Data protection information for online meetings, telephone conferences and webinars via “Zoom” of Günter Stahl GmbH.
We would like to inform you below about the processing of personal data regarding the use of “Zoom”.
Purpose of processing
We use the tool “Zoom” to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc. which is based in the USA.
Responsible entity
The entity responsible for data processing directly related to the performance of “online meetings” is Günter Stahl GmbH.
Note: Insofar as you visit the website of “Zoom”, the provider of “Zoom” is responsible for data processing. However, visiting the website of “Zoom” is only necessary to download the “Zoom” software.
You can also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app.
In case you do not want or can not use the “Zoom” app, you may fall back to a browser version of “Zoom”, which you can also find on the “Zoom” website. This version only provides the basic functions of the application.
What data is processed?
Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.
The following personal data are subject to processing:
User details: first name, last name, telephone (optional), e‑mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional).
Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
For dial-in with the telephone: information on the incoming and outgoing call number, country, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your device and from any video camera of the device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Zoom” applications.
To participate in an “online meeting” or to enter the “meeting room”, you must at least provide your name.
Scope of processing
We use “Zoom” to conduct “online meetings”. If we want to record “online meetings”, we will transparently communicate this to you in advance and – if necessary – ask for consent. The recording icon will also be displayed to you in the “Zoom” app.
If it is necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up on webinars.
If you are registered as a user at “Zoom”, reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at “Zoom” for up to one month.
Automated decision-making within the meaning of Art. 22 DSGVO is not used.
Legal basis for data processing
Insofar as personal data is processed by employees of Günter Stahl GmbH, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Zoom”, Article 6 (1) (f) GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of “online meetings”.
For the rest, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships.
Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, our interest is in the effective implementation of “online meetings”.
Recipients / passing on of data
Personal data processed in connection with participation in “online meetings” is generally not passed on to third parties unless it is specifically intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: the provider of “Zoom” necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with “Zoom”.
Data processing outside the European Union
“Zoom” is a service provided by a provider in the USA. Processing of personal data thus also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” that complies with the requirements of Art. 28 GDPR.
An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.
Data protection officer
We have appointed a data protection officer.
You can reach him as follows:
Mr. Christian Volkmer, Projekt 29 GmbH & Co. KG, Ostengasse 14, 93047 Regensburg, Germany, phone: +49 941 2986930, e‑mail: anfragen@projekt29.de.
Your rights as a data subject
You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.
Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.
Finally, you have a right to object to processing within the scope of the law.
A right to data portability also exists within the framework of the data protection legal requirements.
Deletion of data
We delete personal data in principle when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty claims and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.
Right of complaint to a supervisory authority
You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.
Changes to this data protection notice
We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this web page.
