within the BBF.
If your tools access is disabled and/or you are removed from an email list, your personal data is hidden from other users but the historical record of your past activities is not deleted:
In contrast, metadata is subject to a data retention policy as follows:
Note that personal data may persist in stored archives and backups, which will be retained in accordance with our data retention and disaster recovery policies. These backups may persist for an indefinite period of time, but are not available for active data processing.
You have the right to access your personal data. To request access, or to ask any other privacy-related questions, please email email@example.com. If a request comes from an email address that we don’t recognize, we will need to verify your identity.
The BBF data privacy officer and EU representative is William Lupton, firstname.lastname@example.org.