Data protection information for Zoom

Data protection information for online meetings, telephone conferences and webinars via "Zoom" from connect.IT Heilbronn-Franken e.V.

We would like to inform you below about the processing of personal data in connection with the use of "Zoom".

Purpose of the processing

We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc. based in the USA.

Controller

connect.IT Heilbronn-Franken e.V. isresponsible for data processing that is directly related to the holding of "online meetings".

Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, it is only necessary to access the website to use "Zoom" in order to download the software for using "Zoom".

You can also use "Zoom" if you enter the relevant meeting ID and any other access data for the meeting directly in the "Zoom" app.

If you do not want to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.

What data is processed?

Various types of data are processed when you use Zoom. The scope of the data also depends on the data you provide before or when participating in an "online meeting".

The following personal data is processed:
- User details: first name, surname, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional),
Department (optional)
- Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
- When dialing in by phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
- Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" applications.

To take part in an "online meeting" or to enter the "meeting room", you must at least provide your name.

Scope of the processing

We use Zoom to conduct online meetings. If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the "Zoom" app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered with "Zoom" as a user, reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at "Zoom".

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal basis for data processing

Insofar as personal data of employees of connect.IT Heilbronn-Franken e.V. is processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of "Zoom", Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of "online meetings".

Otherwise, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective conduct of "online meetings".

Recipients / disclosure of data

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties unless it is intended to be passed on. Please note that content from "online meetings", as with face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of "Zoom" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with "Zoom".

Data processing outside the European Union

"Zoom" is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider of "Zoom" that meets the requirements of Art. 28 GDPR.

An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured Zoom in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct "online meetings".

Your rights as a data subject

You have the right to information about the personal data concerning you. You can contact us at any time for information.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so.
Finally, you have the right to object to processing within the scope of the statutory provisions.

You also have the right to data portability within the framework of the data protection regulations.

Deletion of data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority.

Changes to this data protection notice

We will revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.