Updated: May 1, 2018
If you reside in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights with respect to your Personal Data, as further outlined below. These rights may include rights under the EU’s General Data Protection Regulation (“GDPR”), if you are a resident of the EU, United Kingdom, Lichtenstein, Norway or Iceland.
Collection of your Personal Data
We collect the following categories of Personal Data about you when you use or otherwise interact with the Service:
- Name, email address, and if your registration includes call out dialing, your phone number, directory extension, and direct line (“Registration Information”)
- Name of your employer
- Location based information
- Our servers automatically record certain information when you use the Service, including your IP address, operating system type and version, client version, IP addresses along the network path, and the MAC address of your internet connection (“Host Information”)
- We also automatically record information about your usage of the Service, including actions taken, date and time, frequency, duration, quantity, quality, network connectivity, and performance information related to logins, clicks, messages, contacts, content shared, calls, use of video and screen sharing, meetings, cloud recording, and other feature usage information (“Usage Information”)
- Other information you upload, provide, or create while using the Service ("User-Generated Information"), as further detailed in the “User Generated Information” section below
We collect and/or process your Personal Data in connection with the below activities related to the Service:
- Account registration
- Use of certain Service features
- Improvement of the Service
- Marketing communications related to the Service
- To display your identity to other users (If you sign up for the Service using your work email address, your Registration Information will be visible to other users who have the same email domain)
- Requesting service and support for the Service
- To optimize your connection to our data center
Processing of your Personal Data
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as your user agreement with us that allows us to provide you with the Products) and our “legitimate interests” or the legitimate interest of others (e.g. our users) such as:
- Personalizing, improving or operating the Service and our business
- Better understanding your needs and interests
- Fulfilling requests you make related to the Service
- Providing you with information and offers from us or third parties
- Complying with our legal obligations, resolving disputes with users, enforcing our agreements
- Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity
We process your Personal Data for purposes such as:
- To provide and enroll you in the Service
- To keep you up to date on the latest announcements, features, updates, upgrades, system enhancements, special offers, and other information
- To understand how the Service is used
- To diagnose problems with the Service
- To personalize and send marketing communications to you about the Service
- To make improvements to the Service and other Zoom products and services
- To prevent or address service or technical problems
- To provide support and assistance for the Service
- To provide Customer feedback and support
- To respond to Customer support requests
- To conduct analytics and aggregate statistical analysis
- To transfer to third parties that help us provide the Service
- To meet contract or legal obligations
We collect and retain Personal Data and other information you upload, provide, or create while using the Service ("User-Generated Information"), including information related to:
- Meetings: Meeting title, invitation content, participants, meeting link, date, time and duration. We collect activity recorded in the meeting (such as joining or leaving), including activity related to third-party integrations, together with the date, time, person engaged in the activity, and other participants in the meeting with the date, time, duration, and quality ratings that you provide. We route audio and video call content and screen sharing content between call participants but we do not retain or store the content unless cloud recording is used.
- Messages: Message content, sender and recipients, date, time, and read receipts
- Content shared: Files and file names, sizes, and types
- Whiteboards: Whiteboard content, snapshots, and background images
- Status: Status information, for example about whether and when you are active, out of office, or have turned on Busy. You can choose whether or not to share status information with other users.
All messages and content you share in a meeting, including Personal Data about you or others, will be available to all other participants in that meeting.
If you share a meeting link with another user who is not already in the meeting, when that user tries to join the meeting he or she will be able to see the list of other users in the meeting, as well as other invitees joining the meeting.
When you use the "Send Feedback" feature of the Service or, choose to send a problem report or logs from a device, logs of your activity are automatically shared with us so that we can provide technical support and make product improvements. In some cases, you may be offered the option to send logs at the end of a specific call following a call failure or a low call rating within the Service. These logs record information about the participants, date, time, duration, and quality related to your activities with the Service, as well as hashes (one-way encrypted versions) of messages you've sent or received. If your device is paired with an endpoint, the activity logs from the paired device will also be shared with us. These logs may pertain to other users of the paired device besides you. No content or message text that you send or receive is shared with us, unless you choose to include optional screen shots that display messages or content. The logs are stored unencrypted on your device and, together with screen shots, are sent to us using transport encryption (see next section). Your employer has the ability to share logs with us on demand from any device it administers.
Mobile and Browser Permissions
The Service makes use of a number of features available on mobile device and web browser platforms to support a full-featured collaboration experience. Depending on which mobile or browser platform you use and which Service features you use, your application may request or automatically obtain some or all of the following permissions:
- Phone, microphone, camera, and audio recording: the Service uses access to your device's phone interface, microphone, and camera to allow you to make audio and video calls. On some devices, the mobile device platform also requires that audio recording permission be obtained so that you can make calls (although we do not record audio). The Service will only make use of these permissions when you choose to initiate or receive a call. Camera access is also used to allow you to participate in the video conference.
