OnZoom and Zoom Events Privacy Statement
OnZoom and Zoom Events Privacy Statement
Last Updated June 5, 2023
- What this Statement Covers
- What Personal Data Do We Receive
- How Do We Use Personal Data
- How Do We Share Personal Data
- Who Can See and Share My Personal Data When I Use Zoom Events?
- Privacy Rights and Choices
- How to Contact Us
- European Data Protection Specific Information
- California Notice at Collection
- California and Other U.S. State Privacy Rights
- Changes to This Statement
Zoom Video Communications, Inc., and its subsidiaries, affiliates and parent companies (“Zoom”, “we”, “us” or “our”) is committed to protecting your privacy and ensuring you have a positive experience when you use Zoom Events and/or the OnZoom events directories (together, “Zoom Events”).
Zoom Events is an online platform for event organizers (“Event Hosts”) to create, organize, host, promote, manage, and list online events, performances, gatherings, or similar functions, or a series thereof (“Event” or “Events”), for Event participants (“Event Participants”) to purchase tickets to and attend such Events, and for Event Hosts and Event Participants (together, “Users”) to interact on or through Zoom Events.
This Zoom Events Privacy Statement describes Zoom’s practices when we collect and/or process (which may include collecting, organizing, structuring, storing, using, or disclosing) your “personal data” in connection with Zoom Events, including through our website at on.zoom.us.
As part of providing you with Zoom Events, we use Zoom’s video conferencing and communication services (“Zoom Conferencing Services”). For information about how we process your personal data in connection with the Zoom Conferencing Services and our other services (such as when you visit our other webpages, interact with us on social media, or attend a Zoom sponsored event offline), please see the Zoom Privacy Statement.
In some instances, you may use Zoom Events through a Zoom account provided by an account owner (“Account Owner”). An account owner is the organization or individual that signs up for a Zoom account, such as your employer.
When you use Zoom Events through an account provided to you by an Account Owner, the processing of your personal data is determined and administered by that Account Owner. Similarly, when you attend an Event, the Event Host may collect and process your personal data for their own purposes or on behalf of another. Please see “Who Can See and Share My Personal Data When I Use Zoom Events?” below for additional detail. This Zoom Events Privacy Statement does not apply to personal data processed by an Account Owner or Event Host, which is subject to their respective privacy policies. If you have questions about how and why your personal data is processed by an Account Owner or Event Host, their legal basis for processing, or requests regarding your personal data, please direct your inquiries to the relevant Account Owner or Event Host.
This Zoom Events Privacy Statement also does not apply to any third-party applications or software that you elect to add to Zoom Events (“Third Party Services”), or any other third-party websites, applications, or online products, services or businesses you may access from or in connection with Zoom Events.
Personal data is any information from or about an identified or identifiable person, including information that Zoom can associate with an individual person. We may collect, or process on behalf of Event Hosts, the following categories of personal data when you use or interact with Zoom Events:
- Information from your Zoom accountWe automatically collect certain information from your Zoom account when you register for Zoom Events with your Zoom Account.
Account Information: Information associated with the Zoom account using or interacting with Zoom Events, which may include name, contact information, account ID, business and billing information and address, and account plan information.
Profile and Contact Information: Information associated with the Zoom profile using or interacting with Zoom Events, which may include your display name, profile picture, email address, phone number, job information, location, and other profile information (including information you may provide to Zoom or the Event Host or authorize a third-party to provide to Zoom).
- Information from Event HostsWe collect certain information from Event Hosts when they request to become an Event Host and create Events.
Event Host Information: Information associated with the Event Host, which may include the Event Host’s name, display name, email address, profile and social media information, contact information, location, and business registration, billing, transaction, tax information, and other information input by the Event Host.
Event Creation and Invitation Information: Information associated with the creation and/or details for an Event, which may include the Event name, topic, start time, ticket price, and other invitation information.
