Zoom and data protection
Video conferences and webinars
Climate Alliance uses the Zoom for video conferences and webinars, as it is currently the most appropriate tool for our purposes. All other solutions that we have informed ourselves about and tested are not yet comparable in terms of reliability, functionality and user-friendliness. Below you will find information on usage, privacy and other issues we would like to encourage you to read.
- Take the time to familiarise yourself with the software and to check the functionality of your technology.
- You do not need your own Zoom account to participate in our video conferences and webinars and therefore you do not have to provide an email address.
- You can use Zoom via your browser or install the Zoom application software (low-interference use). (As far as we know, the connection via the Zoom app is more stable and less data is collected).
- Once the Zoom app is installed, you will be able to dial into a meeting or webinar directly using the meeting ID and password without having to visit the Zoom website.
- We would be pleased if you could identify yourself with your real name so that all participants know who they are dealing with. But you can also enter a pseudonym or nickname in the mask before the meeting begins.
- It is important to be able to see and interact with each other during online meetings. In case you have a poor data connection, it may be useful to turn off the video to minimize the interference with voice communication and stabilize the connection quality. This further makes sense for energy saving reasons.
- Especially if there are many participants, it is advisable to mute your microphone when you are not speaking to avoid unnecessary background noise. This also minimizes data traffic.
- You can also dial into the video conference or webinar by telephone if you do not have a suitable device available or if you do not want to use visual displays. No metadata will be collected or gathered in this process, as there is no access to the PC or a mobile device.
- Zoom's chat is end-to-end encrypted; the audio and video features are not. Chats can further be stored by us to record relevant exchanges and questions. In general, we therefore advise against sharing sensitive data via Zoom neither written nor verbal.
- Image and sound recordings as well as screenshots during a meeting/webinar by the participants themselves are not permitted in accordance with data protection regulations.
- If the session or even chat messages are recorded, we will clearly point this out to you in advance. You can decide whether you want to leave the meeting/webinar at this point. Climate Alliance reserves the right to use screenshots, audio and video recordings of webinars/meetings for communication purposes in online, print and other media. If you stay with us, you agree to this.
At the beginning of a video conference or webinar, our moderator will explain some functions and rules to you and, if necessary, inform you about particularities for the work in breakout rooms.
Zoom is a powerful, low-threshold and reliable tool that complies with the European General Data Protection Regulation (GDPR).
Like many other webinar technology providers, Zoom is a US-based service provider. Like others, "Zoom" is certified under the EU-U.S. Privacy Shield, so that the legal requirements for an adequate level of data protection are met.
Further information on the processing of personal data (in accordance with article 13 GDPR) during a Zoom meeting can be found here: [insert link here - duty to inform art. 13 GDPR].
Concerning the criticism of Zoom
Zoom has now integrated an encryption standard (AES 256 GCM) and closed further security gaps, e.g. with Facebook SDK on Apple devices. As administrator and host, Climate Alliance prevents so-called ZOOM bombing, i.e. the willful intrusion into an ongoing video conference, by means of appropriate settings such as the assignment of access restrictions.
Transfer of personal data to external service providers
Like many other internet services, also Zoom subcontracts data processors (external service providers, see list here) to provide its services, to whom personal data can be passed on. The commissioned data processors may only use this data to carry out the services requested by ZOOM and, in turn, may not pass this data on to third parties. Such commissioned processing of personal data is in accordance with European data protection law. In any case, little or no personal data about you will be collected if you only participate in the video conferences as a guest, i.e. do not use a ZOOM account.
Authorizations of the administrators and hosts
Climate Alliance has neither the interest nor the capacity to track you, to retrieve your location or device information or anything similar. If possible, we will disable these functions in the settings. Where it seems useful to us to record webinars or save chat protocols as meeting notes, we will of course inform you in advance and ask for your consent.
This way you minimise your data and CO2 footprint:
- Dial into the conferences on time.
- If you are already familiar with the functionalities and the technology, do not enter the video conference or webinar earlier than necessary - the online waiting time generates unnecessary data traffic and thus CO2.
- Only record meetings and webinars if absolutely necessary.
- Only switch on your camera if necessary.
We very much regret that no comparable EU-wide solution currently meets our needs and requirements. We hope that in the future we will be able to fall back on a European service provider with comparable functionality.
Climate Alliance does not assume any liability for the use of the software Zoom. The current data protection guidelines of Zoom can be found at https://zoom.us/de-de/privacy.html
Data privacy notice for online meetings, conference calls and webinars via “Zoom” of Climate Alliance e.V.
Processing of personal data in the context of the use of “Zoom”
Purpose of Processing
We use “Zoom” as a tool to conduct conference calls, online meetings, video conferences, and/or webinars (in the following “online meetings”). “Zoom” is a service of Zoom Video Communications, Inc. which is based in the US.
Controller of data processing in the context of conducting online meetings is Climate Alliance e.V.
