article Privacy & Security FAQ How ClickMeeting assures compliance with GDPR? In order to ensure compliance of our activities with GDPR we have implemented an information security management system. This includes a number of technical and organizational solutions to ensure information security and the full exercise of data subjects’ rights.
We constantly monitor the ClickMeeting Platform infrastructure, ensure data encryption at rest and in transit, conduct regular penetration tests, internal training, and audits.
Our high security standards are confirmed by the ISO 27001:2022 certificate we hold. We describe our security measures in more detail here .
What security certifications does ClickMeeting have? ClickMeeting holds a number of certificates which include an ISO/IEC 27001:2022 certificate related to ClickMeeting’s Information Security Management System in the context of the ClickMeeting Platform. The certificate was issued by Bureau Veritas Certification. In addition, ClickMeeting ensures compliance with PCI DSS requirements and undergoes an annual SAQ assessment and network scanning using an approved scanning vendor (ASV).
Where are ClickMeeting data centers located? We cooperate with top European data centres that are highly available, resilient, and can withstand system or hardware failures with minimal impact. This allow our customers to use our products 24 hours a day, 7 days a week. The current list of our data centers, where personal data are hosted is available below:
Data Centre Function Data Processing Location OVH Sp. z o.o. Server rental services, cloud services European Economic Area: France, Germany, Poland Amazon Web Services EMEA SARL Cloud services European Economic Area: Germany Leaseweb Deutschland GmbH Server rental services European Economic Area: Germany
I am a ClickMeeting customer. Who is the controller of personal data about me? ClickMeeting is the data controller as regards personal data of its customers, such as name, surname, brand name, address, industry. It processes such data primarily in order to provide access to the ClickMeeting Platform. For more information regarding the purpose and scope of data processing, as well as the ways in which your personal data is processed by ClickMeeting, see our Privacy Policy available here .
I am a webinar attendee. Who is the controller of personal data about me The controller of personal data of the webinar Attendees (such as name, email, image captured during an Event) is the ClickMeeting Customer who has an account on our Platform and organizes the Event. In this case, ClickMeeting acts solely as a personal data processor, who processes data on behalf of its Customers.
Does ClickMeeting conclude and provide data processing agreements? Yes. ClickMeeting concludes with Customers data processing agreements (“DPA”) drafted by ClickMeeting. DPA is tailored to the service we provide and assures appropriate security standards. The data processing agreement template can be found here .
What is the difference between ClickMeeting processing my data and my Attendees’ data? When ClickMeeting processes the personal data of the Customer’s Event Attendees, it acts as a so-called processor. This means that ClickMeeting processes the personal data of Attendees on behalf of the Customer and in accordance with their instructions. It is the Customer who decides on the purposes, methods, and scope of processing the Attendees’ data, and is therefore the controller of the Attendees’ personal data. The Customer also independently considers all requests from Attendees regarding their personal data.
However, when ClickMeeting processes personal data concerning the Customer, such as their name, company name, address, email, tax identification number, and transaction data, ClickMeeting independently determines the purposes and methods of processing the Customer’s personal data. ClickMeeting therefore acts as a personal data controller, not a processor.
Does ClickMeeting use sub-processors to in the course of processing personal data? Yes. It is necessary to provide our services properly and at the highest level. ClickMeeting is a global company that allows you to use the service almost anywhere in
the world. Primarily because of that, ClickMeeting engages other entities in the course of providing the service to which it further entrusts the processing of personal data received from Customers. This means that there occurs the so-called personal data sub-processing.
The sub-processing in the sense mentioned above does not include any ancillary services that ClickMeeting orders from other entities to assist in the provision of the ClickMeeting service, such as for example telecommunications services, user support and communication services, auditing or the disposal of data media services. However, also with respect to such ancillary services ClickMeeting concludes adequate legal agreements and takes appropriate measures to safeguard the protection and security of data.
A detailed list of our subprocessors can be found here .
Is my Participants' personal data transferred outside the EEA? As a general rule, your Attendees’ personal data is not processed outside the EEA . All data centers on which the ClickMeeting Platform is based are located exclusively within the European Union. This means that your personal data, recordings, and presentations are securely stored in encrypted form within the EU.