Event Participant Information: Information associated with Event Participant invitation or other communications for an Event, which may include the Event Participant’s name and email address.
Event Settings: Information associated with the preferences and settings for an Event, which may include whether a passcode or a waiting room is required, permitted capacity, screen sharing settings, and other settings and configuration information.
- Information from youWe collect certain information from you to provide Zoom Events.
Event Participant Information: Information about you when you attend an Event, which may include your name, display name, email address, phone number, address, payment information, and answers to any custom registration questions.
Settings: Information associated with your preferences and settings when using Zoom Events, which may include your notification preferences, subscription preferences, and other settings and configuration information.
Communications with Zoom: Information associated with your communications with us about Zoom Events, which may include your customer support communications, feedback, and other communications information.
Product Usage: Information associated with your use and interaction with Zoom Events, which may include your upcoming and past Events, orders, favorites, and gifting activity.
Website Usage: Information about when and how people visit and interact with Zoom Events’ websites, including what pages are accessed, interaction with the website features, and whether or not you signed up for a Zoom Event.
Zoom Conferencing Services Information: We use the Zoom Conferencing Services to provide you with Zoom Events. When you host or attend an event, we collect certain information from the Zoom Conferencing Services, including data about how end users use Zoom Events and data from the end user’s device about usage and performance.
- Device Information: Information associated with the computer, phone, or other device you use for Zoom Events, which may include information about your speakers, microphone, and camera, OS version, hard disk ID, PC name, MAC address, IP address, device attributes (like operating system version and battery level), WiFi information, location information (at a city, country, and region level), and other device information (like bluetooth signals).
- Event and Messaging Content and Context: Information associated with content generated through the Event hosted on Zoom Conferencing Services, which may include audio, video, in-Event messages, chat messaging content, transcriptions, written feedback, responses to polls and Q&A, and files, as well as related context, such as invitation details, meeting or chat name, or meeting agenda. Content may contain your voice and image, depending on what you choose to share, your settings (or the Account Owner’s settings), and what you do on Zoom Events.
- Information from your Zoom accountWe automatically collect certain information from your Zoom account when you register for Zoom Events with your Zoom Account.
Please see the Zoom Privacy Statement for more information about the personal data we collect and use through the Zoom Conferencing Services.
We use your personal data for the following purposes:
- Provide Zoom Events: To provide Events, features, and services to Event Hosts, Account Owners, their users, Event Participants, and those they invite to join Events, including to register Event Participants for Zoom Events, to allow Event Hosts to create and host Events, to provide Event information, to display profiles to Event Participants, to recommend networking connections, to provide Zoom Events dashboards and reports, to suggest choices, such as language preferences, and to use aggregated data to test and improve the user experience. Zoom also uses personal data, including contact information, to route invitations and messages to recipients when people send invitations to Events using Zoom Events. This may also include using personal data for customer support, which may include accessing audio, video, files, and messages, at the direction of the account owner or their users. We also use personal data to manage our relationship and contracts with Event Participants, Event Hosts and account owners, including payments, billing, compliance with contractual obligations, and related administration. When Participants without a Zoom account join a Zoom Event, Zoom may collect and store their attendee profiles for use at future Zoom Events.
- Product Research and Development: To develop, test, and improve Zoom Events, including, for example, to improve your experience, create aggregated data to improve Zoom Events, and for other lawful business purposes, and to troubleshoot Zoom Events features and services.
- Marketing and Promotions: To market, advertise, and promote Zoom Events, including evaluating the success of our marketing campaigns, and running opt-in contests, sweepstakes or other promotional activities. Further, for OnZoom users, to suggest to you Events you may be interested in. If you visit our website, we may log information about how and when you visit, and your interactions with it, and use this information to provide advertisements to you relating to Zoom Events, or to engage third-party marketing partners to log your interactions on our website or deliver advertising to you.
