Privacy notice for online meetings, conference calls and webinars via "Zoom”
We would like to inform you in the following about the processing of personal data in connection with the use of "Zoom".
Purpose of the processing
We use "Zoom" to perform telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Zoom" is a service of Zoom Video Communications, Inc. which is based in the United States of America (USA).
The controller directly related to the performance of "online meetings" is the Kuehne + Nagel Management AG, Dorfstrasse 50, 8834 Schindellegi, Switzerland.
Note: If you access the website of "Zoom" or download the app from Zoom, the provider "Zoom" is responsible for the data processing. The data protection information of "Zoom" can be found at: https://zoom.us/privacy.
You can also use "Zoom" if you enter the meeting ID and other access data for the meeting directly in the "Zoom" app.
If you do not want to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.
What data is processed?
When using "Zoom", different types of data are processed. The scope of the data also depends on the data you enter before or during participation in an "online meeting".
The following personal data can be processed:
User details: first name, last name, telephone (optional), e-mail address, password (if "SingleSign-On" is not used), profile picture (optional), Department (optional)
Meeting metadata: Topic, description (optional), participant IP addresses, equipment/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Zoom" applications.
In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.
Scope of processing
We use "zoom" to perform "online meetings". If we wish to record "online meetings", we will inform you of this transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed in the "Zoom" app.
Should it be necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and follow-up of webinars.
If you are registered as a user at "Zoom", reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at "Zoom".
The possibility of software-based "attention tracking" in "online meeting" tools such as "Zoom" is deactivated.
Automated decision making within the meaning of Art. 22 GDPR is not used.
Legal basis of the data processing
If personal data of Kuehne + Nagel employees is processed, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing, as long as the meetings are performed within the scope of a contractual relationship. If personal data of Kuehne + Nagel employees are processed in Germany, § 26 BDSG and the works council agreement of "Zoom" are also the legal basis for data processing.
In other respects, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. f) GDPR. In these cases, our legitimate interest is to ensure that "online meetings" are performed effectively.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, our legitimate interest is to ensure that "online meetings" are performed effectively.
Transfer of data / Recipients
Personal data processed in connection with participation in "online meetings" is generally not transferred to third parties, unless it is specifically provided for the purpose of transfer. Please note that content from "online meetings" as well as personal meetings are often used to communicate information with customers, consignees or third parties and are therefore intended to be forwarded.
Other recipients: The provider of "Zoom" necessarily receives knowledge of the above mentioned data. This is only the case insofar as this is provided for in our “data processing agreement” with "Zoom".
Data processing outside the European Union
"Zoom" is a service provided by a vendor from the USA. Processing of personal data therefore also takes place in a third country. We have signed a contract with the provider of "Zoom" which meets the requirements of Art. 28 GDPR.
An appropriate level of data protection is guaranteed on the one hand by the "Privacy Shield" certification of Zoom Video Communications, Inc. and on the other hand by the "EU standard contract clauses".
Data protection officer
We have appointed a data protection officer.
You can contact our team as follows: firstname.lastname@example.org
Your rights as data subject
You have the right of access to personal data concerning you. You can contact us for information at any time.
When requesting information, we ask for your understanding that we may require you to provide proof that you are the person you claim to be.
Furthermore, you have the right to correction or deletion or to limitation of the processing, insofar as you are legally entitled to this.
Finally, you have the right to object to the processing within the scope of the legal requirements.
You also have a right to data transfer within the scope of data protection regulations.
Deletion of data
We delete personal data on principle when there is no need for further storage. A purpose can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of legal storage obligations, deletion is only possible after the expiry of the respective storage obligation.
Right to lodge a complaint with a supervisory authority
You have the right to complain to a supervisory authority for data protection.