- Screen sharing: the Service needs screen sharing permission to allow you to share your screen with other users during a call. The Service will only share the screen content that you specify and will only share it with the other users on the call.
- Calendar and contacts: the Service uses calendar and contact information to make it easier for you to connect with contacts and to schedule meetings.
- Files and photos: To make it possible for you to share files and photos with other users, the Service needs permission to access files and photos stored on your device.
- Push notifications: You can choose to allow the Service to notify you about new messages and other activity even when you do not have the Service application open. User information collected by the Service is shared with third-party push notification services and mobile operators when users allow push notifications. If you no longer wish to receive these types of communications, you may turn them off at the device level.
You can choose whether to provide Personal Data to Zoom, but note that you may be unable to access certain options, offers, and services if they require Personal Data that you have not provided.
You can sign-up, and therefore consent, to receive email or newsletter communications from us. If you would like to discontinue receiving these communications, you can update your preferences by using the “Unsubscribe” link found in such emails or by contacting us using the information in the “Contact Us” section of this policy.
Data Subject Rights
You have certain rights with respect to your Personal Data as set forth below. Please note that in some circumstances, we may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.
To make any of the following requests, contact us using the contact details referred to in the “Contact Us” section of this policy.
- Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
- Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
- Erasure: You can request that we erase some or all of your Personal Data from our systems.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our products.
- Right to File Complaint: You have the right to lodge a complaint about Zoom’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
How long we retain your Personal Data depends on the type of data and the purpose for which we process the data.
Cookies and Tracking Technologies
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Service does not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Service and after you leave our properties.
We partner with third parties to either display advertising on the Service or to manage our advertising on other sites. Some of our third party partners use technologies such as cookies and other technologies to gather information about your activities on this website, our affiliates’ websites, and unaffiliated websites in order to provide you advertising based upon your browsing activities and interests. With respect to our interest-based ads, we adhere to self-regulatory principles for online behavioral advertising issued by the Digital Advertising Alliance (“DAA”) and the European Interactive Digital Advertising Alliance (“EDAA”) (collectively, the “OBA Principles”). More information about the OBA Principles can be found at https://digitaladvertisingalliance.org/principles and https://www.edaa.eu/european-principles/. If you wish to not have information about your online activities over time and across different websites used for the purpose of serving you interest-based ads, you can opt-out by clicking here and here (or if located in the EU click here). Please note that (1) this does not opt you out of being served ads, and even if you opt out of interest-based ads, you will continue to receive generic ads and (2) we store your opt-out preference for interest-based ads in a cookie on your device, and therefore you may have to opt out again if you delete your cookies.]
Sharing your Personal Data
We do not sell or rent your Personal Data to third parties for marketing purposes unless you have expressly consented to such processing. We may share Personal Data within Zoom and its affiliated companies and with third party service providers for purposes of data processing or storage.
We may also share Personal Data with business partners, service vendors, and/or authorized third-party agents or contractors in order to provide a requested product or transaction, including processing orders, processing credit card transactions, hosting websites, hosting event and seminar registration and providing customer support. We provide these third parties with Personal Data to complete/utilize the requested product or transaction.
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data as set forth in this policy. As required by law, Zoom may respond to subpoenas, court orders, or similar legal process by disclosing your Personal Data and other related information, if necessary. We also may use Personal Data and other related information to establish or exercise our legal rights or defend against legal claims.
Zoom may collect and possibly share Personal Data and any other additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Zoom's terms of service, or as otherwise required by law.
Security of your Personal Data
Zoom is committed to protecting the Personal Data you share with us. We utilize a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use or disclosure.
When we transfer credit card information over the Internet, we protect it using Secure Sockets Layer (SSL) encryption technology.
We recommend you to take every precaution in protecting your Personal Data when you are on the Internet. For example, change your passwords often, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.
If you have any questions about the security of your Personal Data, you can contact us at firstname.lastname@example.org.
Transfer and Storage of Personal Data
The Services are hosted and operated in the United States (“U.S.”) through Zoom and its service providers. We may transfer your Personal Data to the U.S., to any Zoom affiliate worldwide, or to third parties acting on our behalf for the purposes of processing or storage.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Statement
Zoom participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield. Zoom is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List. [https://www.privacyshield.gov/list]
Zoom is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Zoom complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, Zoom is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Zoom may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Standard Contractual Clauses
In certain cases, Zoom will transfer Personal Data from the EU in accordance with the European Commission-approved Standard Contractual Clauses, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.
California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request the address below.
Zoom Video Communications, Inc.
Attention: Data Privacy Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113
If you reside in the EU, United Kingdom, Lichtenstein, Norway or Iceland, you can also contact our Data Protection Officer https://zoom.us/gdpr.