- Authentication, Integrity, Security, and Safety: To authenticate accounts and activity, detect, investigate, and prevent malicious, harmful, unauthorized, or illegal conduct or unsafe experiences, address security threats, protect public safety, maintain the security and integrity of our infrastructure, services, and disaster recovery plans and policies, and secure Zoom Events.
- Communicate with You: We use personal data (including contact information) to communicate with you about Zoom Events, features, and services, including providing announcements about software updates, upgrades, and system enhancements, responding to you when you contact us, and making recommendations.
- Content Compliance and Protection. Zoom monitors Event listings, Event reviews and other user generated content, and may use any personal data contained therein, as we believe necessary or appropriate to:
- Monitor compliance with and enforce the applicable terms, including our community guidelines;
- Detect, prevent, or otherwise address fraud, harmful, unauthorized or illegal activity, including security incidents;
- Protect against harm to the safety, rights or property of Users, Zoom or others; and/or
- Satisfy any applicable law, regulation, or valid legal process including from law enforcement or other governmental bodies.
- Legal Reasons: To comply with additional applicable law, comply with contractual obligations, or respond to valid legal process, including from law enforcement or government agencies, to investigate or participate in civil discovery, litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our Terms of Service or policies.
In general, we will use your personal data only for the purposes described in this Zoom Events Privacy Statement or for purposes that we explain to you at the time we collect your personal data. However, we may also use your personal data for other purposes that are not incompatible with the purposes we have disclosed to you, if and where this is permitted by applicable data protection laws.
Zoom provides personal data, including Account Information and Event Host Information, to third parties only with consent or in one of the following circumstances (subject to your prior consent where required under applicable law):
- Referral Partners: If Zoom received your personal data from a third-party partner and you become a User, Zoom may disclose select personal data to that partner or their designee for the purpose of the partnership agreement; for example, to reward a referral partner from a co-sponsored event. Zoom’s partners have contractually agreed to comply with appropriate privacy and security obligations.
- Resellers: If an Account Owner licensed Zoom from a third-party reseller of Zoom Products, the reseller may be able to access personal data and content from Zoom Events hosted by the Account Owner.
- Vendors: Zoom works with third-party service providers to provide, support, and improve Zoom Events and technical infrastructure. Zoom may also work with third-party service providers to provide advertisements and business analytics regarding Zoom Events. These vendors can access personal data subject to contractual and technical requirements for protecting personal data and prohibiting them from using personal data for any purpose other than to provide services to Zoom or as required by law.
- For Legal Reasons: Zoom may share personal data relating to Zoom Events as needed to: (1) comply with applicable law or respond to, investigate, or participate in valid legal process and proceedings, including from law enforcement, government agencies, or regulatory authorities; (2) enforce or investigate potential violations of its Terms of Service or policies; (3) detect, prevent, or investigate potential fraud, abuse, or safety and security concerns, including threats to the public; 4) meet our corporate and social responsibility commitments; (5) protect our and our customers’ rights and property; and (6) resolve disputes and enforce agreements.
- Marketing and Analytics Partners: Zoom Events’ websites use third-party marketing and advertising providers to provide statistics and analysis about how people are using our websites and to provide advertising and marketing, including targeted advertising based on your use of our websites. These third-party partners may receive information about your activities on the Zoom Events website through third-party cookies placed on the website. To opt out of our use of third-party cookies that share data with these partners, visit our cookie management tool, available in Cookies Settings. Where required by law, Zoom will first obtain your consent before engaging in the activities described here.
- Corporate Affiliates: Zoom shares personal data with corporate affiliates, such as Zoom Voice Communications, Inc., to provide the Zoom Event services, integrated and consistent experiences across Zoom’s products and services and to detect, investigate, and prevent fraud, abuse, and threats to public safety.
- Change of Control: We may share personal data relating to Zoom Events with actual or prospective acquirers, their representatives and other relevant Event Participants in, or during negotiations of, any sale, merger, acquisition, restructuring, or change in control involving all or a portion of Zoom’s business or assets, including in connection with bankruptcy or similar proceedings.
