Updated: March 19th, 2019
Zoom Video Communications, Inc. (“Zoom”) is committed to protecting your privacy and ensuring you have a positive experience on our website and in using our products and services (collectively, "Products"). This policy covers the Zoom website zoom.us, mobile applications, and desktop clients and is applicable worldwide.
If you reside in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights with respect to your Personal Data, as further outlined below. These rights may include rights under the EU’s General Data Protection Regulation (“GDPR”), if you are a resident of the EU, United Kingdom, Lichtenstein, Norway or Iceland.
Collection of your Personal Data
We may collect, either as Controller or Processor, the following categories of Personal Data about you when you use or otherwise interact with our Service:
- Email address
- Home/work/mobile telephone number
- Postal or other physical address
- Credit/debit card information
- Facebook profile information (when you use Facebook to log-in to our Products or to create an account for our Products)
- IP addresses and other information collected passively, as further detailed in the “Passive Collection” section below
- Device identifiers, as further described in the “Mobile Application” section below
- Our servers automatically record certain information when you use the Service, including your IP address, operating system type and version, client version, IP addresses along the network path, and the MAC address of your internet connection (“Host Information”)
- We also automatically record information about your usage of the Service, including actions taken, date and time, frequency, duration, quantity, quality, network connectivity, and performance information related to logins, clicks, messages, contacts, content shared, calls, use of video and screen sharing, meetings, cloud recording, and other feature usage information (“Usage Information”)
- Other information you upload, provide, or create while using the Service ("User-Generated Information"), as further detailed in the “User Generated Information” section below
We collect and retain, generally as a Processor and in order to provide the Services, Personal Data and other information you upload, provide, or create while using the Service ("User-Generated Information"), including information related to:
- Meetings: Meeting title, invitation content, participants, meeting link, date, time and duration. We collect activity recorded in the meeting (such as joining or leaving), including activity related to third-party integrations, together with the date, time, person engaged in the activity, and other participants in the meeting with the date, time, duration, and quality ratings that you provide. We route audio and video call content and screen sharing content between call participants, but we do not retain or store the content unless cloud recording is used.
- Messages: Message content, sender and recipients, date, time, and read receipts. Content shared: Files and file names, sizes, and types
- Whiteboards: Whiteboard content, snapshots, and background images
- Status: Status information, for example about whether and when you are active, out of office, or have turned on Busy. You can choose whether or not to share status information with other users.
All messages and content you share in a meeting, including Personal Data about you or others, will be available to all other participants in that meeting.
If you share a meeting link with another user who is not already in the meeting, when that user tries to join the meeting he or she will be able to see the list of other users in the meeting, as well as other invitees joining the meeting.
Zoom and our third-party service providers automatically collect some information about you when you use our Products, using methods such as cookies and tracking technologies (further described below). Information automatically collected includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the website and/or Products.
In addition, when you use some of our Products, network information is transmitted back to us such as Product usage information. This information is transmitted back to us, so we can determine how users are interacting with our Products, to assist us with improving our Products, and to correct any problems that may occur.
When you download and use our Products, we automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID”). We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you can turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
Processing of your Personal Data
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as your user agreement with us that allows us to provide you with the Products) and our “legitimate interests” or the legitimate interest of others (e.g. our users),
We process Personal Data when you use our website, desktop client and mobile applications to use or sign-up to use our Service for purposes such as:
- Account configuration
- Account maintenance
- Enabling meetings and webinars between users and third-party participants
- Hosting and storing personal data from meetings and webinars (only to provide the Service)
- Personalizing, improving or operating our Service and business
- Fulfilling requests you make related to the Service
- Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity
- Providing reports based on information collected from use of our Service
- Processing your orders and deliver the Service that you have ordered
- Providing support and assistance for our Service
- Providing the ability to create personal profile areas and view protected content
- Providing the ability to contact you and provide you with shipping and billing information
- Providing customer feedback and support
- Complying with our contractual and legal obligations, resolving disputes with users, enforcing our agreements
We process Personal Data when you visit our website to:
- To keep you up to date on the latest Product announcements, software updates, software upgrades, system enhancements, special offers, and other information
- To provide customer feedback and support (zoom.us/support)
- To provide and administer opt-in contests, sweepstakes or other marketing or promotional activities on the Zoom.us or affiliate websites
- Providing you with information and offers from us or third parties
- To the extent you choose to participate, to conduct questionnaires and surveys in order to provide better products and services to our customers and end users
- To support recruitment inquiries (zoom.us/careers)
- To personalize marketing communications and website content based on your preferences, such as in response to your request for specific information on products and services that may be of interest
- To contact individuals that you refer to us and identify you as the source of the referral, in accordance with the “Referral” section below
If you choose to use our referral service to tell a friend about our products, you represent that you have their consent to provide us your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the website. Unless we are authorized by your friend, we will only use your friend’s name and email address for the purposes of sending this one-time email and maintaining an activity log of our referral program.
