In the following, we would like to provide you with information about how personal data is processed for online meetings, conference calls and webinars of the Weizenbaum Institute in connection with the use of Zoom.
Purpose of the data processing
We use the Zoom tool to conduct conference calls, online meetings, video conferences and/or webinars (hereafter referred to as ‘online meetings’). Zoom is a service provided by Zoom Video Communications, Inc., headquartered in the USA.
The entity responsible for the data processing directly associated with running online meetings is the Weizenbaum-Institut e.V.
Note: If you access the Zoom website, the Zoom provider is responsible for data processing. However, accessing the website is only necessary to download the software for using Zoom.
You can also use Zoom by entering the meeting ID and any other meeting access information directly in the Zoom app.
If you are unwilling or unable to use the Zoom app, the basic functions can also be used in a browser version, which you can find on the Zoom website.
What data is processed?
When you use Zoom, different types of data are processed. How much data is processed depends partly on what information you enter before and during an online meeting.
The following types of personal data may be processed:
User information: First name, last name, phone number (optional), email address, password (if Single Sign-On is not used), profile picture (optional), and department (optional)
Meeting metadata: topic, description (optional), participants’ IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When calling in by phone: Information about the incoming and outgoing phone numbers, country, and start and end times. Other call data may also be stored, e.g. the IP address of the device.
Text, audio and video data: In an online meeting, you may have the option of using the chat, question or survey functions. Any text you input will be processed in order to display it and, where relevant, log it, during the online meeting. To enable video display and audio playback, the data from the microphone on your device and from any video camera on your device will be processed for the duration of the meeting. You can switch off the camera or mute the microphone yourself at any time via the Zoom app.
As a minimum, in order to take part in an online meeting or enter the ‘meeting room’, you will have to provide some information about your name.
Extent of data processing
We use Zoom in order to carry out online meetings. If we want to record online meetings, we will inform you of that fact clearly in advance and – where necessary – ask for your consent. An indication that a meeting is being recorded will also be displayed in the Zoom app.
If it is necessary for the purposes of logging the outcomes of an online meeting, we will log the content of the chat. However, this will not normally be the case.
In webinars, we may also process the questions asked by webinar participants for recording and follow-up purposes.
If you are registered as a user with Zoom, Zoom may store reports on online meetings (meeting metadata, telephone call-in data, questions and answers in webinars, and the survey function in webinars) for up to a month.
There is no automated decision-making within the meaning of Article 22 of the GDPR.
Legal basis for data processing
Insofar as personal data of Weizenbaum Institute employees is processed, the legal basis for the data processing is Section 26 of Germany’s Federal Data Protection Act (BDSG). If, in connection with the use of Zoom, personal data is not necessary to enter into, perform or terminate the employment relationship, but is still a basic element for using Zoom, the legal basis for the data processing is Article 6 (1) (f) of the GDPR. In these cases, our legitimate interest is the effective running of online meetings.
Otherwise, the legal basis for data processing when running online meetings is Article 6 (1) (b) of the GDPR, provided the meetings are carried out in the context of a contractual relationship.
If there is no contractual relationship, the legal basis is Article 6 (1) (f) of the GDPR. Here too, our legitimate interest is the effective running of online meetings.
As a matter of principle, personal data that is processed in connection with participation in online meetings is never transferred to third parties unless it is specifically intended to be shared. Please note that, as is the case with in-person meetings, content from online meetings is often specifically intended to communicate information with customers, interested parties or third parties and is therefore intended to be shared.
Other recipients: The provider of Zoom is necessarily informed of the data mentioned above, where this is provided for under our data processing agreement with Zoom.
Data processing outside the European Union
Zoom is a service provided by a company in the USA. This means that personal data is also processed in a non-EU country. We have entered into a data processing agreement with the provider of Zoom that meets the requirements of Article 28 of the GDPR.
An appropriate level of data protection is guaranteed through EU standard contractual clauses.
Further information about data protection and your rights is available in our Privacy Notice.
Our Privacy Notice