Privacy policy for Zoom

Purpose of data processing

We use the "Zoom" tool to conduct conference calls, online meetings, video conferences, and/or online seminars (hereinafter referred to as "online meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc. based in the USA.

Controller

The controller for the processing of data directly related to the running of online meetings is APIS Informationstechnologien GmbH.

Note: If you access the Zoom website, the provider of Zoom is responsible for the processing of data. However, accessing the website is required only to download the Zoom software to be able to use Zoom.

You may use "Zoom" by entering the meeting ID and, if applicable, other data to access the meeting directly in the "Zoom" app.

If you do not want to or cannot use the "Zoom" app, the basic functions may also be used in the browser version available on the "Zoom" website.

Which data is processed?

Several types of data are processed when using "Zoom". The scope of data accordingly depends on the information you provide before or when participating in an "online meeting".

The following personal data is subject to processing:

User details: first name, last name, phone (optional), e-mail address, password (if you do not use single sign-on), profile picture (optional), department (optional)

Meeting metadata: topic, description (optional), participants’ IP addresses, device/hardware information

For recording (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of online meeting chat

For dial-in by telephone: information on the incoming and outgoing call number, country, start and end time. If required, further connection data such as the IP address of the device may be stored.

Text, audio, and video data: You may have the option of using the chat, question or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to record them. To enable video display and audio playback, the data from the microphone of your terminal device and from the video camera of the terminal device, if available, will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Zoom" functions.

To participate in an "online meeting" or to access the "meeting room", you must at least provide your name.

Scope of processing

We use "Zoom" to conduct "online meetings". If we want to record "online meetings", we will transparently communicate that intention in advance and – if necessary – ask for your consent. The fact that the meeting is recorded will also be shown in the "Zoom" app.

If necessary for the purpose of logging the results of an "online meeting", we will log the chat content. That, however, is usually not the case.

In case of online seminars, we may also process questions asked by participants for the purpose of recording and following up online seminars.

If you are a registered "Zoom" user, reports on "online meetings" (meeting metadata, dial-in data, questions, and answers in webinars, survey function in webinars) may be stored by "Zoom" for up to one month.

Automated decision-making in terms of Art. 22 GDPR is not applied.

Legal basis of the processing of data

If personal data of employees of APIS Informationstechnologien GmbH is processed, Art. 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, with regard to the use of "Zoom", personal data is not required for establishing, implementing, or terminating the employment relationship, but is nevertheless an essential component of using "Zoom", the legal basis for data processing is Art. 6 sec. 1 f GDPR. In such cases, our interest is the effective implementation of "online meetings".

In addition, the legal basis for the processing of data when conducting "online meetings" is Art. 6 sec. 1 b GDPR, if the meetings are held in the context of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 sec. 1 f GDPR. Our interest is again the effective implementation of "online meetings".

Recipient/transfer of data

Personal data that is processed with regard to the participation in "online meetings" is not transferred to third parties unless it is intended to be passed on. Please note that content of "online meetings", as well as of personal meetings, is often used precisely to communicate information to customers, interested parties, or third parties and is therefore intended for disclosure.

Other recipients: The provider of "Zoom" is necessarily informed of the above-mentioned data, if such procedure is provided for in the context of our order processing agreement with "Zoom".

Processing of data outside the European Union

"Zoom" is a service made available by a provider from the USA. Personal data are therefore processed in a third country. We have concluded an order processing agreement with the "Zoom" provider that meets the requirements of Art. 28 GDPR.

An appropriate level of data protection is guaranteed on the one hand by concluding the so-called EU standard contractual clauses. For additional protection, we have also configured our "Zoom" system so that only data centers in the EU, the EEA, or safe third countries such as Canada or Japan are used to conduct "online meetings".

Data protection officer

We have appointed a data protection officer who can be contacted as follows:

dataprotection@apis.de

Your rights as the data subject

You have the right to obtain information about the personal data that concerns you. You may contact us for information at any time.

If the request for information is not made in writing, please understand that we may require proof from you that you are the person who you claim to be.

Furthermore, you have the right to rectification or erasure or restriction of the processing to the extent permitted by law.

You have the right to object to the processing to the extent permitted by law.

You also have the right to data portability to the extent permitted by data protection law.

Erasure of data

In general, we delete personal data when the storage is no longer required. It may be required in particular if the data is still needed to fulfill contractual services, to check and grant or defend claims under warranty and, if applicable, claims under guarantee. In case of statutory retention obligations, deletionis possible only after the respective legal obligation to retain the data has expired.

Right of complaint to a supervisory authority

You have the right to complain about our processing of personal data to a supervisory data protectionauthority.

Amendment of the privacy notice

We revise the data privacy notice in the event of changes to data processing or other events that make such revision necessary. The latest version will always be available on the website.