Zoom Video Communications GDPR Compliance
Updated: April 13, 2020
The protection of private information is fundamental to the trust Zoom users have given us when choosing our service. In order to be compliant with GDPR we have implemented the following updates to our platform and practices.
For EU member state customers, we have implemented “zero-load” cookies, which means that cookies will not be put onto a users browser until after preferences have been set. Users that are detected via IP address as coming from a EU member state, upon their first visit to the zoom.us website, will be presented with a cookie-pop up box that allows cookie preferences to be set. These cookie preferences can also be changed at any time in the future by visiting the cookie preferences link at the footer of any page on our website (only visible to visitors with EU IP addresses).
Opt-in to Communications:
EU users can opt-in to communications from Zoom when registering for Zoom-hosted webinars or downloading whitepapers from our website. Users in other jurisdictions can contact firstname.lastname@example.org to be unsubscribed from marketing emails.
Data Protection Officer
We have appointed Lynn Haaland as a Data Protection Officer (DPO) together with Deborah Fay as our EEA Data Protection Officer, both of whom are experts in matters of privacy and GDPR compliance. They can be reached at email@example.com.
Zoom has entered into Data Protection Agreements with our vendors (subprocessors) to ensure that the privacy and security of our customer data is protected. To view our data processing agreement, please visit Zoom’s Legal and Privacy webpage.
Employee Education and Training
In addition to the privacy training that all Zoom employees receive during on-boarding and annually thereafter, employees with roles that are customer facing (e.g. sales team) have been trained on GDPR and how it impacts their roles.
Data Subject Rights
GDPR empowers data subjects (aka our users) with certain rights to help assure the privacy and protection of their personal data. To exercise these rights:
- Right of access: You can request more information about the personal data we hold about you.
- Customer-based accounts: The administrator of your account as the controller of your data is responsible for providing you with information requested through a valid data subject access request. . Please contact your Zoom account administrator to complete your request.
- Individual-based accounts (all plans): To view the personal data that Zoom collects about you, please visit your user account profile in the Zoom client. For meeting content, including information shared during meetings, information about participants in meetings and any recordings of meetings, the host is responsible to provide access to such data..
- Right of rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete:
- Customer-based accounts: Please contact your account administrator if you believe your personal data is inaccurate and requires correction.
- Individual-based accounts (all plans): You can directly correct (rectify) your personal data by logging into your Zoom account and modifying your personal data in your user profile settings.
- Right to object / restrict processing: You may have the right to object or restrict your data processing for certain purposes.
- Customer-based accounts: Contact your account administrator who will evaluate the right to object or restrict your data processing..
- Individual-based accounts (all plans): Users can email firstname.lastname@example.org or unsubscribe as a self-service from our marketing communications by clicking the unsubscribe link at the bottom of Zoom marketing emails.
- Right to erasure:
- Customer-based accounts: Your account administrator is responsible for carrying out data deletion requests using the in-product tools. Further information on how to delete a user can be found at Zoom’s Removing a user from your account support site. Deleting a user permanently removes them and their data from Zoom. When deleting a user, associated meetings, webinars, and cloud recordings can be deleted with or without transfer of this data to another licensed Zoom user, depending on your account administrator’s privacy and security policies.
- Individual-based accounts (all plans): Individual users can find instructions on how to terminate your subscription, if applicable, and delete your account at Zoom’s How do I Delete and Terminate My Account support site.
- Right to portability: Zoom account administrators can download or export cloud recordings and chat logs as a self-service.
- Opt Out of “Sales” (California residents): Zoom does not sell customer content to anyone or use it for any advertising purposes. You can opt you out of certain advertising practices on our Marketing webpages related to your data by clicking on the “Do Not ‘Sell’ My Personal Information” link at the bottom of Zoom.us.
- Withdrawal of Consent: If we are processing your data based on your consent (as indicated at the time of collection of such data), you may have the right to withdraw your consent at any time. Email email@example.com or unsubscribe from our marketing communications by clicking the unsubscribe link at the bottom of Zoom marketing emails.