In the following, we would like to inform you about the processing of personal data in connection with the use of Zoom.
Responsible entityThe entity responsible for data processing directly related to online meetings is Global Young Academy as part of the Leopoldina e.V. Note: Zoom as a service provider is responsible for the data processing once you access their website. This is only required to download the software for using Zoom. You can use Zoom by entering the respective meeting ID and, if necessary, additional access data for the meeting directly in the Zoom app. If you do not wish to use the Zoom app, you have the basic functionality available via the browser version accessible through the Zoom website.
Which data is processed?When using Zoom, the service processes different types of data. How much data it will process exactly, somewhat depends on how much (additional) information you enter before and during an online meeting. Personal data that may be processed: User information: first name, last name, telephone (optional), e-mail address, password (if single sign-on is not used), profile picture (optional), and department (optional) Meeting metadata: subject, description (optional), participant IP addresses, device / hardware information For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat. When dialling in with the phone: information on the incoming and outgoing phone number, country name, start and end time. Further data such as the IP address of the device may be stored. Text, audio and video data: You may have the option of using the chat, question or survey functions. Text entries you make are processed in order to display them and, if necessary, to record them. The data from your microphone and any video camera on your device will be processed during the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom app. To take part in an online meeting or to enter the meeting room, you must at least provide some information about your name.
Extent of data processingWe use Zoom to organise and run some of our online meetings. Some of these meetings will be recorded. In this case, you will be informed in advance and asked for your consent. If and when a recording is running, the Zoom app will display this information. During web seminars, we might process the questions asked by participants for the purpose of recording and following up webinars. Same applies for chats during normal online meetings, as Q&A sessions are then usually run chat-based. If you are registered as a user at Zoom, reports on “Online Meetings” (meeting metadata, data on telephone dial-in, questions and answers in webinars, survey function in webinars) can be saved for up to one month in Zoom. An automated decision-making acc. to Article 22 EU GDPR is not used.
Legal basis for data processingData processing is carried out in accordance with and on the basis of the General Data Protection Regulation (GDPR) and other applicable data protection regulations:
- for the (voluntary) use of Zoom in accordance with Art. 6(1) a GDPR (consent)
- for the performance of official duties pursuant to Art. 6(1) e, para. 2, 3 GDPR
- for employees and staff pursuant to Art. 6(1) b GDPR