Infor­ma­tion pur­suant to Art. 13 GDPR

Notes on the usage of Zoom

Table of Contents

Identity and contact details of the data controller

The data con­troller respon­si­ble in accor­dance with the pur­pos­es of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) of the Euro­pean Union and oth­er data pro­tec­tion reg­u­la­tions is:

talessio GmbH
Alexan­der­str. 52
72072 Tübin­gen

Phone: +49.7071.53938.0
Fax: +49.7071.53938.90
Email: [email protected]​talessio.​com
Web: https://​talessio​.com/

Note: If you access the Zoom web­site, the Zoom provider is respon­si­ble for data pro­cess­ing. How­ev­er, access­ing the web­site is only nec­es­sary to down­load the soft­ware for using Zoom. You can also use Zoom if you enter the respec­tive meet­ing ID and, if applic­a­ble, fur­ther access data for the meet­ing direct­ly in the Zoom app. If you do not want to or can­not use the Zoom app, the basic func­tions can also be used via a brows­er ver­sion, which you can also find on the Zoom website.

Contact details of the data protection officer

The des­ig­nat­ed data pro­tec­tion offi­cer is:

Dat­a­Co GmbH
Dachauer Str. 65
80335 Munich

Phone: +49.89.7400.45840
Web: https://​www​.data​guard​.de/

Purpose and legal basis of the processing

We use the Zoom tool to con­duct tele­phone con­fer­ences, online meet­ings, video con­fer­ences and/​or webi­na­rs (here­inafter: “Online Meet­ings”). Zoom is a ser­vice of Zoom Video Com­mu­ni­ca­tions, Inc. which has its reg­is­tered office in the USA.

When using Zoom, var­i­ous types of data are processed. The scope of the data also depends on the data you pro­vide before or dur­ing par­tic­i­pa­tion in an online meeting.

The fol­low­ing per­son­al data are sub­ject to processing:

  • User details: first name, last name, phone (option­al), email address, pass­word (if sin­gle sign-on is not used), pro­file pic­ture (option­al), depart­ment (option­al).
  • Note: To join an online meet­ing or enter the meet­ing room, you must at least pro­vide details of your name.
  • Meet­ing meta­da­ta: Top­ic, descrip­tion (option­al), par­tic­i­pant IP address­es, device/​hardware information.
  • When dial­ing in by tele­phone: details of the incom­ing and out­go­ing tele­phone num­ber, coun­try name, start and end time, if applic­a­ble fur­ther con­nec­tion data such as the IP address of the device and the brows­er used.
  • Text, audio and video data: You may have the option of using the chat, ques­tion and poll func­tion in an online meet­ing. In this respect, the text entries you make are processed in order to dis­play them in the online meet­ing and, if nec­es­sary, to record them. In order to enable the dis­play of video and the play­back of audio, the data from the micro­phone of your ter­mi­nal device and from any video cam­era of the ter­mi­nal device are processed accord­ing to the dura­tion of the meet­ing. You can switch off or mute the cam­era and micro­phone your­self at any time via the Zoom app.
  • For record­ings (option­al): MP4 files of all video, audio and pre­sen­ta­tion record­ings, M4A file of all audio record­ings, text file of the online chat.
  • Please note: As a rule, online meet­ings are not record­ed. An excep­tion­al record­ing will only be made with your con­sent. The fact of the record­ing will also be dis­played to you in the Zoom app. If it is nec­es­sary for the pur­pos­es of record­ing the results of an online meet­ing, we will record the chat con­tent. How­ev­er, this will not usu­al­ly be the case. In the case of webi­na­rs, we may also process ques­tions asked by webi­nar par­tic­i­pants for the pur­pos­es of record­ing and fol­low­ing up webinars.

If you are reg­is­tered as a user with Zoom, then reports of online meet­ings (meet­ing meta­da­ta, tele­phone dial-in data, ques­tions and answers in webi­na­rs, sur­vey func­tion in webi­na­rs) can be stored with Zoom for up to one month.

Auto­mat­ed deci­sion-mak­ing with­in the mean­ing of Arti­cle 22 of the GDPR is not used.

Inso­far as per­son­al data is processed by employ­ees of talessio GmbH, § 26 BDSG is the legal basis for data processing.

