Data Protection Policy for Using Zoom

The University of Mannheim uses the video conference software “Zoom”. The University of Mannheim has taken measures to make the use of cloud based services as data protection compliant as possible. Please find further information in the Zoom instructions.

We concluded an agreement on commissioned data processing with Zoom.
In addition, we adjusted the settings and recommendations to give the users as much autonomy over their data as possible. It is generally possible to join a meeting while the microphone and/or the camera are disabled and it is mostly not required to indicate real names. Details on the different types of meetings can be found in the section “Video and sound transmission” of the Terms of Use.

For an overview on the settings and recommendations for using Zoom, please refer to the Recommended Zoom settings.

In the following data protection policy, we inform you about the processing of your data when you participate in a Zoom meeting and your rights in relation to this data processing. (As at 23 September 2020)

Basic information

  • Zoom is a cloud-based service which means that the data required for the use of the conference service are processed on Zoom servers.
  • You can use the service without having your own Zoom account and without being a registered user.
Please note

If you register with or login to Zoom outside the central Zoom license of the University of Mannheim, the information specified here does not apply or applies only to a limited extent.

Important information:

If you visit the Zoom website, Zoom is responsible for data processing. However, visiting the Zoom website is only required for downloading the Zoom software. You can use Zoom if you enter the individual meeting ID and other login information, if required, directly in the Zoom application. The browser version also offers the basic features, if you do not want to or are not able to use the Zoom application. You will find more information on

If you register with Zoom, the terms and conditions and data protection policy of Zoom apply. This information is available on and

Information according to Article 13 GDPR

Controller and data protection officer

University of Mannheim
68131 Mannheim
E-mail address:

Data Protection Officer

Type of data processed

Based on the selected features, different personal data are processed.

  • Personal details: first name, last name (as chosen by you), IP address of the participant, information on the device and hardware.
    Based on the IP address, your general region, e.g. Mannheim metropolitan region, is analyzed.
  • If meetings are recorded (optional): MP4 file of all video, audio and presentation recordings, MP4 file of all audio recordings.
  • When joining a meeting by phone: Information on the numbers of incoming and outgoing calls, name of the country, start and end time. Additional connection data, such as the IP address of the device, may be saved.
  • Text, audio and video data: In a virtual meeting, you may be able to use the chat feature. If this is the case, the text you entered is processed so that the text can be displayed in the audio meeting. In order to enable the video and audio transmission, the data from the microphone and the potential camera of your end device are processed for the duration of the meeting. You may disable the camera or mute the microphone at any time in the Zoom application.

To participate in a virtual meeting or to enter the meeting room you need to indicate your name. You can choose which name you want to enter (a pseudonym is also possible). If the course requires interaction relevant to exams, you need to enter your real name.

Scope of data processing

At the University of Mannheim, there are two different options to use Zoom:

Option 1: Central Zoom rooms in Portal² for courses
At the University of Mannheim, Zoom is used for conducting courses and meetings. If a meeting is recorded, you will be informed in advance and asked for your approval, if required. A red dot in the list of participants and in the main window indicates active recording.

Saving the chat history and the so-called attention tracking have been disabled by taking relevant technical measures

Option 2: Personal Zoom licenses provided by the University of Mannheim for other meetings
If you use your personal Zoom license, your Uni-ID is disclosed to Zoom for authentication purposes and an account is created. Using personal Zoom licenses is voluntary. As an alternative, you can book a central Zoom room via the Portal² classroom management (Option 1). If you use the central Zoom rooms, you do not need to authenticate with Zoom directly.

Legal basis for data processing

The legal basis for data processing is Art. 6 paragraph 1(a) and Art. 6 paragraph 1(e)  in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 of the act on the higher education institutions in the Land of Baden-Württemberg (LHG) in conjunction, if applicable, with the relevant statutes, such as examination regulations, for example.

Recipient / Disclosure of data

Zoom is a service of Zoom Video Communications, Inc., which is based in the US. The complete address and contact details can be found here: We concluded an agreement on commissioned data processing with Zoom. The so-called EU standard contractual clauses on which we agreed also provide for an adequate level of data protection.

Personal data processed in connection with the participation in meetings will generally not be disclosed to third parties unless they are intended to be disclosed. Please note that virtual lectures and personal meetings often have the purpose of sharing information with customers, interested persons or third parties and are therefore intended to be disclosed.

Other recipients: It is required that the aforementioned data are disclosed to Zoom Video Communications, Inc. to the extent specified in the agreement on commissioned data processing.

The data are only processed on servers within the European Union or the European Economic Area.

Information on the recording process

Hosts may record a meeting. The affected persons are informed about the recording in advance. First, the recording is saved to the local hard drive of the host. During the entire recording process, it will not be saved in the Zoom cloud. The hosts are obliged to take suitable technical and organizational measures to ensure protection of the data. The hosts make the recording available on the ILIAS platform (it is not possible to save the chat history). After the file has been successfully uploaded, the data on the local computer are deleted in accordance with data protection law.

Duration of storage

Personal data are generally deleted if storing such data is no longer required. Storing personal data may be required if the data are required to fulfill contractual obligations or to establish and exercise, or defend, warranty and guarantee claims. In case of statutory retention periods, deleting personal data is only possible after the respective retention period has ended.

The current settings allow for deletion of the meta data of the events (e.g. the IP address used) after one year.

Rights of the affected persons

  • You have the right to obtain information about your personal data stored by the University of Mannheim according to Art. 15 GDPR and the right to have false data rectified according to Art. 16 GDPR. 
  • Furthermore, you have the right to erasure (Art. 17 GDPR) and the right to restriction of processing (Art. 18 GDPR). 
  • If you have given consent to data processing, you can withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • If the consent is withdrawn within the scope of a contractual relationship, the fulfillment of the contract may no longer be possible. 
  • Furthermore, you have the right to lodge a complaint with the supervisory authority if you are of the opinion that the processing of your personal data is not in compliance with data protection regulations (Art. 77 GDPR). The supervisory authority responsible is the commissioner for data protection and freedom of information of Baden-Württemberg (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg) (

Information on your right to object according to Art. 21 paragraph 1 GDPR

On grounds relating to your particular situation, you have the right to object to the processing of your personal data according to Art. 6 paragraph 1(e) GDPR (data processing in the public interest) at any time.

Changes to this data protection policy

We will update this data protection policy, if there are modifications of the data processing itself or other circumstances require it The latest version is available on this website. We recommend reading the latest data protection policy before you use Zoom.