We use Zoom to hold phone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). Zoom is a service of Zoom Video Communications, Inc., which has its headquarters in the U.S.
When Zoom is used, different kinds of data are processed. The scope of the data also depends on what information on data you have provided before or during participation in an “online meeting.”
The following personal data may be the subject matter of processing:
Information on the User
First name, last name, phone no. (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Subject matter, description (optional), participant IP address, device/hardware information
For Recordings (Optional)
MP4 file of all video, audio and presentation records, M4A file of all audio recordings, text file of the online meeting chat.
For Participation by Phone
Information on the incoming and outgoing call number, country name, start and end time. Other connection data such as the IP address of the device may be stored.
Text, Audio and Video Data
You have the option of using the chat, question or survey function in an “online meeting.” In this regard, the text entries made by you are processed in order to show and possibly log them in the “online meeting.” To allow for the display of video and to play back audio, the data from the microphone of your end device and from any video camera on the end device are processed accordingly during the time of the meeting. You can turn off the camera or silence the microphone at any time via Zoom applications.
In order to participate in an “online meeting” or to enter the “meeting room,” you must provide at least your name details.
If we want to record “online meetings,” we will communicate this to you transparently in advance and – if required – request your consent. The act of recording is also shown to you in the Zoom app.
If it is required for the purpose of documenting the results of an online meeting, we will record the chat contents. That is usually not the case, however.
In the event of webinars, it is also possible that we will process the questions asked by webinar participants for the purpose of recording and processing webinars.
If you are registered at Zoom as a user, then reports on “online meetings” (meeting metadata, data on phone dial-in, questions and answers in webinars, survey function in webinars) can be stored for up to one month at Zoom.
Personal data processed in connection with participation in “online meetings” are fundamentally not shared with third parties, if they are not intended for sharing. Please remember that the contents from “online meetings” as well as during personal discussion meetings are frequently intended to communicate information to customers, prospective customers or third parties and are therefore intended for sharing.
The provider of Zoom receives the necessary knowledge of the aforementioned data, if this is required as part of our contract data processing agreement with Zoom.
Zoom is a service that is provided by a company from the U.S. The processing of personal data also takes places in a third country. We have concluded a contract data processing agreement with the provider of Zoom so that the requirements under Art. 28 GDPR are met.
An adequate level of data protection is guaranteed, inter alia, by the conclusion of so-called EU standard contract clauses. As supplementary protection measures, we have also set up our Zoom configuration so that only data centers in the EU, EEA or secure third countries such as Canada or Japan are used for holding “online meetings.”
Legal Basis of Processing
If personal data are processed by employees of “LUXX United GmbH,” Sec. 26 of the German Federal Data Protection Act [BDSG] serves as the legal basis for the data processing. If personal data in connection with the use of Zoom are not required for the establishment, execution or termination of the employment relationship, but are nonetheless a fundamental part for the use of Zoom, Art. 6 (1) (f) GDPR is the legal basis for the data processing. Our legitimate interest in these cases is in the effective holding of “online meetings.”
Otherwise, the legal basis for the data processing in the event of “online meetings” held is Art. 6 (1) (b) GDPR, if the meetings are held as part of the contractual relationship.
If there is no contractual relationship, the legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is also here in the effective holding of “online meetings.”