Privacy Information Zoom
We would like to inform you about the processing of personal data in connection with the use of “Zoom”.
Purpose of the processing
We use “Zoom” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter “online meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc., which is based in the United States.
The controller for data processing, which is directly connected with conducting “online meetings”, shall be Stylepark AG.
Please note: As soon as you call up the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, in order to use “Zoom” it is only necessary to call up the website in order to download the software for the use of “Zoom”.
You can also use “Zoom” if you enter the respective meeting ID and other appropriate access data on the meeting directly into the “Zoom” app.
If you do not want to or cannot use the “Zoom” app the basic functions can also be used via a browser version that you can also find on the “Zoom” website.
Which data are processed?
Various types of data are processed when using “Zoom”. The scope of the data also depends on what information you give on data before or during participation in an “online meeting”
Processing shall include the following personal data:
Information on the user: First name, surname, telephone number (optional), e-mail-address, password (if “single sign-on” is not used), profile image (optional), department (optional)
Meeting meta data: Topic, description (optional), participants’ IP addresses, device-/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
For dial-ups by phone: Information on the incoming and outgoing phone numbers, country name, start and end times. In some cases, other connection data such as the IP address of the device may be stored.
Text, audio and video data: In an online meeting you have the possibility of using the chat, question and survey functions. As such, the text entries you have made will be processed so that these can be displayed in the “online meeting” and possibly recorded. In order to enable video display and audio playback for the duration of the meeting, data from the microphone of your end device and from a video camera, if one is used, are processed. You can, at any time switch off the camera or mute the microphone yourself via the Zoom application.
In order to participate in an “online meeting” or enter the “meeting room”, you must at least provide information about your name.
Scope of the processing
We use “Zoom” in order to conduct “online meetings”. If we want to record “online meetings” we will inform you in advance and where necessary ask for your permission. The fact that a recording is taking place is also indicated in the “Zoom” app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, that will not normally be the case.
We can for the purposes of the recording of webinars and their follow-up also process the questions asked by webinar participants.
If you are registered as a user with “Zoom” then reports about “online meetings” (meeting meta data, dial-up data, questions and answers in webinars, survey function in webinars) can be stored for up to a month at “Zoom”.
The option available in “online-meeting” tools like “Zoom” of using a software function for “attention monitoring” (“attention tracking”) is deactivated.
Automated decision-making within the meaning of article 22 of the General Data Protection Regulation (GDPR) is not used.
Legal basis for data processing
As long as the personal data of employees of Stylepark AG are processed section 26 of the German Federal Data Protection Act shall form the legal basis for data processing. Should, in connection with the use of “Zoom”, personal data not be necessary for the creation, conducting or ending of an employment relationship, but at the same time be essential for the use of “Zoom”, then article 6, para. 1 li., f) GDPR shall provide the legal basis for the data processing. In these cases, our interest is in the effective conducting of “online meetings”.
Furthermore, the legal basis for data processing in conducting “online meetings” shall be article 6 para. 1 lit. b) GDPR, providing the meetings are conducted within the framework of a contractual relationship.
Should no contractual relationship exist the legal basis shall be article 6 para. 1 lit. f) GDPR. Here, too, our interest is in the effective conducting of “online meetings”.
Recipient / Forwarding of data
Personal data that are processed in connection with the participation in “online meetings” are not in principle forwarded to third parties unless they are specifically intended for them. Please bear in mind that content from “online meetings” but also from personal meetings are often needed in order to share information with clients, potential clients, or third parties and are therefore intended to be passed on.
Other recipients: The provider of “Zoom” shall necessarily be informed of the above data insofar as this is foreseen within the scope of our order processing contract.
Data processing outside of the European Union
“Zoom” is a service furnished by a provider based in the United States. In other words, the processing of personal data also takes place in a third country. We have concluded an order processing contract with the provider of “Zoom”, which is in line with the requirements of article 28 GDPR.
An appropriate level of data protection is provided in part through the “privacy shield” certification of Zoom Video Communications, Inc., but also guaranteed through the signing of the EU standard contractual clauses.
Data protection officer
We have appointed a data protection officer.
You can reach the latter as follows:
- Datenschutzbeauftragter -
60313 Frankfurt am Main
Your rights as a data subject
You are entitled to receive information about the relevant personal data. You can contact us at any time for such information.
If a request for information is not made in writing we hope you appreciate that we might ask for evidence that you are indeed the person you claim to be.
Furthermore, you have the right to the rectification and erasure of your data, or the restriction of the processing insofar as you are legally entitled to this.
Ultimately, you have the right to object to data processing within the scope of the legal guidelines.
You also have a right to data portability - again within the context of the data privacy guidelines.
Erasure of data
In principle we only erase personal data when there is no need for further storage. A need can exist in particular if the data are still required in order to perform contractual services, as well as check and grant or ward off warranty and guarantee claims. In the case of statutory retention requirements, erasure is only considered after the expiry of the respective retention obligations.
Making complaints to a data protection supervisory authority
You have the right to make a complaint to a data protection supervisory authority about the processing of your personal data by us.
Amendments to this data protection information
We revise this data protection information when there are changes to data processing or for other reasons that make revision necessary. You can always find the current version on this website.
As at: March 26, 2020