When you join and/or participate in Zoom Events, other people and organizations, including third parties outside the Event, may be able to see your personal data, including the content and information that you share.
- Event Hosts, Panelists and Event Participants :Event Hosts and other Event Participants in a Zoom Event (including Panelists) may be able to see your display name and profile picture. Event Hosts and Event Participants can also see and (depending on the Account Owner’s settings) record or save Events, audio transcripts, messages sent to all Event Participants or to them directly, and files, whiteboards or other information shared during an Event.
- Livestreams: Event Hosts can choose to transmit or receive live video and audio coverage of an Event (“livestream”) to a third-party site or service, which means anyone with access to the livestream will be able to see the Event.
If you are in the European Economic Area (EEA), Switzerland, or the UK, or a resident of California, please refer to the respective dedicated sections below. Otherwise, at your request, and as required by applicable law, we will:
- Inform you of what personal data we have about you that is under our control;
- Amend or correct such personal data or any previous privacy preferences you selected, or direct you to applicable tools; and/or
- Delete such personal data or direct you to applicable tools.
In order to exercise any of your rights as to personal data controlled by Zoom, or if you have any other questions about our use of your personal data, please send a request to email@example.com. Please identify yourself and, for information relating to Zoom Events, specify your account and/or user information and other information to enable us to authenticate and respond to your request. Where legally permitted, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others. As an account owner or a user under a licensed account, you may also take steps to affect your personal data by visiting your account and modifying your personal data directly.
Children 16 and under are not permitted to sign up for a Zoom account or access Zoom Events.
To exercise your rights or if you have any privacy-related questions or comments related to this Zoom Events Privacy Statement, please send an email to firstname.lastname@example.org.
You can also contact us by writing to the following address:
Zoom Video Communications, Inc.
Attention: Data Privacy Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113
Or to our representative in the EU:
Lionheart Squared Ltd
Attn: Data Privacy
2 Pembroke House
Upper Pembroke Street 28-32
Republic of lreland
You can contact our Data Protection Officer by sending an email to email@example.com.
We retain personal data for as long as required to engage in the uses described in this Zoom Events Privacy Statement, unless a longer retention period is required by applicable law.
The criteria used to determine our retention periods include the following:
- The length of time we have an ongoing relationship with you and provide Zoom Events to you (for example, for as long as you have an account with us or keep using our Events);
- Whether account owners modify or their users delete information through their accounts;
- Whether we have a legal obligation to keep the data (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to the enforcement of our agreements, the resolution of disputes, and applicable statutes of limitations, litigation, or regulatory investigation).
Zoom Events operates globally, which means personal data may be stored and processed (for example stored in a data center) in any country where we or our service providers have facilities or hold events. By using Zoom Events or providing personal data for any of the purposes stated above, you acknowledge that your personal data may be transferred to or stored in the United States or in other countries around the world. Such countries may have data protection rules that are different and less protective than those of your country.
If you are a resident of Europe, and your personal data is transferred outside of Europe, we will:
- Process it in a territory which the European Commission or United Kingdom authorities (as applicable) has determined provides an adequate level of protection for personal information; or
- Implement appropriate safeguards to protect your personal information, including transferring it in accordance with applicable transfer mechanisms.
Data Subjects Rights
If you are in the EEA, Switzerland, or the UK, your rights in relation to your personal data processed by us as a controller specifically include:
- Right of access and/or portability: You have the right to access any personal data that we hold about you and, in some circumstances, have that data provided to you so that you can provide or “port” that data to another provider;
- Right of erasure: In certain circumstances, you have the right to the erasure of personal data that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected);
- Right to object to processing: In certain circumstances, you have the right to request that we stop processing your personal data and/or stop sending you marketing communications;
- Right to rectification: You have the right to require us to correct any inaccurate or incomplete personal data;
- Right to restrict processing: You have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).
