Privacy notice for webinars via “Zoom” of DigiBizS Academy, a brand of Digital Compliance Consulting GmbH
Currently, many people around the world are changing the way they work. The increased use of home office solutions has changed the previous working behavior of many people – the actual office workstation is relegated, regular teams in the meeting room no longer take place and the collegial exchange in the office next door no longer exists. In the meantime, people are increasingly sitting alone at the computer at home, connected by phone or mailing, and trying to adapt their work structures to the new situation. A short team meeting suddenly becomes difficult and working together on projects and coordinating process steps simply different. In times with these serious changes, solutions are needed from IT system providers that overcome the current barriers and make working effective. One of these solutions is the program we use, zoom, which is offered by an American company. Detached from the dominant corporations Microsoft, Alphabet (google, Android) and Apple, a system was developed here that is easy to use, stable from a PC, but can also be used from cell phones and tablets. Many companies and also private individuals have gladly adopted this solution for themselves, as they can use it to work together on texts, presentations, databases or many other topics. However, team meetings, trainings, webinars and much more are also offered via this. Due to the very simple intuitive use, this solution can be used very quickly and runs very stable in contrast to other products.
Unfortunately, the software zoom has recently been increasingly discredited by the media, for the most part unjustifiably. The company zoom has improved the software and thus the system zoom in many places, so that one can state at today’s (status 16.4.2020) consideration: zoom is easy to use, well usable, complies with the data protection requirements of the DS-GVO and does not use personal data.
During the testing and comparison of the various market alternatives, it was determined that there is no 100% “good” system and that zoom is the best of the existing software solutions in comparison for the intended use, especially under data protection-specific aspects. This statement was also confirmed by data protection specialist Stephan Hansen-Oest in March 2020 by the following statement: The assertion that “Zoom” cannot be used in a data protection-compliant manner is, however, obviously incorrect from a data protection perspective. It is equally untrue from a legal perspective that “Zoom” transmits personal data to “third-party providers” (can also be read in detail at www.datenschutz-guru.de).
We would now like to inform you below about the processing of personal data in connection with the use of “Zoom”.
Purpose of processing
We use the tool “Zoom” to essentially conduct webinars. “Zoom” is a service provided by Zoom Video Communications, Inc. which is based in the USA.
The data controller for data processing directly related to the implementation of “Webinars” is Digital Compliance Consulting GmbH.
Note: Insofar as you call up the website of “Zoom”, the provider of “Zoom” is responsible for data processing. However, calling up the Internet page is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”.
You can also use “Zoom” if you enter the respective meeting ID and, if necessary, further access data for the meeting directly in the “Zoom” app.
If you do not want to or cannot use the “Zoom” app, then the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
What data is processed?
Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.
The following personal data are subject to processing:
- Angaben zum Benutzer: Vorname, Nachname, Telefon (optional), E-Mail-Adresse, Passwort (wenn „Single-Sign-On“ nicht verwendet wird), Profilbild (optional), Abteilung (optional)
- Meeting-Metadaten: Thema, Beschreibung (optional), Teilnehmer-IP-Adressen, Geräte-/Hardware-Informationen
- Bei Aufzeichnungen (optional): MP4-Datei aller Video-, Audio- und Präsentationsaufnahmen, M4A-Datei aller Audioaufnahmen, Textdatei des Online-Meeting-Chats.
- Bei Einwahl mit dem Telefon: Angabe zur eingehenden und ausgehenden Rufnummer, Ländername, Start- und Endzeit. Ggf. können weitere Verbindungsdaten, wie z.B. die IP-Adresse des Geräts gespeichert werden.
- Text-, Audio- und Videodaten: Sie haben ggf. die Möglichkeit, in einem „Online-Meeting“ die Chat-, Fragen- oder Umfragenfunktionen zu nutzen. Insoweit werden die von Ihnen gemachten Texteingaben verarbeitet, um diese im „Online-Meeting“ anzuzeigen und ggf. zu protokollieren. Um die Anzeige von Video und die Wiedergabe von Audio zu ermöglichen, werden entsprechend während der Dauer des Meetings die Daten vom Mikrofon Ihres Endgeräts sowie von einer etwaigen Videokamera des Endgeräts verarbeitet. Sie können die Kamera oder das Mikrofon jederzeit selbst über die „Zoom“-Applikationen abschalten bzw. stummstellen.
In order to participate in a webinar or enter the “meeting room”, you must at least provide information about your name.
Scope of processing
We use “Zoom” to conduct webinars. If we want to record webinars, we will transparently communicate this to you in advance and – if necessary – ask for consent. The fact of the recording will also be displayed to you in the “Zoom” app.
If it is necessary for the purposes of logging the results of the webinars, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.
If you are registered as a user at “Zoom”, then reports on “Webinars” (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at “Zoom” for up to one month.
The option of software-based “attention monitoring” (“attention tracking”) that exists in “Online Meeting” tools such as “Zoom” is deactivated.
Automated decision-making within the meaning of Art. 22 DSGVO is not used.
Legal bases of data processing
Insofar as personal data of employees of Digital Compliance Consulting GmbH is processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Zoom”, Article 6 (1) f) DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of “webinars”.
Incidentally, the legal basis for data processing when conducting “webinars” is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of “webinars”.
Recipient / passing on of data
Personal data processed in connection with participation in “webinars” will generally not be disclosed to third parties unless it is specifically intended for disclosure. Please note that content from “webinars” as well as from face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.
Other recipients: The provider of “Zoom” necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with “Zoom”.
Data processing outside the European Union
“Zoom” is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” that complies with the requirements of Art. 28 DSGVO.
An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.
Contact details of theController
Digital Compliance Consulting GmbH Heinrich-Dauer-Straße 10 52351 Düren
T +49 (0) 2421 5559333 m@il: firstname.lastname@example.org
Contact person for data protection issues Arnd Fackeldey m@il: email@example.com
Your rights as a data subject
You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.
Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.
Finally, you have the right to object to processing within the scope of the law.
A right to data portability also exists within the framework of data protection law.
As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist, in particular, if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.
Right of complaint to a supervisory authority
You have the right to complain about the processing of personal data by us to a data protection supervisory authority.
Amendment of this privacy notice
We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.
Weitere Hinweise zum Datenschutz bei der Nutzung von zoom finden Sie unter https://zoom.us/docs/doc/Zoom-Kommentar-DSK-Checkliste.pdf?_ga=2.237126981.494508253.1614607446-946765438.1614607446