You can choose whether to provide Personal Data to Zoom, but note that you may be unable to access certain options, offers, and services if they require Personal Data that you have not provided. You can sign-up, and therefore consent, to receive email or newsletter communications from us. If you would like to discontinue receiving these communications, you can update your preferences by using the “Unsubscribe” link found in such emails or by contacting us using the information in the “Contact Us” section of this policy.
Data Subject Rights
You have certain rights with respect to your Personal Data as set forth below. Please note that in some circumstances, we may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.
To make any of the following requests, contact us using the contact details referred to in the “Contact Us” section of this policy.
- Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
- Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
- Erasure: You can request that we erase some or all of your Personal Data from our systems. Data subjects who want their data deleted can do so by deactivating their account. Deactivation will delete all account usage and related information. If you are not a Zoom customer and would like your data deleted, please contact the data Controller directly about deleting information.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Products.
- Right to File Complaint: You have the right to lodge a complaint about Zoom’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please contact our Privacy Team at email@example.com.
How long we retain your Personal Data depends on the type of data and the purpose for which we process the data. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.
Cookies and Tracking Technologies
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Products do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Products and after you leave our properties.
We partner with third parties to either display advertising on our website or to manage our advertising on other sites. Some of our third-party partners use technologies such as cookies and other technologies to gather information about your activities on this website, our affiliates’ websites, and unaffiliated websites in order to provide you advertising based upon your browsing activities and interests. With respect to our interest-based ads, we adhere to self-regulatory principles for online behavioral advertising issued by the Digital Advertising Alliance (“DAA”) and the European Interactive Digital Advertising Alliance (“EDAA”) (collectively, the “OBA Principles”). More information about the OBA Principles can be found at https://digitaladvertisingalliance.org/principles and https://www.edaa.eu/european-principles/. If you wish to not have information about your online activities over time and across different websites used for the purpose of serving you interest-based ads, you can opt-out by clicking here and here (or if located in the EU click here). Please note that (1) this does not opt you out of being served ads, and even if you opt out of interest-based ads, you will continue to receive generic ads and (2) we store your opt-out preference for interest-based ads in a cookie on your device, and therefore you may have to opt out again if you delete your cookies.
We collect information about where you are located when you are using our Products. We use this information for purposes such as optimizing your connection to our data center, supporting compliance, and suggesting customizations to your experience with our Products (e.g. your language preference).
Sharing your Personal Data
We do not sell or rent your Personal Data to third parties for any purposes, including marketing.
We share Personal Data within Zoom and its affiliated companies, and with third party service providers for purposes of data processing or storage.
We also share Personal Data with business partners, service vendors and/or authorized third-party agents or contractors in order to provide requested Products or transactions, including processing orders, processing credit card transactions, hosting websites, hosting event and seminar registration and providing customer support. We provide these third parties with Personal to complete/utilize the requested Product or transaction.
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data as set forth in this policy. As required by law, we may respond to subpoenas, court orders, or similar legal process by disclosing your Personal Data and other related information, if necessary. We also may use Personal Data and other related information to establish or exercise our legal rights or defend against legal claims.
We collect and possibly share Personal Data and any other additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Zoom's terms of service, or as otherwise required by law.
Security of your Personal Data
Zoom is committed to protecting the Personal Data you share with us. We utilize a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use or disclosure. When we transfer credit card information over the Internet, we protect it using Transport Layer Security (TLS) encryption technology.