However, it is worth noting that some of the network infrastructure, in particular content delivery networks (CDNs) and streaming servers, may be located outside the EEA. They are used only when an Attendee connects to your Event from a location outside the EEA to ensure fast and efficient delivery of images, presentations, audio-video transmissions. This is a standard model of online content distribution, ensuring that Event Attendees receive images and messages smoothly and without delay. Additionally, you can enable end-to-end encryption, which further ensures that only the sender and recipient of the message will be able to read it (even ClickMeeting technical staff will not be able to decrypt the messages).
Regardless of the location of these infrastructure elements, all data is protected by strong encryption both during transmission (in transit) and storage (at rest). This ensures that ClickMeeting remains a fully European service, processing data in a highly secure manner and in compliance with applicable data protection regulations.
Regardless of the location of these infrastructure elements, all data is protected by strong encryption both during transmission (in transit) and storage (at rest). This ensures that ClickMeeting remains a fully European service, processing data in a highly secure manner and in compliance with applicable data protection regulations.
How can I manage cookies placed on webinar pages? Webinar pages (profile page, registration page, logging page, waiting room, thank-you page) are under your control, we understand that you should have the possibility to manage cookies that are placed there. This may be of particular importance for Customers from the European Economic Area and the UK, as they may be required to provide certain privacy notice and/or obtain legally valid consent from visitors and attendees.
To do so, we encourage you to use our integration with the cookie consent management tool, which we describe in more detail here .
ClickMeeting places only cookies necessary for the proper functioning of the ClickMeeting Platform (session cookies, browser language cookies) on its webinar pages. Other types of cookies and similar technologies, such as analytical cookies or social media plugins, are placed only if you, as a Customer, activate such functions on the ClickMeeting Platform.
Does ClickMeeting use third-party cookies and similar technologies? Yes, ClickMeeting and its partners use cookies and similar technologies (e.g. Session Storage, Local Storage, IndexedDB) on ClickMeeting websites (the Website and the Service). The current list of our partners whose services we use or whose technologies we place on the Website or in the Service and information about is available here . In privacy policies of those providers you can find information on principles, scope and purposes of data collection and processing, as well as information how to disable the default settings of their services and the use of technologies similar to cookies.
How does ClickMeeting work with firewalls? For optimal use we recommend outbound configurations via TCP ports 1935, 80 and 443.
If you wish to organize an event using WebRTC audio-video technology, please make sure that the TCP/UDP port 443 is open.
For optimal use, make sure that UDP is open for all IP addresses available in this document .
Please refer to this document for details.
End-to-End Encryption If you want to ensure the highest level of security for your online meetings, you can use End-to-end Encryption (E2EE). In this mode, even the service provider cannot read the content of the communication.
Note that currently E2EE is not available if you join a room via the ClickMeeting mobile app, but it works if you use the browser-based version on mobile devices.
How to enable E2EE encryption?
If you want to create an encrypted event, when setting up your online meeting, go to the Details tab and enable E2EE encryption with the button. Note that due to the way encryption works, the following features will not be available during the event:
Auto-stream on social media, Auto-publishing to your YouTube channel or Dropbox account, Recording of the event, Breakout rooms, Waiting Room, Livestreaming, YouTube video launching, SMS and email invitations, EDU mode Sharing the event on social media, QR code and phone gateway, Call-to-action button, surveys and tests, live transcription, presentation and virtual whiteboard, Export of chat history, moderation and Q&A mode. The Q&A mode is at your disposal from the chat settings.
In the event room you will find confirmation that the meeting is encrypted.
When is it a good idea to use End-to-end encryption?
E2EE encryption will help you maintain the highest level of privacy. Use it in situations where confidentiality is particularly important, for example, if during a meeting:
You will be exchanging sensitive information (e.g., during business meetings), You will be discussing sensitive topics with your clients or patients, You will be sharing data that only strictly defined people can be familiar with. Can my computer get a virus or malware from attending an event? No, it is not possible. You don’t need to install anything to use ClickMeeting and all files that are uploaded and shared are scanned by anti-virus software on our servers.
How do I change my password? To change your password, log in to your account and hover over your name in the top right corner. From the drop-down menu select Account details , go to Change password and click Reset password . A link will be sent to your email address. Follow the instructions to change your password.
