Zoom & GDPR Compliance
A note before we begin: This is a blog. Written by a communications manager, not a lawyer. It is NOT intended as legal documentation or advice. Please see zoom.us/legal for our actual legal policies written by actual lawyers. Now on to the main event…
Respecting our users’ right to privacy has always been the Zoom way. We’ve never passed around or sold your personal data; we’ve never spammed you with a million emails, or mislead you as to how we treat your data. This was true even before GDPR compliance made the world sit up and take notice of privacy requirements.
What’s this GDPR, you say? The EU General Data Protection Regulation (GDPR) is a new set of EU data privacy regulations (enforceable on May 25, 2018). It creates a unified approach to protecting all EU residents’ data and its rules apply even to companies based outside of the EU, including Zoom.
- Control: We’ve updated our policy to better explain your choices and the control you have over information about you and your online activities. For example, you can request more information about the personal data we collect about you, request that we correct or erase certain of your personal data, or request that we stop processing your personal data in certain ways. Any customer has a right to make these requests from Zoom at any time.
- GDPR: We’ve included additional language to discuss rights for users located in the EU (some of which is covered in this blog post).
Customers in EU countries were asked via email to opt-in to future marketing communications from Zoom (such as product update announcements, demo invites, special offers, and so forth).
Increasing Transparency Around Cookies
Simplified Account Deletion Process
We’d love you to stay! But if you must go, we are making it easier to delete your account. Paying customers can sign into their account and find Cancel Subscription under the Billing tab. Free users can cancel their account by signing into their account, visiting Account Profile and clicking Terminate My Account.
Ensuring that Zoom Vendors Protect Data
Zoom has added an addendum to our contracts with vendors that may hold EU personal data to ensure that their policies and processes are up to the standards of GDPR.
Appointing a Data Protection Officer
In addition to our robust security and infrastructure teams, who are already protecting your data 24/7, we appointed a Data Protection Officer to comply with GDPR. This Officer can be reached at firstname.lastname@example.org.
Zoom participates in Privacy Shield, a program administered by the US Department of Commerce, which provides a framework to ensure adequate protections for the transfer of personal data from the EU to the US.
Data Processing Agreement (or Addendum)
Zoom provides a data processing agreement or addendum, which allows EU customers and data controllers to enter into standard contractual clauses to govern the processing and handling of EU personal data.
Zoom values our customers’ privacy, no matter where they are. It is our priority to get it right, every time, for every customer – yesterday, today, and tomorrow.