We recommend you take every precaution in protecting your Personal Data when you are on the Internet. For example, change your passwords often, use a combination of upper and lower-case letters, numbers, and symbols when creating passwords, and make sure you use a secure browser. If you have any questions about the security of your Personal Data, you can contact us at firstname.lastname@example.org.
Linked websites and third-party services
Our websites and services may provide links to other third-party websites and services which are outside our control and not covered by this policy. We encourage you to review the privacy policies posted on these (and all) sites you visit or services you use.
If you participate in a Zoom discussion forum or chat room, you should be aware that the information you provide there will be made broadly available to others, potentially inside or outside Zoom, who have access to that discussion forum or chat room. Also, please recognize that individual forums and chat rooms may have additional rules and conditions. Each participant's opinion on a forum or chat room is his or her own and should not be considered as reflecting the opinion of Zoom.
If you use a feature of the Products that allows for Recordings (defined below), we collect information from you that you provide in connection with such use and through such Recordings, to the extent you provide it to us. This information may include Personal Data, if you provide us with Personal Data.
For hosts -- By installing or using Zoom Rooms software or any other Zoom software, tool or feature that allows for meeting or Webinar recording (each, a “Recording”), you acknowledge and agree that you and your company are responsible for (i) clearly notifying all individuals (whether or not they are Zoom users) who are present in a meeting or Webinar (whether in-person or remotely) (each, an “Attendee”) for which you make a Recording that such meeting or Webinar might be recorded, and (ii) obtaining any consent necessary for such a recording as required by applicable laws, rules and regulations, including without limitation data privacy laws. By making a Recording of any meeting or Webinar using any Zoom Products, you and your company represent and warrant that (a) you have received legally sufficient consent from all Attendees for such recording prior to starting a Recording, (b) you will only make, use, store and otherwise process such Recording in accordance with all applicable laws, rules and regulations, including data protection laws and (c) you will store and otherwise restrict access to such Recordings using appropriate technical and organizational safeguards. Any person and/or entity who makes a Recording of a meeting or webinar shall be the data controller of that Recording, and Zoom will be the data processor with respect to the Recording.
For attendees – Please be advised that for any meetings or Webinars you attend, Recordings can be enabled by a meeting or webinar host. By signing up for Zoom’s services or otherwise using them in any way, including without limitation by attending any Zoom meeting or webinar, you expressly acknowledge that Zoom may, if instructed by a meeting host, make and store Recordings for Zoom meetings or webinars, and may make such recordings available to hosts and other Attendees at the direction of the host. A visual notification will be sent to Attendees who connect to a meeting or webinar via the Zoom web-based platform, and an audio notification will be sent to Attendees who dial-in by telephone only. A host may also send an audio notification to Attendees who are logged into the web platform, provided that you may not receive such notifications if you disable them in your account settings, so please check before each meeting or webinar if you want to receive the notifications. If you do not want to be recorded, you can choose to leave the meeting or webinar.
Transfer and Storage of Personal Data
Our Products are hosted and operated in the United States (“U.S.”) through Zoom and its service providers. We may transfer your Personal Data to the U.S., to any Zoom affiliate worldwide, or to third parties acting on our behalf for the purposes of processing or storage. By using any of our Products or providing any Personal Data for any of the purposes stated above, you consent to the transfer and storage of your Personal Data, whether provided by you or obtained through a third party, to the U.S. as set forth herein, including the hosting of such Personal Data on U.S. servers.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Zoom participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield. Zoom is committed to subjecting all Personal Data received from EU member countries, Switzerland, and the United Kingdom, in reliance on the Privacy Shield Frameworks, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List, https://www.privacyshield.gov/list.
Zoom is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Zoom complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, Switzerland, and the United Kingdom including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, Zoom is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Zoom may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you can invoke binding arbitration when other dispute resolution procedures have been exhausted.
Standard Contractual Clauses
In certain cases, Zoom will transfer Personal Data from the EU in accordance with the European Commission-approved Standard Contractual Clauses, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.
Zoom Video Communications, Inc.
Attention: Data Privacy Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113
If you reside in the EU, United Kingdom, Lichtenstein, Norway or Iceland, you can also contact our Data Protection Officer.
California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request the address above.