Data Protection Policy for Using Zoom

The University of Mannheim uses the video conference software “Zoom”. The University of Mannheim has taken measures to make the use of cloud based services as data protection compliant as possible. Please find further information in the Zoom instructions.

We concluded an agreement on commissioned data processing with Zoom.
In addition, we adjusted the settings and recommendations to give the users as much autonomy over their data as possible. It is generally possible to join a meeting while the microphone and/or the camera are disabled and it is mostly not required to indicate real names. Details on the different types of meetings can be found in the section “Video and sound transmission” of the Terms of Use.

For an overview on the settings and recommendations for using Zoom, please refer to the Recommended Zoom settings.

In the following data protection policy, we inform you about the processing of your data when you participate in a Zoom meeting and your rights in relation to this data processing. (As at 23 September 2020)

• Zoom is a cloud-based service which means that the data required for the use of the conference service are processed on Zoom servers.
• You can use the service without having your own Zoom account and without being a registered user.

University of Mannheim
Schloss
68131 Mannheim
Germany
E-mail address: rektormail-uni-mannheim.de

E-mail address: datenschutzbeauftragtemail-uni-mannheim.de

Based on the selected features, different personal data are processed.

• Personal details: first name, last name (as chosen by you), IP address of the participant, information on the device and hardware.
  Based on the IP address, your general region, e.g. Mannheim metropolitan region, is analyzed.

• If meetings are recorded (optional): MP4 file of all video, audio and presentation recordings, MP4 file of all audio recordings.

• When joining a meeting by phone: Information on the numbers of incoming and outgoing calls, name of the country, start and end time. Additional connection data, such as the IP address of the device, may be saved.

• Text, audio and video data: In a virtual meeting, you may be able to use the chat feature. If this is the case, the text you entered is processed so that the text can be displayed in the audio meeting. In order to enable the video and audio transmission, the data from the microphone and the potential camera of your end device are processed for the duration of the meeting. You may disable the camera or mute the microphone at any time in the Zoom application.

To participate in a virtual meeting or to enter the meeting room you need to indicate your name. You can choose which name you want to enter (a pseudonym is also possible). If the course requires interaction relevant to exams, you need to enter your real name.

At the University of Mannheim, there are two different options to use Zoom:

Option 1: Central Zoom rooms in Portal² for courses
At the University of Mannheim, Zoom is used for conducting courses and meetings. If a meeting is recorded, you will be informed in advance and asked for your approval, if required. A red dot in the list of participants and in the main window indicates active recording.

Saving the chat history and the so-called attention tracking have been disabled by taking relevant technical measures

Option 2: Personal Zoom licenses provided by the University of Mannheim for other meetings
If you use your personal Zoom license, your Uni-ID is disclosed to Zoom for authentication purposes and an account is created. Using personal Zoom licenses is voluntary. As an alternative, you can book a central Zoom room via the Portal² classroom management (Option 1). If you use the central Zoom rooms, you do not need to authenticate with Zoom directly.

The legal basis for data processing is Art. 6 paragraph 1(a) and Art. 6 paragraph 1(e)  in conjunction with paragraph 3 GDPR in conjunction with sections 2, 12 of the act on the higher education institutions in the Land of Baden-Württemberg (LHG) in conjunction, if applicable, with the relevant statutes, such as examination regulations, for example.

Zoom is a service of Zoom Video Communications, Inc., which is based in the US. The complete address and contact details can be found here: https://zoom.us/contact. We concluded an agreement on commissioned data processing with Zoom. The so-called EU standard contractual clauses on which we agreed also provide for an adequate level of data protection.

Personal data processed in connection with the participation in meetings will generally not be disclosed to third parties unless they are intended to be disclosed. Please note that virtual lectures and personal meetings often have the purpose of sharing information with customers, interested persons or third parties and are therefore intended to be disclosed.

Other recipients: It is required that the aforementioned data are disclosed to Zoom Video Communications, Inc. to the extent specified in the agreement on commissioned data processing.

The data are only processed on servers within the European Union or the European Economic Area.

Hosts may record a meeting. The affected persons are informed about the recording in advance. First, the recording is saved to the local hard drive of the host. During the entire recording process, it will not be saved in the Zoom cloud. The hosts are obliged to take suitable technical and organizational measures to ensure protection of the data. The hosts make the recording available on the ILIAS platform (it is not possible to save the chat history). After the file has been successfully uploaded, the data on the local computer are deleted in accordance with data protection law.

Personal data are generally deleted if storing such data is no longer required. Storing personal data may be required if the data are required to fulfill contractual obligations or to establish and exercise, or defend, warranty and guarantee claims. In case of statutory retention periods, deleting personal data is only possible after the respective retention period has ended.

The current settings allow for deletion of the meta data of the events (e.g. the IP address used) after one year.

• You have the right to obtain information about your personal data stored by the University of Mannheim according to Art. 15 GDPR and the right to have false data rectified according to Art. 16 GDPR. 
• Furthermore, you have the right to erasure (Art. 17 GDPR) and the right to restriction of processing (Art. 18 GDPR). 
• If you have given consent to data processing, you can withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• If the consent is withdrawn within the scope of a contractual relationship, the fulfillment of the contract may no longer be possible. 
• Furthermore, you have the right to lodge a complaint with the supervisory authority if you are of the opinion that the processing of your personal data is not in compliance with data protection regulations (Art. 77 GDPR). The supervisory authority responsible is the commissioner for data protection and freedom of information of Baden-Württemberg (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg) (https://www.baden-wuerttemberg.datenschutz.de).

On grounds relating to your particular situation, you have the right to object to the processing of your personal data according to Art. 6 paragraph 1(e) GDPR (data processing in the public interest) at any time.

We will update this data protection policy, if there are modifications of the data processing itself or other circumstances require it The latest version is available on this website. We recommend reading the latest data protection policy before you use Zoom.