University of Hamburg - to research, to teach, to educate and form, to homepage
RRZ
RRZ

Photo: Allie Smith on Unsplash

Zoom

Privacy and Security of Zoom

This page contains information about the secure usage of zoom and about the user datathat gets processed by zoom.

2
true

In this article

    How secure are zoom video conferences?

    To prevent unauthorized users from participating in a video conference ("zoom bombing"), every conference must have a passcode set.

    Additionally, participants may be required to authenticate with the University of Hamburg. When logging in as a university member via SSO , only the user data required for athentication is processed.

    The connection between the zoom client and the zoom server is always encrypted.

    Who is responsible for the data processing?

    The University of Hamburg, represented by its President.

    Who can answer my questions about the privacy policy of zoom and the University of Hamburg?

    Please contact the Data protection officer of the University of Hamburg.

    For what purposes is user data being processed?

    User data is processed for the usage of zoom.

    What is the legal basis for the data processing?

    User data is processed according to the user's agreement.

    What kind of user data is being processed when participating in a zoom video conference?

    When participating without a user account, the following metadata about the conference is being processed:

    • Title
    • Description (optional)
    • IP adress
    • Informations about the user's device
    • Contents of the conference's instant messaging chat

    When participating with a university user account (not required by default), the following user data is also processed:

    • Given and last name(s)
    • University e-mail adress
    • B-ID
    • User group (Staff / Student)

    Neither the contents of the conference nor the contents of the conference's instant messaging chat are stored by the University of Hamburg.

    Minimizing processed data

    To reduce the amount of user data that has is sent to zoom, some settings are set for all zoom users of the University of Hamburg and can not be individually changed:

    • Participants of a video conference must activate their audio and video themselves. During webinars only hosts and panelists are permitted to do so.
    • Local recordng of conferences is disabled by default and can only be enabled by the host. Recordings are only permitted for webinars, not for regular meetings!
    • When starting, resuming or ending a recording, an audio notification is played for all participants. Additionally, during an active recording a visual notification is constantly being displayed to all participants.
    • Storage of recordings in the zoom cloud is disabled.
    • Remote control is disabled.
    • Meetings with no more than two participants are not included in the reports availabe to the Administrators.
    • Focus mode is disabled.
    • The feedback for the meeting quality is disabled.

    Who can access user data?

    The University of Hamburg cannot access any user accounts created by its students.

    All participants of a video conference can access the conference's contents (audio, video, chat). The provider has access to the user data according to the mandate given by the University of Hamburg.

    Where is my data transferred to?

    Zoom Video Communications, Inc., who run the video conference platform zoom, process the user data on behalf of the University of Hamburg. The data may only be used by zoom according to the mandate given by the university and for the purposes defined by the university.

    For how long is user data being stored?

    The University of Hamburg does not store any user data that is processed when using zoom. Vidoe conferences and instant messaging chats are not being recorded and are not being stored by the university or by the provider. Instant messaging chats are deleted once a conference ends.