Notice: As soon as you access the webpage of “Zoom”, the provider of “Zoom” is responsible for data processing. This access of the webpage is however only necessary for downloading the software required for the use of “Zoom”.
You may also use “Zoom”, when entering the respective meeting ID and possibly further login data directly in the “Zoom” app. Here, too, the “Zoom” webpage may be accessed.
If you cannot or do not want to use the “Zoom” app, basic functions will be accessible through the browser version, which you also find on the “Zoom” webpage. If you do not have a suitable device available or want to refrain from visual presentation, you will be able to directly dial into the online meeting via telephone. This way, no metadata will be collected or processed, because no access to any computer or mobile device is given.
Which data is processed?
Various types of data are processed when using “Zoom”. The amount of data depends depends on which data you enter in advance or during the participation of an online meeting.
The following personal data are subject to processing:
User data: prename, surname, phone number (optional), email address, password (if “single-sign-on” is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), participant IP address, device/hardware information
During recording (optional): MP4 files of all video, audio and presentation recordings; m4a files of all audio recordings; text files of the online-meeting chats
Phone dial: entries of incoming and outgoing phone number, country name, start and end time, in some cases further connection details like IP address of the device may be stored
Text, audio and video data: You potentially have the possibility to use chat, Q&A and polls during the online meeting. The data entered there is processed for the purpose of making it visible and possible to protocol. To enable the display of video and the rendering of audio, corresponding data will be collected from the microphone of you device and any video cameras of your device for the duration of the meeting. You can turn off the camera or microphone in the “Zoom” application at any point of the meeting.
To participate in an online meeting, or to enter the online meeting room, you have to enter a name. This name does not have to be your “real” name, but can also be a nickname.
Scope of Processing
We use “Zoom” to conduct online meetings. If we want to record online meetings, we will transparently inform you about this and – if required – ask you for permission. In case of a recording, this further will be signified in the “Zoom” app.
If necessary for the purpose of recording the results of the online meeting, we will also log the chat content. However, this will usually not be the case.
For the purpose of recording and reworking webinars, we may also log the questions posed by participants.
If you are a registered user of “Zoom”, reports of online meetings (meeting metadata, phone dial data, questions and answers in webinars, polls in webinars) may be stored at “Zoom” for up to one month.
Automated decision-making after Article 22 GDPR is not deployed.
Legal basis of data processing
As long as personal data of employees of Climate Alliance is processed, §26 BDSG is the legal basis of data processing. If in the context of using “Zoom” personal data is not required for the establishment, conduct, or termination of employment, but an essential part of the use of “Zoom”, Article 6(1) f) GDPR is the legal basis of data processing. In these cases our interest is the effective conduct of online meetings.
In all other cases where online meetings are conducted in the context of a contractual relationship the legal basis of data processing is Article 6(1) b) GDPR.
If no contractual relationship is present, the legal basis of data processing is Article 6(1) f) DSGVO. Here too, our interest is the effective conduct of online meetings.
Recipients / Disclosure of Data
Personal data processed within the context of the participation in online meetings are generally not passed on to third parties as long as they are not explicitly intended for disclosure. Please note that contents from online meetings like in physical meetings are often meant to communicate information with members, interested or third parties and are therefore meant for disclosure.
Further recipients: The provider of “Zoom” takes necessarily notice of the above mentioned data as long as this is provided for by our data processing agreement with “Zoom”.
Data processing outside the European Union
“Zoom” is a service delivered by a provider from the US. Processing of personal data is therefore also conducted in a third country. We have concluded a data processing agreement with “Zoom” which meets the requirements of Article 28 GDPR.
An appropriate data privacy level is guaranteed by the “privacy shield” certification of Zoom Video Communications, Inc., as well as by the conclusion of the so called EU standard contractual clauses.
Data protection officer
We have appointed a data protection officer.
You can contact them as follows: Klima-Bündnis der europäischen Städte mit indigenen Völkern der Regenwälder | Alianza del Clima e.V.I Wolfgang Hofstetter, Galvanistr. 28, 60489 Frankfurt am Main, Germany; Tel.: +49 69 717 139 -13, Email: datenschutz(at)klimabuendnis.org
Your rights as affected person
You have the right to gain access to your stored personal data. You can contact us to gain access at any point.
In case of an information inquiry, we ask for your understanding that we might ask for proof of identity to verify that you are the person you impersonate.
Further, you have the right to correction or of erasure or of limitation of processing, as long as this is provided for by the legal basis. Finally, you have a right of objection towards processing within the scope of legal provisions.
A right to data portability is also within the scope of data protection regulations.
Erasure of data
As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory storage obligations, deletion shall only be considered after the expiry of the respective storage obligation.
Right of appeal to a supervisory authority
You have the right to complain about our processing of personal data to a supervisory authority for data protection.
Amendment of this data privacy notice
We revise this data privacy notice in the event of changes in data processing or other reasons that necessitate this. You will always find the current version on this website.