Other privacy policies
Zoom Privacy Notice and Usage Guideline
Version 1.0 /Jun 26, 2023
Purpose of this Notice:
This Privacy Notice informs you about our use of „Zoom“ for online meetings, teleconferences, discussion rounds, presentations, and/or webinars (collectively, „Meetings“). Zoom is provided by the Zoom Video Communications, Inc., 55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA („Zoom“/ Processor).
Name and Contact Details of the controller
The responsibility of remerge GmbH solely covers the services of Zoom concerning the provision of video conferences.
Address: Heidestr. 9
Post/Zip Code: 10557
City/Town: Berlin
Country: Germany
In addition, to the data processing described in this notice, Zoom processes further personal data in the apps and on the websites www.zoom.com and www.zoom.us under their own responsibility as an independent data processing controller. We do not influence this data processing, so Zoom is solely responsible for it under data protection law. More information on the processing under the control of Zoom can be found here: https://explore.zoom.us/de/privacy/.
For which purposes is the data processed?
We use Zoom for several use cases:
- Recruiting Interviews: remerge plans and conducts the interviews via Zoom Meetings to get in touch with the applicants;
- Staff Training: To provide our employees with the knowledge and skills they need to perform their jobs and improve their performance, we use Zoom to reach and train many employees;
- Internal Team Meetings: For the coordination of work processes and work planning, but also the communication of information and the agreement of goals, remerge uses Zoom for internal team meetings;
- Meetings with Clients/Product Demonstration: For meetings and maintaining contact with customers, remerge uses Zoom;
- Meeting with Providers/Partners/Suppliers: For meetings and maintaining contact with providers, partners, and suppliers, remerge uses Zoom.
Your data is processed for the following purposes:
- to conduct meetings effectively and simply, to record meetings to save discussions and presentations for later view, self-improvement, and sick or absent employees, if you have agreed, to provide, update, secure and real-time monitor the service, to resolve issues, bugs, and errors as well as to provide support, where Zoom acts as our processor in our behalf, and
- for billing, account, customer relationship management, and correspondence, complying with and resolving legal obligations, abuse and virus detection, prevention and protection, and, only for aggregated/anonymized data, to improve and optimize the performance and core functionalities, for internal and financial reporting, revenue and capacity planning, and forecast modeling, where Zoom acts as an independent controller (privacy notice).
Data Subjects
The data subjects whose personal data are processed are the employees, prospective employees, customers, prospective customers, suppliers, and partners.
What is the legal basis for the data processing?
The legal basis for the processing of your data is as follows:
- the necessity for the performance of your employment agreement according to Art. 6(1)(b) GDPR associated with § 26(1)(1) BDSG (employees), and
- our legitimate interest according to Art. 6(1)(f) GDPR, described in the purposes.
Which data is collected?
The following data of participants can be processed during a Meeting:
- Account information: name, contacts, account ID, billing and transaction information, account plan, account settings, authentication data (such as username and password);
- Profile and participant information: email, display name, presence status, company name, stated locale, user ID, as well as a profile picture, address book information, calendar information, and phone number, if applicable;
- Device information and telemetry data: kind of device (e.g. computer/phone); OS version and type; information about the device’s speakers, microphones, and camera; device’s identifiers (PC name, MAC address, IP address, hard disc ID); inferred location; network type; device attributes; WiFi information; event logs and service logs;
- Meeting details: meeting ID, scheduled time, registration information, invitation details, Meeting name and agenda, topic names, room names, if applicable, user categorizations;
- Shared content: presentations, data exchanged via chat (files, images, video), whiteboards, written feedback, responses to Q&A, polls, and surveys;
- Interaction data: joining and leaving a Meeting, performance data, mouse movements, clicks, keystrokes or actions (such as mute/unmute, or video on/off), features used (such as screen sharing, emojis, or filters), usage information and metrics;
- Diagnostic metadata: event logs (including action taken, event type, in-app event location, timestamp, client UUID, user ID, and meeting ID); Meeting session information (including frequency, average and actual duration, quantity, quality, network activity, and network connectivity); the number of Meetings, screen-sharing sessions, participants; Meeting host information, hostname, site URL, start time, end time, join method; performance, troubleshooting, diagnostics information;
- Support data: contact name of support requestor, time, subject, problem description, post-Meeting feedback, user-supplied attachments;
- For chat usage: chat channel title, messages sent to everyone, members or guests;
- For audio usage: input data of the microphones, as well as captions and live transcription, if applicable;
- For video usage: input data of the video camera;
- For telephone usage: phone numbers;
- For recordings: record, save, and share meeting content (such as video, audio, chat, whiteboard, captions, and presentations), audio transcripts, and chat transcripts, if applicable;
Where and how long will the data be processed?
The data is also processed in the USA. For this reason, we concluded Standard Contractual Clauses (Implementing Decision (EU) 2021/914) according to Art. 46(2)(c) GDPR, Module 1 for processing in Zoom’s controllership, and Module 2 for Zoom’s data processing on our behalf.
The data is stored as long as needed to fulfill the above-mentioned purposes. Thus, the data is mainly stored for the duration of a Zoom account or longer if there are legal obligations or requirements for legal positions to keep the data. The users themselves can delete some data. Files transferred within a Meeting’s chat will be deleted within 31 days unless the users store them.
How is your data secured?
The data is encrypted at rest (Advanced Encryption Standard (AES) 256-bit) and in transit (Transport Layer Security (TLS) 1.2 and Secure Real-time Transport Protocol (SRTP)). This also applies to recordings. Furthermore, end-to-end encryption is enabled for Meetings when available. Audio signals of phone participants will be encrypted within Zoom’s data centers, but are unencrypted in the telephone network.
How do users take part in Meetings?
To protect Meetings, they have an eleven-digit unique meeting ID, passwords (in some cases), waiting rooms, and the ability to remove participants. In Meetings, guests will stay in the waiting room until the Meeting’s moderator permits them.
How are recordings take place?
Recordings only take place for the above-mentioned purposes if the participants have agreed to the recording. They are allowed to spare a Meeting, which is recorded. To ensure the rights of participants and to protect recordings, the following applies:
- Start of recordings: Only the Meeting moderator or a designated person can start a recording;
- Consent in the recording or possibility of intervention: participants are informed before each recording and can turn off video/audio transmission at their discretion.
- Usage of microphone and video: Microphone and video are disabled by default. Every time, participants can disable their previously activated microphone and video. The moderator cannot force them to activate their microphone or video.
- Access rights: Recordings are only shared internally. However, there can be exceptions according to the use cases, but participants will be informed in anticipation and can provide consent to it.;
- Ability to download: The ability to download is disabled for regular participants;
- Password protection: Highly confidential recordings are protected by an additional password;
- Retention of downloaded recordings: Recordings are deleted after 2 years at the latest or as long as necessary for the purpose it was recorded.
What are your rights?
You have the following rights according to the GDPR:
- Right to access (Art. 15);
- Right to rectification (Art. 16);
- Right to erasure (Art. 17);
- Right to restriction of processing (Art. 18);
- Right to object (Art. 21) in case of data processing whose legal basis is our legitimate interest.
To enforce the rights according to Art. 15 to 21 GDPR, please contact us at the following e-mail: privacy@remerge.io and mention Zoom in the title. We will fulfill your rights if the legal requirements are met.
You also have the right to lodge a complaint with a supervisory authority (Art. 77), if you consider that the processing of personal data relating to you infringes the GDPR. In this case, please contact a supervisory authority, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement.