Official Statement: EU GDPR Compliance Follow

The protection of private information is fundamental to the trust Zoom users have given us when choosing our service. In order to be compliant with GDPR we have implemented the following updates to our platform and practices.

Platform

Zoom’s products now feature an explicit consent mechanism for EU users. Existing or new users coming from IP address detected from EU when signing into the Zoom desktop or mobile application, or joining a meeting without being signed in, across any platform (Mac, Windows, Linux, iOS, Android, Web, ChromeOS) will be presented with a one-time privacy policy update. Consent to the updated Privacy Policy and Terms of Service are stored for compliance purposes. Audio notifications can be enabled for users who are joining a meeting that is being recorded, via the telephone. Visual recording indicators are also present.

Website

Cookies:

For EU member state customers, we have implemented “zero-load” cookies, which means that cookies will not be put onto a users browser until after preferences have been set. Users that are detected via IP address as coming from a EU member state, upon their first visit to the zoom.us website, will be presented with a cookie-pop up box that allows cookie preferences to be set. These cookie preferences can also be changed at any time in the future by visiting the cookie preferences link at the footer of any page on our website (only visible to visitors with EU IP addresses).

Links to Privacy Policy:

For easy accessibility we have updated our website to include links to our Privacy Policy at places where personal data is collected.

Opt-in to Communications:

EU users can opt-in to communications from Zoom when registering for Zoom-hosted webinars or downloading whitepapers from our website. Users in other jurisdictions can contact privacy@zoom.us to be unsubscribed from marketing emails.

Data Protection Officer

We have appointed a Data Protection Officer (DPO), Kari Zeni, who is an expert on GDPR compliance topics. She can be reached at privacy@zoom.us.

Policies

Zoom has entered into Data Protection Agreements with our vendors (subprocessors) to ensure that the privacy and security of our customer data is protected. We provide a pre-signed DPA for Zoom customers. Zoom’s DPA has been thoroughly vetted to comply with all GDPR and other privacy and security-related requirements, has been drafted to clearly and accurately describe the manner in which Zoom consistently provides its service to all of its customers, and is consistent with the security program on which Zoom’s annual SOC2 (Type II) third-party audit is premised.

We have also updated our Privacy Policy to be more transparent and have developed a cookie policy that describes the purpose of the cookies that Zoom uses.

Employee Education and Training

In addition to the privacy training that all Zoom employees receive during on-boarding and annually thereafter, employees with roles that are customer facing (e.g. sales team) have been trained on GDPR and how it impacts their roles.

Data Subject Rights

GDPR empowers data subjects (aka our users) with certain rights to help assure the privacy and protection of their personal data. These rights include:

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right to erasure
  • The right to restrict processing
  • The right to object
  • Rights on automated decision making/profiling

For more information about these rights, please visit our privacy policy. To exercise these rights, please email privacy@zoom.us.

Was this article helpful?
Have more questions? Submit a request