The University of Mannheim uses the video conference software “Zoom”. The University of Mannheim has taken measures to make the use of cloud based services as data protection compliant as possible. Please find further information in the Zoom instructions.
We concluded an agreement on commissioned data processing with Zoom.
In addition, we adjusted the settings and recommendations to give the users as much autonomy over their data as possible. It is generally possible to join a meeting while the microphone and/
For an overview on the settings and recommendations for using Zoom, please refer to the Recommended Zoom settings.
In the following data protection policy, we inform you about the processing of your data when you participate in a Zoom meeting and your rights in relation to this data processing. (As at 23 September 2020)
Based on the selected features, different personal data are processed.
To participate in a virtual meeting or to enter the meeting room you need to indicate your name. You can choose which name you want to enter (a pseudonym is also possible). If the course requires interaction relevant to exams, you need to enter your real name.
At the University of Mannheim, there are two different options to use Zoom:
Option 1: Central Zoom rooms in Portal² for courses
At the University of Mannheim, Zoom is used for conducting courses and meetings. If a meeting is recorded, you will be informed in advance and asked for your approval, if required. A red dot in the list of participants and in the main window indicates active recording.
Saving the chat history and the so-called attention tracking have been disabled by taking relevant technical measures
Option 2: Personal Zoom licenses provided by the University of Mannheim for other meetings
If you use your personal Zoom license, your Uni-ID is disclosed to Zoom for authentication purposes and an account is created. Using personal Zoom licenses is voluntary. As an alternative, you can book a central Zoom room via the Portal² classroom management (Option 1). If you use the central Zoom rooms, you do not need to authenticate with Zoom directly.
The legal basis for data processing is Art. 6 paragraph 1(a) and Art. 6 paragraph 1(e) in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 of the act on the higher education institutions in the Land of Baden-Württemberg (LHG) in conjunction, if applicable, with the relevant statutes, such as examination regulations, for example.
Zoom is a service of Zoom Video Communications, Inc., which is based in the US. The complete address and contact details can be found here: https://zoom.us/contact. We concluded an agreement on commissioned data processing with Zoom. The so-called EU standard contractual clauses on which we agreed also provide for an adequate level of data protection.
Personal data processed in connection with the participation in meetings will generally not be disclosed to third parties unless they are intended to be disclosed. Please note that virtual lectures and personal meetings often have the purpose of sharing information with customers, interested persons or third parties and are therefore intended to be disclosed.
Other recipients: It is required that the aforementioned data are disclosed to Zoom Video Communications, Inc. to the extent specified in the agreement on commissioned data processing.
The data are only processed on servers within the European Union or the European Economic Area.
Hosts may record a meeting. The affected persons are informed about the recording in advance. First, the recording is saved to the local hard drive of the host. During the entire recording process, it will not be saved in the Zoom cloud. The hosts are obliged to take suitable technical and organizational measures to ensure protection of the data. The hosts make the recording available on the ILIAS platform (it is not possible to save the chat history). After the file has been successfully uploaded, the data on the local computer are deleted in accordance with data protection law.
Personal data are generally deleted if storing such data is no longer required. Storing personal data may be required if the data are required to fulfill contractual obligations or to establish and exercise, or defend, warranty and guarantee claims. In case of statutory retention periods, deleting personal data is only possible after the respective retention period has ended.
The current settings allow for deletion of the meta data of the events (e.g. the IP address used) after one year.
On grounds relating to your particular situation, you have the right to object to the processing of your personal data according to Art. 6 paragraph 1(e) GDPR (data processing in the public interest) at any time.