Data protection information for online meetings, telephone conferences and webinars via « Zoom » from K.I.T. Group GmbH
We would like to inform you in the following about the processing of personal data in connection with the use of « Zoom ».
1. Purpose of the processing
We use the « Zoom » tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: « Online Meetings »). « Zoom » is a service of Zoom Video Communications, Inc. which is based in the USA.
2. Data controller
K.I.T. Group GmbH is responsible for data processing directly related to the execution of « online meetings ».
Note: If you access the « Zoom » website, the provider of « Zoom » is responsible for data processing. However, calling up the Internet site is only necessary for the use of « Zoom » in order to download the software for the use of « Zoom ».
You can also use « Zoom » if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the « Zoom » app.
If you do not want to or cannot use the « Zoom » app, the basic functions can also be used via a browser version, which you can also find on the « Zoom » website.
3. Which data are processed?
Various types of data are processed when using « Zoom ». The extent of the data also depends on what data you provide before or during participation in an « online meeting ».
The following personal data are subject to processing:
- User details: first name, last name, telephone (optional), e-mail address, password (if « Single-Sign-On » is not used), profile picture (optional), department (optional)
- Meeting metadata: Topic, description (optional), participant IP addresses, equipment/hardware information
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
- When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
- Text, audio and video data: You may be able to use the chat, question or survey functions in an « online meeting ». To this extent, the text entries you make are processed in order to display and, if necessary, log them in the « online meeting ». In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the « Zoom » applications.
In order to participate in an « online meeting » or to enter the « meeting room », you must at least provide information about your name
4. Scope of processing
We use « zoom » to conduct « online meetings ». If we want to record « online meetings », we will inform you in advance in a transparent manner and – if necessary – ask for your consent. The fact of the recording will also be displayed in the « Zoom » app.
If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and follow-up of webinars.
If you are registered as a user at « Zoom », reports on « online meetings » (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at « Zoom ».
The possibility of software-based « attention tracking » in « online meeting » tools such as « Zoom » is deactivated.
Automated decision making in the sense of Art. 22 DSGVO is not used.
5. Legal basis of data processing
For employees of K.I.T. Group GmbH, § 26 BDSG is the legal basis for data processing. Should data not be required for data processing in connection with the use of « Zoom », but nevertheless be an elementary component in the use of « Zoom », Art. 6 Para. 1 lit. f) DSGVO is the legal basis for data processing. In these cases, we are interested in the effective implementation of « online meetings ».
For other participants in « online meetings » – insofar as the meetings are held within the framework of contractual relationships – Art. 6 Paragraph 1 lit. b) DSGVO is the legal basis for data processing.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of « online meetings ».
6. Recipient / transfer of data
Personal data processed in connection with participation in « online meetings » is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that contents from « online meetings » as well as personal meetings are often used to communicate information with customers, interested parties or third parties and are therefore intended to be passed on.
Other recipients: The provider of « Zoom » necessarily obtains knowledge of the above-mentioned data to the extent that this is provided for in our contract processing agreement with « Zoom ».
7. Data processing outside the European Union
« Zoom » is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing contract with the provider of « Zoom » which meets the requirements of Art. 28 DSGVO.
An adequate level of data protection is guaranteed on the one hand by the « Privacy Shield » certification of Zoom Video Communications, Inc. and on the other hand by the conclusion of the so-called EU standard contract clauses.
8. Data protection officer
We have appointed a data protection officer.
You can reach her/him as follows: Messe Berlin GmbH, – Data Protection Officer -, Messedamm 22, 14055 Berlin, E-Mail: firstname.lastname@example.org
9. Your rights as a data subject
You have the right of access to personal data concerning you. You can contact us for information at any time.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.
Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so.
Finally, you have the right to object to the processing within the scope of the statutory provisions.
You also have a right to data transferability within the framework of the legal data protection requirements.
10. Deletion of data
As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or avert warranty and, if applicable, guarantee claims. In the case of statutory storage obligations, deletion shall only be considered after expiry of the respective storage obligation.
11. Right of appeal to a supervisory authority
You have the right to complain about the processing of personal data by us to a data protection supervisory authority.
12. Amendment of this data protection notice