Data protection notices when using cloud-based video conferencing
With this data protection declaration I, Franz Tertsch data protection management, inform you about the processing of your personal data in the context of web conferences using the video conference solution Zoom.
This information consists of two parts:
Purpose of the processing
I would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
Note on the Controller – Who I am
GDPR art. 4 Nr.7
The controller is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.). The controller for data processing on this website:
Franz Tertsch B.B.A.
Datenschutzmanagement und -audits
Waldstrasse 2, 27446 Anderlingen, Germany
Telephone: +49 4284 927 838
Your rights regarding your personal data
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. An informal request / message to me is sufficient to exercise your rights. You can contact me at any time if you have any further questions on the subject of data protection. Information, correction, deletion and blocking You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and a right to correction, deletion or blocking of this data at any time within the framework of the applicable legal provisions.
Legal basis: GDPR art. 15, 16, 17, 18
Right to data transferability
You have the right to have data that I process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.
Legal basis: GDPR art. 20
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. An informal message, e.g. by e-mail, to me is sufficient for this. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.
Legal basis: GDPR art. 7 – 3
Right of objection
If I cite my legitimate interest or a legitimate interest of a third party (GDPR – Art. 6 Para. 1 lit. e, f) as the legal basis for the processing of personal data, you have the right to object. You have the right to object to the processing of personal data at any time. In particular, an objection to data processing for the purpose of direct advertising is permissible.
Legal basis: GDPR art. 21
Right of appeal
In the event of violations of data protection law, you (the person concerned) have the right to appeal to a supervisory authority in accordance with Art. 77 GDPR. The competent supervisory authority is the state data protection officer of the federal state of your place of residence, your place of work or the place of the alleged violation. A list of data protection officers and their contact details can be found at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Legal basis: GDPR art. 77
Purpose of the processing
I use the Zoom tool to conduct web conferences, such as telephone conferences and video conferences. I carry out the data processing on the basis of a legitimate interest in accordance with the AVG Art. 6 Para. 1 f). My legitimate interest in data processing is: “Conducting web conferences to inform customers and interested parties.”
Zoom is a software from the company:
Zoom Video Communications, Inc. 55 Almaden Blvd, 6 TH Floor San Jose, CA 95113
Represented in the EU by:
Lionheart Squared Ltd 2 Pembroke House Upper Pembroke Street 28-32 Dublin DO2 EK84 Republic of Ireland
You can use Zoom by entering the respective meeting ID and, if necessary, other access data for the meeting in the Zoom app. If you don’t want to or can’t use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website.
Which data are processed?
Various types of data are processed when using Zoom. The scope of the data also depends on what information you provide before or when participating in a web conference. The following personal data are regularly the subject of processing:
- first name, last name;
- Telephone (optional);
- email address;
- Password (if “single sign-on” is not used);
- Profile picture (optional);
- Department (optional).
- subject, description (optional);
- participant IP addresses;
- Device/Hardware Information.
For recordings (optional):
- MP4 file of all video, audio and presentation recordings;
- M4A file of all audio recordings;
- Online meeting chat text file.
When dialing in with the telephone:
- Information on the incoming and outgoing phone number;
- country name;
- Start and end time.
If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data:
You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text you enter will be processed in order to display it in the web conference and, if necessary, to log it. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera on the end device are processed accordingly for the duration of the conference. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications. In order to take part in a web conference or to enter the “conference room”, you must provide your name.
Scope of processing
I use Zoom to conduct web conferences. These web conferences are usually not recorded. In exceptional cases, if I would like to record the web conference, e.g. for reasons of evidence, I will inform you of this in advance and transparently and ask for your written consent.
The provider of Zoom necessarily receives knowledge of the above data, insofar as this is provided for in the context of our order processing contract with Zoom.
Data processing outside the European Union
Zoom is a service provided by a US provider with an office in Ireland. Processing of personal data may therefore also take place in a third country. I have concluded an order processing contract with the provider of Zoom that meets the requirements of DS-GVO Art. 28. The data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.
- As soon as you access the Zoom website to download the software for using teams, the Zoom provider is responsible for data processing.
- When a meeting recording starts, Zoom will show a notification to all participants on the desktop, web, and mobile apps, as well as those who joined by phone.
- In exceptional cases, I will log the chat content for logging the results of a web conference.
- In the case of webinars, the questions asked by webinar participants can also be processed for the purpose of recording and following up on the webinars. Personal data will be deleted during follow-up.
- If you are registered with Zoom as a user, reports on web conferences (conference metadata, telephone dial-in data, questions and answers in webinars, polling function in webinars) can be stored with “Zoom” for up to 12 months.
- The possibility of a software-side “attention monitoring” (“attention tracking”) is deactivated.
- Automated decision-making within the meaning of Article 22 of the GDPR is not used.
Last update: December 2022