I want to transfer data collected on the ClickMeeting Platform. What and how can I transfer? Below you will find complete information that will be useful if you want to transfer data collected on the ClickMeeting Platform to your own infrastructure or to another provider. We also fulfill the information obligation arising from the EU Regulation 2023/2854 Data Act .
1. How can you export data from the ClickMeeting Platform and transfer it anywhere?
You can export data collected within the ClickMeeting Platform and transfer it anywhere, including to your own ICT infrastructure (information and communication technology resources) or to another provider, using the following methods:
Using the available self-service data export functions in the Account Panel (especially in the Files or Statistics tabs) and in the conference room (if you want to export whiteboard sketches); Using the API, which is extensively described in the developer zone: https://dev.clickmeeting.com/ ; If you have closed your ClickMeeting Platform Account and do not have full access to the Account Panel – by contacting the Customer Success Team via chat or other channels described here: https://clickmeeting.com/contact . However, please remember that the data you collected on the ClickMeeting Platform is stored for a limited time, according to the retention policy adopted by ClickMeeting (more in the Privacy Policy ). We do not impose any technical limits or restrictions on data export (except for standard limits on the number of requests per unit time when using the API). Data processing service on the ClickMeeting Platform does not involve highly complex or costly provider changes, nor does it prevent switching providers without significant interference with data, digital assets, or service architecture.
If you encounter any difficulties exporting data, you can always contact our Customer Success Team.
2. What is the estimated time required to download and transfer data?
The time required to download data depends on how long, how intensively, and which ClickMeeting Platform features you have used. Data export functions in the Account Panel or via API provide data in real-time.
Data export requests submitted to Customer Success Team employees are usually processed within 5 working days. According to the data processing agreement and applicable law, you have at least 30 days to download the data made available to you.
3. What data can you export?
The scope of data exportable on the ClickMeeting Platform includes data generated by you, your users, Event Participants, and the system itself during normal operation. You may configure the scope of data available for export using the API or Account Panel interface. In particular, these can be:
Event sessions, Event recordings, Event recording transcriptions, Event statistics, Chat files, Event Participants’ data, Data of persons registered for Events, Whiteboard sketches, Presentation files, Contact information. 4. What data is not exportable?
Among the exportable data, excluded are those belonging to the category of ClickMeeting trade secrets, especially data related to the architecture of the ClickMeeting Platform infrastructure and application. Examples of non-exportable data include:
Non-exportable data Data not owned by the Client (e.g., system data) Temporary system logs used exclusively for diagnostics Platform structural data (e.g., database definitions, relational structure) Data protected by ClickMeeting intellectual property rights (e.g., graphic libraries)
5. In which formats does ClickMeeting provide data?
We provide data in the following formats:
CSV / XLSX – tabular and event data, ZIP – aggregated export archives, MP4/TXT – conversational content and recordings. Additionally, Customer Success Team employees may provide data in a single compressed .ZIP file secured with a password. The link to the cloud storage through which files are shared also has a limited validity period.
6. Does ClickMeeting charge fees for providing data for transfer purposes?
No, the service is completely free – both the tools enabling data export and transfer, and the support provided by the Customer Success Team in this regard.
7. Which jurisdiction does the ClickMeeting infrastructure used for data processing on the Platform fall under?
The ClickMeeting Platform is subject to the laws of the Republic of Poland.
8. What measures does ClickMeeting take to prevent international access to data or its transfer to government authorities if such access or transfer would violate Polish or European Union law?
Data is stored exclusively within the European Union (Data centers are provided only by European companies); Transmission encryption (TLS 1.3) and SSL; Encryption of data at rest; Available End-to-End encryption functionality; Providers apply clauses obliging them not to transfer data outside the EU without prior ClickMeeting consent. Is ClickMeeting DORA compliant and what solutions does it implement? Yes. As an ICT service provider for financial entities, ClickMeeting complies with certain requirements of DORA (Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011). We have an information security management system aligned with ISO 27001:2022, which includes, among others:
Implementation of technical and organizational measures ensuring availability, authenticity, integrity, and confidentiality of processed data ICT risk management Incident handling process Business continuity plan Regular security testing and audits Employee training in cybersecurity Additionally, we offer a template agreement on ICT service security , which incorporates all key elements required by DORA. If you are a financial entity subject to DORA and need to have a signature on the template agreement, please contact us via email: support@clickmeeting.com .