In the following, we would like to provide you with information about how personal data is processed in connection with the use of „Zoom“.
Purpose of the data processing
We use the „Zoom“ tool to conduct conference calls, online meetings, video conferences and/or webinars (hereafter referred to as ‘online meetings’). „Zoom“ is a service provided by „Zoom“ Video Communications, Inc., headquartered in the USA.
Responsible entity
The entity responsible for the data processing directly associated with running online meetings is the Konrad-Adenauer-Stiftung e.V., Klingelhöferstraße 23, 10785 Berlin.
Note: If you access the „Zoom“ website, the „Zoom“ provider is responsible for data processing. However, accessing the website is only necessary to download the software for using „Zoom“.
You can also use „Zoom“ by entering the meeting ID and any other meeting access information directly in the „Zoom“ app.
If you are unwilling or unable to use the „Zoom“ app, the basic functions can also be used in a browser version, which you can find on the „Zoom“ website.
Which data is processed?
When using „Zoom“, different types of data are processed. How much data is processed depends partly on the data you provide before and during an online meeting.
The following types of personal data may be processed:
- User information: First name, last name, phone number (optional), email address, password (if Single Sign-On is not used), profile picture (optional), and department (optional)
- Meeting metadata: topic, description (optional), participants’ IP addresses, device/hardware information
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
- When calling in by phone: Information about the incoming and outgoing phone numbers, country, and start and end times. Other call data may also be stored, e.g. the IP address of the device.
- Text, audio and video data: You may be able to use the chat, question or survey functions in an online meeting. To this extent, the text entries you make are processed in order to display and, if necessary, log them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone on your device and from any video camera on your device are processed for the duration of the meeting. If enabled by the host, you can turn off or mute the camera or microphone yourself at any time using the "„Zoom“" applications.
As a minimum, in order to take part in an online meeting or enter the ‘meeting room’, you will have to provide some information about your name.
Extent of data processing
We use „Zoom“ in order to hold online meetings. If we want to record online meetings, we will inform you of that fact clearly in advance and – if necessary – ask for your consent. An indication that a meeting is being recorded will also be displayed in the „Zoom“ app.
If it is necessary for the purposes of logging the outcomes of an online meeting, we will log the content of the chat. However, this will usually not be the case.
In webinars, we may also process the questions asked by webinar participants for recording and follow-up purposes.
If you are registered as a user with „Zoom“, „Zoom“ may store reports on online meetings (meeting metadata, telephone call-in data, questions and answers in webinars, and the survey function in webinars) for up to a month.
There is no automated decision-making within the meaning of Article 22 of the GDPR.
Legal basis for data processing
Insofar as personal data of Konrad-Adenauer-Stiftung e. V. employees is processed, the legal basis for the data processing is Section 26 of Germany’s Federal Data Protection Act (BDSG). If, in connection with the use of „Zoom“, personal data is not necessary to enter into, perform or terminate the employment relationship, but is still a basic element for using „Zoom“, the legal basis for the data processing is Article 6 (1) (f) of the GDPR. In these cases, our legitimate interest is the effective running of online meetings.
Otherwise, the legal basis for data processing when running online meetings is Article 6 (1) (b) of the GDPR, provided the meetings are carried out in the context of a contractual relationship.
If there is no contractual relationship, the legal basis is Article 6 (1) (f) of the GDPR. Here too, our legitimate interest is the effective running of online meetings.
Recipients/data transfers
As a matter of principle, personal data that is processed in connection with participation in online meetings is never transferred to third parties unless it is specifically intended to be shared. Please note that, as is the case with in-person meetings, content from online meetings is often specifically intended to communicate information with customers, interested parties or third parties and is therefore intended to be shared.
Other recipients: The provider of „Zoom“ is necessarily informed of the data mentioned above, where this is provided for under our data processing agreement with „Zoom“.
Data processing outside the European Union
„Zoom“ is a service provided by a company in the USA. This means that personal data is also processed in a non-EU country. We have entered into a data processing agreement with the provider of „Zoom“ that meets the requirements of Article 28 of the GDPR.
An appropriate level of data protection is guaranteed through EU standard contractual clauses.
Further information about data protection and your rights is available in our Privacy Statement.
Contact to Data protection officer
We have appointed a data protection officer.
Konrad-Adenauer-Stiftung e.V.
– Data protection officer –
Klingelhöferstraße 23
10785 Berlin
Or E-Mail: dsb@kas.de
Your rights as a data subject
You have the right of access to personal data concerning you. You can contact us for information at any time.
In case of a request for information not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.
Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. Finally, you have the right to object to the processing within the scope of the statutory provisions.
You also have a right to data transferability within the framework of the data protection regulations.
Deletion of data
We delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In case of statutory storage obligations, deletion shall only be considered after the expiry of the respective storage obligation.
Right of appeal to a supervisory authority
You have the right to complain about the processing of personal data by us to a data protection supervisory authority.
Amendment of this data protection notice
We revise this privacy policy in the event of changes in data processing or other necessary. You will always find the current version on this website. You can find further information on data protection.
Status: 25.02.2021