Data protection information for online courses via “Zoom”
We would like to inform you below about the processing of personal data in connection with the use of “Zoom” inform.
Please also note the data protection information of the provider “Zoom”:
I. Person responsible
Controller for data processing that is directly related to the implementation of “online meetings” is LifeChange.rocks by SANOVit , Markus Grimm, Heegbarg 16, 22391 Hamburg, Germany
Note: If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, accessing the website is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”.
You can also use “Zoom” if you enter the relevant meeting ID and any other access data for the meeting directly in the “Zoom” app.
If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
II Purpose of the processing
We use the “Zoom” tool to conduct online courses, video conferences and/or webinars (hereinafter: “online meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc. based in the USA.
III What data is processed?
Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or when participating in an “online meeting”.
The following personal data is processed:
User details: First name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional),
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in by telephone: Information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device are processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the “Zoom” applications.
To take part in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
IV. Scope of the processing
We use “Zoom” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and ask for your consent. The fact of the recording is also displayed in the “Zoom” app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up webinars.
If you are registered with “Zoom” as a user, reports on “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at “Zoom”.
The option of software-based “attention monitoring” (“attention tracking”) in “online meeting” tools such as “Zoom” is deactivated.
Automated decision-making within the meaning of Art. 22 GDPR is not used
V. Legal basis for data processing
The legal basis for data processing when conducting “online courses” with “zoom” is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as the meetings are held in the context of contractual relationships.
VI Recipients / disclosure of data
Personal data that is processed in connection with participation in “online meetings” is not passed on to third parties unless it is specifically intended to be passed on.
Data processing outside the European Union
“Zoom” is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider of “Zoom” that meets the requirements of Art. 28 GDPR.
An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured Zoom in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.
VII Rights of data subjects
You have the following rights with regard to the processing of your personal data:
You have the right:
- to request information about your personal data processed by us free of charge in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
- pursuant to Art. 7 para. 3 GDPR to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future and
- to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on grounds relating to your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
Please note that if you object to your personal data being passed on as part of a credit check, delivery on account is generally not (or no longer) possible (see section IV.4. above).
If you would like to exercise your right of revocation or objection, simply send an e-mail to
VIII. Data security
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this involves 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
can be retrieved and printed by you.