Data protection information according to Art. 13 ff. GDPR for use of Zoom

In this data protection notice we explain our use of the video communication software "Zoom".


<- back to main privacy policy

OD-OS GmbH, Warthestr. 21, 14513 Teltow,, is responsible for the collection and processing of your personal data in connection with the use of Zoom.

Description of data processing, purposes and types of data

We use the "Zoom" tool to hold telephone conferences, online meetings, video conferences and webinars (hereinafter: "Online Meetings").

Depending on the type and scope of use of "Zoom", different types of data are collected or processed. This includes in particular

  • Information about yourself (e.g. first and last name, email address, profile picture)
  • Meeting metadata (e.g. date, time and duration of communication, name of the meeting, participant IP address)
  • Device / hardware data (e.g. IP addresses, MAC addresses, client version)
  • Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)
  • Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

In the following we would like to inform you in more detail about the scope of data processing.

Required data and functions

As an employee, you have a host account or basic account at your disposal with which you can organize and hold online meetings as a "host" or "host". For the creation of your account or for the planning and implementation of an online meeting, the following data is collected or processed from you: Name, user name, email or telephone number, password (if no single sign-on is used).

If you take part in an online meeting as an internal or external participant, you will receive an access link from the host by email. When registering for the online meeting, you must then provide your name and, if applicable, your e-mail address. As a participant, you can take part in meetings directly from the browser without installing the Zoom client.

In addition, the tool collects user data that is required for the provision as well as technical and operational support and improvements to the services provided. This includes in particular technical data about your devices, your network and your Internet connection, such as IP address, MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or loudspeaker, type of connection.

Voluntary information and functions

You can, but do not have to provide further information about yourself. You are also free to use the chat, question or survey functions during the online meeting. You can also switch your camera and microphone on, off or mute yourself.

If you use the chat, question or survey function, the text entries you have made are processed in order to display them in the "online meeting" and, if necessary, to record them. If you switch on your camera or microphone, the data from the microphone of your device and any video camera on the device will be processed for the duration of the meeting. When online meetings start, your camera and microphone are turned off by default.

Please note that any information that you or others upload, provide or create during an online meeting will be processed at least for the duration of the meeting. This includes in particular chat / instant messages, files, whiteboards and other information that is shared while using the service.

Other functions

If this is necessary for the purpose of logging the results of an online meeting, chat content can be logged. However, this only affects "public" chats and messages sent directly to the hosts. The content of private chats is not logged.

If we would like to record online meetings, we will inform you in advance and - if necessary - ask for your consent. If a recording takes place, the participants of the online meeting are informed of this by the system, both by video and by audio.

Further information on the processing of your data when using "Zoom", a detailed list of the data collected and processed by "Zoom" and the "Zoom" data protection information can be found at: html.


Legal basis for data processing

If you use "Zoom" as an employee, the data processing takes place on the basis of § 26 Abs. 1 BDSG, if and insofar as the implementation of online meetings is necessary for the purposes of the employment relationship.

If you take part in an online meeting as an external participant, your data will be processed on the basis of Article 6 Paragraph 1 S. lit. b. GDPR, if your participation in the online meeting is necessary to fulfill a contract concluded with you. The same applies if the online meeting is necessary to carry out pre-contractual measures that are carried out at your request.

If the data processing in connection with the use of "Zoom" is neither necessary for the purposes of the employment relationship nor for the fulfillment of a contract concluded with you or for the implementation of pre-contractual measures, it is carried out on the basis of Art. 6 Para. f GDPR. Our legitimate interest lies in maintaining location-independent communication, maintaining business contacts and providing the services owed.

If you also voluntarily provide information about yourself when using the tool or voluntarily use functions that are not absolutely necessary, the associated data processing takes place on the basis of your revocable consent according to Art. 6 Para. 1 S. 1 lit. a, 7 GDPR in conjunction with Section 26 (2) BDSG. You can revoke your consent at any time with effect for the future. Please note that processing that took place before the revocation is not affected.

Passing on your data

In principle, we do not transmit your data to third parties. A transfer will only take place if the data is intended for transfer, you have expressly consented to the transfer in advance or we are obliged or entitled to do so due to legal regulations. Please note that content from "online meetings", as well as from personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Zoom Video Communications Inc. supports us in processing your data as an external service provider and processor within the meaning of Art. 28 GDPR. As an order processor, Zoom Video Communications Inc. processes your data strictly in accordance with instructions and on the basis of a separately concluded order processing contract. The data processing can also take place outside the EU or the EEA. With regard to Zoom Video Communications Inc., an appropriate level of data protection in accordance with Art. 46 Paragraph 2 GDPR lit. c GDPR can be achieved through the use of EU standard contractual clauses and other suitable measures (e.g. by setting up end-to-end encryption and using the data routing function). We are happy to provide closed EU standard contractual clauses on request.

Deletion of your data

In principle, we only process your data for as long as it is necessary for the purposes for which it was collected. Your data will then be deleted unless the processing or storage of your data is necessary to assert, exercise or defend legal claims. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.

Your rights as a data subject

In accordance with Art. 15 GDPR, you have the right to information from the person responsible about your personal data as well as to correct incorrect data in accordance with Art. 16 GDPR or to have the data deleted if one of the reasons stated in Art. 17 GDPR exist, e.g. if the data are no longer required for the purposes pursued. You also have the right to restrict processing if one of the conditions specified in Art. 18 GDPR is met and, in the cases of Art. 20 GDPR, the right to data portability. In cases in which we process your personal data on the legal basis of Art. 6 Para. 1 S. 1 lit.f GDPR, you also have the right to object at any time for reasons that arise from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You can assert your rights here:

You also have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint can in particular be asserted with a supervisory authority in the member state of the place of residence of the person concerned or of the place of the alleged violation.


Our data protection officer

In fulfilling our data protection obligations, we are supported by our data protection officer. The contact details of our data protection officers are: datenschutz nord GmbH, Konsul-Smidt-Straße 88, 28217 Bremen, email: E-Mail:, Web:

For Customers Navilas® Academy