The protection of private information is fundamental to the trust Zoom users have given us when choosing our service. In order to be compliant with GDPR we have implemented the following updates to our platform and practices.
For EU member state customers, we have implemented “zero-load” cookies, which means that cookies will not be put onto a users browser until after preferences have been set. Users that are detected via IP address as coming from a EU member state, upon their first visit to the zoom.us website, will be presented with a cookie-pop up box that allows cookie preferences to be set. These cookie preferences can also be changed at any time in the future by visiting the cookie preferences link at the footer of any page on our website (only visible to visitors with EU IP addresses).
Opt-in to Communications:
EU users can opt-in to communications from Zoom when registering for Zoom-hosted webinars or downloading whitepapers from our website. Users in other jurisdictions can contact [email protected] to be unsubscribed from marketing emails.
Data Protection Officer
We have appointed a Data Protection Officer (DPO), Kari Zeni, who is an expert on GDPR compliance topics. She can be reached at [email protected].
Zoom has entered into Data Protection Agreements with our vendors (subprocessors) to ensure that the privacy and security of our customer data is protected. We provide a pre-signed DPA for Zoom customers. Zoom’s DPA has been thoroughly vetted to comply with all GDPR and other privacy and security-related requirements, has been drafted to clearly and accurately describe the manner in which Zoom consistently provides its service to all of its customers, and is consistent with the security program on which Zoom’s annual SOC2 (Type II) third-party audit is premised.
Employee Education and Training
In addition to the privacy training that all Zoom employees receive during on-boarding and annually thereafter, employees with roles that are customer facing (e.g. sales team) have been trained on GDPR and how it impacts their roles.
Data Subject Rights
GDPR empowers data subjects (aka our users) with certain rights to help assure the privacy and protection of their personal data. These rights include:
- The right to be informed
- The right of access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to object
- Rights on automated decision making/profiling