Data protection information for online meetings, telephone conferences and virtual education via "Zoom" from ICF Deutschland eV
In the following we would like to inform you about the processing of personal data in connection with the use of "Zoom".
Purpose of processing
We use the "Zoom" tool to hold telephone conferences, online meetings, video conferences and / or virtual education (hereinafter: "Online Meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc., which is based in the United States.
ICF Deutschland eV is responsible for data processing that is directly related to the implementation of "online meetings"
Note: If you access the “Zoom” website, the “Zoom” provider is responsible for the data processing. Calling up the website is only required to use "Zoom" in order to download the software for using "Zoom".
Which data are processed?
Different types of data are processed when using "Zoom". The scope of the data also depends on the information you provide about data before or when participating in an "online meeting".
The following personal data are processed:
User information: first name, last name, telephone (optional), email address, password (if "single sign-on" is not used), profile picture (optional), meeting metadata: subject, description (optional), Participant IP addresses, device / hardware information.
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in with the phone: information on the incoming and outgoing phone number, country name, start and end time. Possibly. further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and any video camera on the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Zoom" applications.
In order to take part in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
Scope of processing
We use “Zoom” to conduct “online meetings”. If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording is also displayed in the "Zoom" app.
If necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of virtual education, we can also process the questions asked by participants for the purposes of recording and follow-up.
If you are registered as a user with “Zoom”, reports on “Online Meetings” (meeting metadata, data on dialing in, questions and answers, survey function) can be saved with “Zoom” for up to one month. You can find more information on this on the data protection page of "Zoom" for registered users.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Legal basis for data processing
As far as personal data of employees of the ICF Germany eV are processed, § 26 BDSG is the legal basis of the data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, implementation or termination of the employment relationship, but is an elementary component in the use of "Zoom", Art. 6 Para. 1 lit. f) GDPR the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings".
In addition, the legal basis for data processing when conducting "online meetings" is Art. 6 Para. 1 lit. b) GDPR, insofar as the meetings are held in the context of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 Paragraph 1 lit. f) GDPR. Here, too, we are interested in the effective implementation of "online meetings".
Recipient / transfer of data
Personal data that are processed in connection with participation in "online meetings" are generally not passed on to third parties unless they are intended to be passed on. Please note that content from "online meetings" as well as from personal meeting meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of "Zoom" necessarily receives knowledge of the above data, insofar as this is provided for in our order processing contract with "Zoom".
Data processing outside the European Union
Zoom is a service provided by a US provider. Processing of personal data also takes place in a third country. We have concluded an order processing contract with the provider of "Zoom" which meets the requirements of Art. 28 GDPR.
An appropriate level of data protection is advised through the conclusion of the so-called EU standard contractual clauses. According to the case law of the ECJ (judgment of July 16, 2020, Ref .: C-311/18 (“Schrems II”)), a communications provider from the USA does not have an adequate level of data protection. Because in the USA there can still be uncontrolled state mass surveillance measures against which there is no or no effective legal protection. Data processing in the USA in connection with Zoom is based on your voluntary consent. You can revoke your consent at any time with effect for the future.
Your rights as a data subject
You have the right to information about your personal data. You can contact us at any time for information.
In the event of a request for information that is not made in writing, we ask for your understanding that we may require evidence from you that proves that you are the person you claim to be.
Furthermore, you have a right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so.
Finally, you have the right to object to processing within the framework of the legal requirements.
A right to data portability also exists within the framework of data protection regulations.
Deletion of data
We generally delete personal data if there is no need for further storage. A requirement can exist in particular if the data is still required to fulfill contractual services, to check warranty and, if applicable, guarantee claims and to be able to grant or defend them. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.
Right of appeal to a supervisory authority
You have the right to complain to a data protection supervisory authority about the processing of personal data by us.
Changes to this data protection notice
We revise this data protection information in the event of changes in data processing or other occasions that make this necessary. The current version can always be found on this website.
Status: October 19, 2020