Data Protection Zoom

Data protection information for online meetings, telephone conferences and webinars via “Zoom” of pharma-insight GmbH

We would like to inform you below about the processing of personal data in connection with the use of “Zoom”.

Purpose of the processing

We use the “Zoom” tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc. based in the USA.

Person responsible

The controller for data processing that is directly related to the organisation of “online meetings” is pharma-insight GmbH, Max-Volmer-Str. 28, 40724 Hilden, Germany.

Note: If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, accessing the website is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”.

You can also use “Zoom” if you enter the relevant meeting ID and any other access data for the meeting directly in the “Zoom” app.

If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.

What data is processed?

Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or when participating in an “online meeting”.

The following personal data is subject to processing:

  • User details: first name, surname, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional),
  • Department (optional)
  • Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
  • When dialling in with the telephone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
  • Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Zoom” applications.

 

To take part in an “online meeting” or to enter the “meeting room”, you must at least enter your name.

Scope of processing

We use “Zoom” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in the “Zoom” app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered with “Zoom” as a user, reports on “online meetings” (meeting metadata, telephone dialling data, questions and answers in webinars, survey function in webinars) can be stored for up to 12 months at “Zoom”.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal basis for data processing

Insofar as personal data of employees of pharma-insight GmbH are processed, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of “Zoom”, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective organisation of “online meetings”.

In addition, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we have an interest in the effective organisation of online meetings.

Recipients / forwarding of data

Personal data that is processed in connection with participation in “online meetings” will not be passed on to third parties by us unless it is intended to be passed on. Please note that content from “online meetings” as well as face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of “Zoom” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract with “Zoom”.

Data processing outside the European Union

“Zoom” is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider of “Zoom” that meets the requirements of Art. 28 GDPR.

An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. Furthermore, the provider of Zoom is certified in accordance with the EU-U.S. Data Privacy Framework (DPF). As additional protective measures, we have also configured Zoom in such a way that only data centres in the EU are used to conduct “online meetings”.

Data Protection Officer

We have appointed a data protection officer:

Jessica Stehn-Bäcker
Intelli Revolution GmbH
Überseeallee 1
20457 Hamburg
Mail: [email protected]

Your rights as a data subject

You have the right to information about the personal data concerning you. You can contact us at any time for information.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so.

Finally, you have the right to object to the processing within the framework of the legal requirements.

There is also a right to data portability within the framework of data protection regulations.

Deletion of data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint about the processing of personal data by with a supervisory authority for data protection.

Amendment of this data protection notice

We will revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

Status: 14.02.2024