If, in con­nec­tion with the use of Zoom, per­son­al data is not required for the estab­lish­ment, imple­men­ta­tion or ter­mi­na­tion of the employ­ment rela­tion­ship, but is nev­er­the­less an ele­men­tary com­po­nent in the use of Zoom, the legal basis for data pro­cess­ing is Art. 6 para. 1 lit. f GDPR. Our legit­i­mate inter­est is to reg­is­ter your par­tic­i­pa­tion in the online meet­ing and to ensure the organ­i­sa­tion­al flow of the online meet­ing as well as to car­ry out a fol­low-up of the online meet­ing, if nec­es­sary. You have the right to object to the use of your data for the pur­pose of con­duct­ing online meet­ings at any time.

If the online meet­ing is record­ed, the data pro­cess­ing is based on your con­sent pur­suant to Art. 6 para. 1 lit a. GDPR.

Fur­ther­more, the legal basis for data pro­cess­ing when con­duct­ing online meet­ings is Art. 6. para. 1 lit. b GDPR, inso­far as the meet­ings are con­duct­ed with­in the scope of con­trac­tu­al relationships.

If there are no con­trac­tu­al rela­tion­ships, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legit­i­mate inter­est in this case is also to reg­is­ter your par­tic­i­pa­tion in the online meet­ing and to ensure the organ­i­sa­tion­al process of the online meet­ing and, if nec­es­sary, to car­ry out a fol­low-up to the online meet­ing. You have the right to object to the use of your data for the pur­pose of con­duct­ing online meet­ings at any time.

Recipients and categories of recipients of the personal data

Per­son­al data processed in con­nec­tion with par­tic­i­pa­tion in online meet­ings will not be dis­closed to third par­ties as a mat­ter of prin­ci­ple, unless they are specif­i­cal­ly intend­ed to be disclosed.

Please note that con­tent from online meet­ings, as well as face-to-face meet­ing con­tent, is often intend­ed pre­cise­ly to com­mu­ni­cate infor­ma­tion to clients, prospects or third par­ties and is there­fore intend­ed to be shared.

Oth­er recip­i­ents: Zoom’s provider nec­es­sar­i­ly obtains knowl­edge of the above-men­tioned data inso­far as this is pro­vid­ed for under our order pro­cess­ing agree­ment with Zoom.

Transfer of personal data to a third country

Zoom is a ser­vice pro­vid­ed by a provider from the USA. Pro­cess­ing of per­son­al data there­fore also takes place in a third coun­try. We have con­clud­ed an order pro­cess­ing agree­ment with the provider of Zoom, which com­plies with the require­ments of Art. 28 GDPR. An ade­quate lev­el of data pro­tec­tion for the trans­fer to a third coun­try can be assumed in accor­dance with Art. 46 para. 2 lit. c of the GDPR through the use of the EU stan­dard con­trac­tu­al claus­es and oth­er appro­pri­ate pro­tec­tive mea­sures (end-to-end encryp­tion, use of data rout­ing, etc.).

Duration of the storage of personal data

We gen­er­al­ly delete per­son­al data when there is no need for fur­ther stor­age. A require­ment may exist in par­tic­u­lar if the data is still need­ed to ful­fil con­trac­tu­al ser­vices, to check and grant or ward off war­ran­ty and, if applic­a­ble, guar­an­tee claims. In the case of statu­to­ry reten­tion oblig­a­tions, dele­tion is only con­sid­ered after expiry of the respec­tive reten­tion obligation.

Data subjects' rights

Accord­ing to the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), you have the fol­low­ing rights:

  • If your per­son­al data is processed, you have the right to obtain infor­ma­tion about the data stored about you (Art. 15 GDPR).
  • If inac­cu­rate per­son­al data is processed, you have the right to rec­ti­fi­ca­tion (Art. 16 GDPR).
  • If the legal require­ments are met, you may request the era­sure or restric­tion of pro­cess­ing as well as object to pro­cess­ing (Art. 17, 18 and 21 GDPR).
  • If you have con­sent­ed to the data pro­cess­ing or if there is a con­tract for data pro­cess­ing and the data pro­cess­ing is car­ried out with the help of auto­mat­ed pro­ce­dures, you may have a right to data porta­bil­i­ty (Art. 20 GDPR).
  • Fur­ther­more, there is a right of appeal to a super­vi­so­ry author­i­ty (Art. 77 GDPR).

Should you make use of your above-men­tioned rights, talessio GmbH will check whether the legal require­ments for this are met. To exer­cise your rights, please con­tact the offi­cial data pro­tec­tion officer(s).

Right of withdrawal for consent

If you have con­sent­ed to the pro­cess­ing by the data con­troller by means of a cor­re­spond­ing dec­la­ra­tion, you can revoke your con­sent at any time for the future. The law­ful­ness of the data pro­cess­ing car­ried out on the basis of the con­sent until the revo­ca­tion is not affect­ed by this.