The following key facts reflect Zoom`s commitment to privacy practices. Like many other webinar technology providers, Zoom is a US-based service provider. Like others, “Zoom” is certified under the EU-US Privacy Shield, so that the legal requirements for an adequate level of data protection are met. For more information on the measures taken by Zoom and the additional safeguards that apply when transferring personal data from the EEA or the United Kingdom, please refer to our “FAQ: International Data Transfer”. (b) it has no reason to believe that the legislation applicable to it prevents it from complying with the instructions received from the data exporter and its obligations under the contract, and that in the event of a change in that legislation likely to have a significant adverse effect on the guarantees and obligations provided for in the clauses, it will immediately inform the data exporter thereof; as soon as it becomes aware of it, in which case the data exporter has the right to suspend the transfer of data and/or to terminate the contract; (d) promptly informs the Data Exporter of the following: 1.6 “Controller” or “Data Exporter” means the Customer. The remaining data is data that is not actively moved from one device to another or from one network to another, that is.B data stored in a cloud data center. Customers can choose the location of some of their customer content at rest. Zoom welcomes the GDPR as an opportunity to create a stronger foundation for data protection for the benefit of all. Zoom recognizes that our customers (data controllers) must ensure that Zoom (the data processor) implements technical and organizational measures in a manner consistent with GDPR compliance obligations. Zoom is here to support and support our customers in their role as data controllers.
1. The parties agree that any data subject who has suffered damage as a result of a breach of the obligations referred to in Clause 3 or Clause 11 by a party or a sub-processor shall be entitled to compensation from the data exporter for the damage suffered. Processing of personal data in connection with the use of “Zoom” Legal basis for data processingInsofar as personal data is processed by employees of the Climate Alliance, §26 BDSG is the legal basis for data processing. If, in the context of the use of “Zoom”, the personal data is not necessary for the establishment, implementation or termination of the employment relationship, but constitutes an essential element of the use of “Zoom”, Article 6(1)(f) of the GDPR constitutes the legal basis for the data processing. In these cases, our interest is the efficient conduct of online meetings. 1. The data subject may apply this clause, clause 4(b) to (i), clause 5(a) to (e) and (g) to (j), clause 6(1) and (2), clause 7, clause 8(2) and clauses 9 to 12 as a third party beneficiary against the data exporter. 8.5 In the event of a personal data breach, the Processor will immediately inform the Controller of the personal data breach and take such measures as it deems necessary and appropriate in its sole discretion to remedy such a breach without undue delay, but no later than forty-eight (48) hours after confirmation that a personal data breach has occurred. 5.2.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; Right to lodge a complaint with a supervisory authorityYYou have the right to complain about the processing of personal data by us to a supervisory authority for data protection. You can also use “Zoom” if you enter the respective meeting ID and, if necessary, other login data directly in the “Zoom” app. Here too, the “Zoom” website is accessible.
7.1 To the extent permitted by applicable data protection legislation, the Processor will inform the Controller without undue delay if a data subject requests him or her to exercise his or her right: access, rectification, restriction of processing, erasure, data portability, limitation or cessation of processing, withdrawal of consent to processing and/or opposition to processing involving automated processing decision making (such requests individual and collective – request(s) of the data subject”). If the Processor receives a request from a Data Subject regarding the Data Controller`s data, the Processor will recommend that the Data Subject address its request to the Controller and the Controller will be responsible for responding to such request, including, if necessary, using the functionalities of the Services. 4. The parties shall not object to the representation of a data subject by an association or other body if the data subject expressly so wishes and is permitted by national law. The details of the transfer, and in particular the special categories of personal data, if any, are set out in Annex 1, which forms an integral part of the clauses. (i) any legally binding request for disclosure of personal data by a law enforcement authority, unless otherwise prohibited, such as.B. A criminal law prohibition to maintain the confidentiality of a police investigation, As with other online tools, the use of Zoom generates data that can be used to draw conclusions about individuals and their characteristics. This data will be treated confidentially and will not be passed on or sold by Climate Alliance or Zoom – insofar as their data protection declaration (www.zoom.us/de-de/privacy.html – to third parties.
The data importer shall not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities. (a) process the personal data only on behalf of the data exporter and in accordance with its instructions and clauses; if, for any reason, it is unable to ensure such compliance, it undertakes to immediately inform the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the data transfer and/or terminate the contract; In other words, before relying on CCAs, it is now expected that the exporter and importer of data will assess whether the laws and practices of the country receiving the data may adversely affect the level of protection otherwise required. In order to assist our customers in this assessment, we have prepared an impact assessment on data transfer. If you are a current customer, please request a copy from your Zoom representative. If not, please email firstname.lastname@example.org and enter “DTIA Request” in the subject line to get a copy. Name of data importing organization: Zoom Video Communications, Inc. Address: 00 xxxxxxx xxxx. Xxxxx 000, Xxx Xxxx, XX 00000 Special categories of data are not required for the use of the service.
The data exporter may provide the customer with special categories of data, the scope of which is determined and controlled by the data exporter at its own discretion. These special categories of data include, but are not limited to, personal data containing information revealing a person`s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of data relating to a person`s health or sex life. 3. The provisions relating to the data protection aspects of the subcontracting of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established. The data controller for online meetings is Klima-Bündnis e.V. Deletion of dataIn principle, we delete personal data if it is not necessary to store it further. A requirement may exist in particular if the data are still necessary for the performance of the contractual services, for the examination and granting or defence of the guarantee and, where appropriate, for warranty claims. In the case of legal retention obligations, deletion is only possible after the expiry of the respective retention obligation.
. . .