This Data Privacy Statement is provided in English for your convenience. Please note that in case of a dispute or discrepancy between the German Data Privacy Statement and the English translation, the German version shall prevail.
We would like to inform you below about the processing of personal data in connection with the use of Zoom.
We use the Zoom tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: online meetings). Zoom is a service provided by Zoom Video Communications, Inc. which is based in the USA.
The party responsible for data processing directly related to the conduct of online meetings is Tutao GmbH.
Note: Insofar as you call up the Zoom website, the Zoom provider is responsible for data processing. However, calling up the Internet site is only necessary to use Zoom in order to download the software for using Zoom.
You can also use Zoom if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the Zoom app.
If you do not want to or cannot use the Zoom app, then the basic functions can also be used via a browser version, which you can also find on the Zoom website.
When using Zoom, various types of data are processed. The scope of the data also depends on the data you provide before or when participating in an online meeting.
The following personal data are subject to processing:
User details: First name (pseudonym possible), last name (pseudonym possible), telephone (optional), email address, password (if "single sign-on" is not used), profile picture (optional), department (optional)
Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.
If the meeting is being recorded (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an online meeting. To this extent, the text entries you make are processed in order to display them in the online meeting and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the Zoom applications.
In order to participate in an online meeting or to enter the meeting room, you must at least provide information about your name (pseudonym possible).
We use Zoom to conduct online meetings. If we want to record online meetings, we will transparently inform you in advance and - if necessary - ask for consent. The fact of the recording will also be displayed to you in the Zoom app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
In the case of webinars, we may also process questions asked by webinar participants for purposes of recording and following up on webinars.
If you are registered as a Zoom user, then reports of online meetings (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by Zoom for up to one month.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Insofar as personal data is processed by employees of Tutao GmbH, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Zoom, Article 6 (1) f) GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of online meetings.
Otherwise, the legal basis for data processing when conducting online meetings is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 (1) lit. f) GDPR. Again, our interest is in the effective conduct of online meetings.
Personal data processed in connection with participation in online meetings will not be disclosed to third parties as a matter of principle, unless it is specifically intended for disclosure. Please note that content from online meetings, as well as face-to-face meetings, is often used to communicate information with customers, prospects, or third parties and is therefore intended for disclosure.
Other recipients: Zoom's provider necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with Zoom.
Zoom is a service provided by a provider from the USA. Processing of personal data thus also takes place in a third country. We have concluded an order processing agreement with the provider of Zoom that complies with the requirements of Art. 28 GDPR.
An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.
If you have any questions regarding data protection, please do not hesitate to contact us at any time. You can reach us via email.
You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.
Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.
Finally, you have a right to object to processing within the scope of the law.
A right to data portability also exists within the framework of data protection law requirements.
As a matter of principle, we delete personal data if there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.
You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.
We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.