In order to exercise any of your rights as to personal data controlled by Zoom, or if you have any other questions about our use of your personal data, please send a request at the contact details specified in the How to Contact Us section of this Privacy Statement. Please note that we may request you to provide us with additional information in order to confirm your identity and ensure that you are entitled to access the relevant personal data.
You also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.
Legal Basis for Processing Personal Data
We only use your information in a lawful, transparent, and fair manner. Depending on the specific personal data concerned and the factual context, when Zoom processes personal data as a controller for individuals in regions such as the EEA, Switzerland, and the UK, we rely on the following legal bases as applicable in your jurisdiction:
- As necessary for our contract: When we enter into a contract directly with you, we process your personal data on the basis of our contract in order to prepare and enter into the contract, as well as to perform and manage our contract (i.e., providing Zoom Events, features and services to account owners, their users, and those they invite to join meetings and webinars Event Hosted on their accounts, and manage our relationship and contract, including billing, compliance with contractual obligations, and related administration). If we do not process your personal data for these purposes, we may not be able to provide you with all Events, features, and services;
- Consistent with specific revocable consents: We rely on your prior consent in order to utilize cookies to engage advertising and analytics partners to deliver tailored advertising and analysis of our website usage. You have the right to withdraw your consent at any time by visiting our cookie management tool, available here;
- As necessary to comply with our legal obligations: We process your personal data to comply with the legal obligations to which we are subject for the purposes of compliance with EEA laws, regulations, codes of practice, guidelines, or rules applicable to us, and for responses to requests from, and other communications with, competent EEA public, governmental, judicial, or other regulatory authorities. This includes detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activity (“fraud and abuse detection”) and compliance with privacy laws;
- To protect your vital interests or those of others: We process certain personal data in order to protect vital interests for the purpose of detecting and preventing illicit activities that impact vital interests and public safety, including child sexual abuse material; and
- As necessary for our (or others’) legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data: We process your personal data based on such legitimate interests to (i) enter and perform the contract with the account owner and/or reseller providing you with the Events (which includes billing, compliance with contractual obligations, and related administration and support); (ii) develop, test, and improve our Events and troubleshoot products and features; (iii) ensure authentication, integrity, security, and safety of accounts, activity, and Events, including detect and prevent malicious conduct and violations of our terms and policies, prevent or investigate bad or unsafe experiences, and address security threats; (iv) send marketing communications, advertising, and promotions related to the Events; and (v) comply with non-EEA laws, regulations, codes of practice, guidelines, or rules applicable to us and respond to requests from, and other communications with, competent non-EEA public, governmental, judicial, or other regulatory authorities, as well as meet our corporate and social responsibility commitments, protect our rights and property and the ones of our customers, resolve disputes, and enforce agreements.
Categories of Personal Information Zoom Receives: Zoom may collect, or process on behalf of our customers, the following categories of personal data, as described above, in the “What Personal Data Do We Receive?” section: identifiers (such as in Account Information, Profile and Participant Information, Contact Information, and Registration Information), financial account information (such as in Account Information); commercial information (such as in Account Information); internet or other electronic network activity information (such as Device Information, Usage Information Regarding Meetings, Webinars, Message, Collaborative Features, and the Website, and Limited Information from Zoom Email and Calendar Services); audio, electronic, and visual information (such as in Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features) education information such as from university customers; inferences we derive from the preceding or other information we collect; and sensitive personal information (such as certain categories in Account Information, Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features.
Sources: We receive information from sources as described in the “What Personal Data Do We Receive?” section, including: from you (including through your use of our products and services); from partners; from customers; and from publicly available sources. We collect education information from schools that use our services. Please see our Children’s Educational Privacy Statement for more information.
