We use Zoom to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). Zoom is a service of Zoom Video Communications, Inc. which is based in the USA.
When using Zoom, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.
The following personal data may be processed:
User details
First name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Meeting metadata
Topic, description (optional), attendee IP addresses, device/hardware information.
For recordings (optional)
MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
For dial-in with telephone
Information on incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
Text, audio and video data
You may have the opportunity to use the chat, question or survey function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications.
To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in the Zoom app.
If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. However, this will not usually be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up on webinars.
If you are registered as a user with Zoom, then reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by Zoom for up to one month.
Personal data processed in connection with participation in “online meetings” will generally not be passed on to third parties unless it is intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients
The provider of Zoom necessarily receives knowledge of the above-mentioned data to the extent provided for in our order processing agreement with Zoom.
Zoom is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of Zoom that complies with the requirements of Art. 28 DSGVO.
An appropriate level of data protection is guaranteed, among other things, by the conclusion of the so-called EU standard contractual clauses. As a supplementary protective measure, we have also configured our Zoom so that only data centres in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.
Legal basis for processing
Insofar as personal data is processed by employees of “LUXX United GmbH”, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Zoom, Article 6 (1) (f) DSGVO is the legal basis for data processing. In these cases, our legitimate interest lies in the effective implementation of “online meetings”.
In addition, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective conduct of “online meetings”.