Privacy Policy for Online Meetings, Telephone Conferences, and Webinars via “Zoom”

We would like to inform you below about the processing of personal data in connection with the use of “Zoom”.

Purpose of Processing

We use the tool “Zoom” to conduct telephone conferences, online meetings, video conferences, and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service of Zoom Communications, Inc., which is based in the USA.

Controller

The controller for data processing directly related to the conduct of “Online Meetings” is embedded brains GmbH & Co. KG.

Note: If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, accessing the website is only necessary to download the software for using “Zoom”.

You can also use “Zoom” by entering the respective meeting ID and, if applicable, other access data for the meeting directly in the “Zoom” app.

If you do not want to or cannot use the “Zoom” app, the basic functions are also available via a browser version, which you can also find on the “Zoom” website.

What Data Is Processed?

When using “Zoom”, various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an “Online Meeting.”

The following personal data are subject to processing:

  • User Information: First name, last name, phone (optional), email address, password (if “Single Sign-On” is not used), profile picture (optional), department (optional)
  • Meeting Metadata: Topic, description (optional), participant IP addresses, device/hardware information
  • In Case of Recordings (Optional): MP4 file of all video, audio, and presentation recordings; M4A file of all audio recordings; text file of the online meeting chat
  • When Dialing in by Phone: Information on incoming and outgoing phone numbers, country name, start and end time. Additional connection data, such as the device’s IP address, may also be stored.
  • Text, Audio, and Video Data: You may have the option to use the chat, question, or poll functions in an “Online Meeting.” In this case, the text entries you make are processed to display them in the “Online Meeting” and, if applicable, to record them. To enable the display of video and the playback of audio, the data from your device’s microphone and any video camera are processed during the meeting. You can turn off the camera or mute the microphone at any time via the “Zoom”

To participate in an “Online Meeting” or to enter the “Meeting Room,” you must at least provide information about your name.

Scope of Processing

We use “Zoom” to conduct “Online Meetings.” If we record “Online Meetings” at the customer’s request as part of project work, we will inform you transparently in advance and, if necessary, request your consent. The fact that a recording is taking place will also be displayed to you in the “Zoom” app.

If you are registered as a user with “Zoom”, reports on “Online Meetings” (meeting metadata, phone dial-in data, questions and answers in webinars, poll function in webinars) may be stored with “Zoom” for up to 12 months.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

As part of project work via Zoom, project content can be shared in various file formats (Word, PDF, etc.) and made visible to all members of the respective team.

Legal Basis for Data Processing

To the extent that personal data of employees of embedded brains GmbH & Co. KG are processed, the legal basis for data processing is Art. 6(1)(b) GDPR. If personal data are processed in connection with the use of “Zoom” that are not necessary for the establishment, implementation, or termination of the employment relationship but are an essential part of using “Zoom”, the legal basis for data processing is Art. 6(1)(f) GDPR. In these cases, our interest lies in the effective conduct of “Online Meetings.”

Otherwise, the legal basis for data processing in the conduct of “Online Meetings” is Art. 6(1)(b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6(1)(f) GDPR. Here, too, our interest lies in the effective conduct of “Online Meetings.”

Recipients / Disclosure of Data

Personal data processed in connection with participation in “Online Meetings” are not generally disclosed to third parties by us, unless they are specifically intended for disclosure. Please note that content from “Online Meetings,” as with in-person meetings, often serves to communicate information with customers, prospects, or third parties and is thus intended for disclosure.

Additional Recipients: The provider of “Zoom” necessarily gains knowledge of the above-mentioned data, insofar as this is provided for in the context of our data processing agreement with “Zoom”.

Data Processing Outside the European Union

“Zoom” is a service provided by a provider based in the USA. Therefore, processing of personal data also takes place in a third country. We have concluded a data processing agreement with the provider of “Zoom”, which meets the requirements of Art. 28 GDPR.

An adequate level of data protection is guaranteed, on the one hand, by the conclusion of the so-called EU Standard Contractual Clauses. Furthermore, the provider of Zoom is certified under the so-called EU-U.S. Data Privacy Framework (DPF). As additional protective measures, we have also configured our Zoom settings so that only data centers in the EU, the EEA, or secure third countries such as Switzerland are used for conducting “Online Meetings.”

Contact

For questions regarding data protection, you can reach us at:

embedded brains GmbH & Co. KG Dornierstr. 4 D-82178 Puchheim Germany Phone: +49-(0)89-189 47 41-00 Email: info@embedded-brains.de

Your Rights as a Data Subject

You have the right to information about the personal data concerning you. You can contact us at any time for information.

For information requests that are not made in writing, we ask for your understanding that we may require proof from you to confirm that you are the person you claim to be.

Furthermore, you have the right to rectification, erasure, or restriction of processing, insofar as this is provided for by law.

You also have a right to object to processing within the framework of legal provisions.

A right to data portability also exists within the framework of data protection regulations.

Deletion of Data

We generally delete personal data when there is no longer a need for further storage. A need may exist, in particular, if the data are still required to fulfill contractual services, to review and grant warranty and, if applicable, guarantee claims, or to defend against them. In the case of legal retention obligations, deletion will only be considered after the respective retention period has expired.

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint about the processing of your personal data by us with a supervisory authority for data protection.