Zoom’s business and commercial purposes for use: Zoom uses personal data for the following business and commercial purposes: to provide Zoom Products and Services; for Product Research and Development; for Marketing and Promotions (Zoom does not use meeting, webinar, or messaging content, or any content generated or shared as part of other collaborative features for any marketing or promotions); Authentication, Integrity, Security, and Safety; to Communicate with You; and for Legal Reasons. For more information, please see “How We Share Personal Data?” Categories of third parties to whom we disclose Personal Information for business purposes are described in “How We Share Personal Data?”
Zoom may permit advertising and analytics services that are intended to deliver advertising to you and/or analyze your interactions, based on your interactions with our website or app, which may constitute a “sale” or “sharing” of data under California law. See “California & Other U.S. State Privacy Rights” for more information regarding your right to opt-out.
Retention: Zoom retains personal data for as long as required to engage in the uses described in this Privacy Statement, unless a longer retention period is required by applicable law. Additional detail on retention criteria can be found under Retention, above.
Under some U.S. state laws, including the California Consumer Privacy Act of 2018 (as amended by the California Consumer Privacy Rights Act) (CCPA), residents may have a right to:
- Access the categories and specific pieces of personal data Zoom has collected, the categories of sources from which the personal data is collected, the business purpose(s) for collecting the personal data, and the categories of third parties with whom Zoom has shared personal data;
- Delete personal data under certain circumstances;
- Correct personal data under certain circumstances; and
- Appeal a denial of your request. Some states provide additional rights to their residents. If we decline to process your request, you may have the right to appeal our decision. You can do so by replying directly to our denial or emailing firstname.lastname@example.org.
Zoom will not discriminate against you for exercising any of these rights, which is further in line with your rights under state law.
Sensitive Information. Zoom receives information that may be considered sensitive under some state laws, such as certain Account Information (e.g., financial information, log-in information) , certain Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features and certain Limited Information from Zoom Email and Calendar Services (e.g., messaging content in cases described herein) Zoom processes sensitive personal information to provide Zoom products and services, for product research and development, for authentication, integrity, security, and safety reasons, to communicate with you, for legal reasons, and with your consent. Zoom does not use or disclose sensitive personal information (as defined under CCPA) for purposes of inferring characteristics about a consumer, or in any way that would require Zoom to provide a right to limit under the CCPA. Under certain laws, residents may also be permitted to opt out of certain profiling relating to automated processing analyzing certain categories of an individual’s information that would produce a legal or similarly significant effect. Zoom does not engage in this type of profiling of individuals.
We will acknowledge receipt of your request within 10 business days, and provide a substantive response within 45 calendar days, or inform you of the reason and extension period (up to a total of 90 days) in writing.
These rights are not absolute, are subject to exceptions and limitations, and may not be afforded to residents of all states. In certain cases, we may decline requests to exercise these rights where permitted by law. We will need to verify your identity to process your access, deletion, and correction requests and reserve the right to confirm your state residency. To verify your identity, we may require you to log into your existing Zoom account (if applicable), give a declaration as to your identity under penalty of perjury, and/or provide additional information, such as providing at least two pieces of personal information relating to your account (which will be compared to information we have, such as profile information) or as we otherwise may already have in our possession, such as your email address and phone number. We will verify your consumer request by comparing the information you provide to information already in our possession, and take additional steps to minimize the risk of fraud. You may designate an authorized agent to submit your verified consumer request by providing written permission and verifying your identity, or through proof of power of attorney.
To see our Disclosure of Privacy Rights Requests, please click here.
California’s Shine the Light Law
California Civil Code Section 1798.83, also known as “Shine The Light” law, permits California residents to annually request information regarding the disclosure of your Personal Information (if any) to third parties for the third parties’ direct marketing purposes in the preceding calendar year. We do not share Personal Information with third parties for the third parties’ direct marketing purposes.
We may update this Zoom Events Privacy Statement periodically to account for changes in our collection and/or processing of personal data, and will post the updated Zoom Events Privacy Statement on our website, with a “Last Updated” date at the top. If we make material changes to this Zoom Events Privacy Statement, we will notify you and provide you an opportunity to review before you choose to continue using Zoom Events.