March 18, 2020
Zoom Video Communications, Inc. and its subsidiaries (collectively, “Zoom”) are committed to protecting your privacy and ensuring you have a positive experience on our websites and when you use our products and services (collectively, “Products”).
Collection of your Personal Data
Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products. We may gather the following categories of Personal Data about you:
- Information commonly used to identify you, such as your name, user name, physical address, email address, phone numbers, and other similar identifiers
- Information about your job, such as your title and employer
- Credit/debit card or other payment information
- Facebook profile information (when you use Facebook to log-in to our Products or to create an account for our Products)
- General information about your product and service preferences
- Information about your device, network, and internet connection, such as your IP address(es), MAC address, other device ID (UDID), device type, operating system type and version, and client version
- Information about your usage of or other interaction with our Products (“Usage Information”)
- Other information you upload, provide, or create while using the service ("Customer Content"), as further detailed in the “Customer Content” section below
We collect this data to provide you with the best experience with our Products. Mostly, we gather Personal Data directly from you, directly from your devices, or directly from someone who communicates with you using Zoom services, such as a meeting host, participant, or caller. Some of our collection happens on an automated basis – that is, it’s automatically collected when you interact with our Products. In certain instances, you can choose whether to provide Personal Data to Zoom, but note that you may be unable to access certain options and services if they require Personal Data that you have not provided. You can adjust certain settings to reduce the amount of Personal Data we automatically collect from you, such as by turning off optional cookies in your browser’s setting or by using our Cookie Preferences link at the bottom of the Zoom homepage.
We may also obtain information about you from a user who uses Zoom. For example, a user may input your contact information when you are invited to a Zoom meeting or call. Similarly, a Zoom meeting host may record a Zoom meeting and store the recording on our system. If a Zoom meeting host decides to record a meeting, that person is responsible for obtaining any necessary consent from you before recording a meeting.
We may also gather some Personal Data from third-party partners. Sometimes, other companies who help us deliver the service (our service providers) and may collect or have access to information on our behalf when you use our Products. We have agreements with our service providers to ensure that they do not use any of the information that they collect on our behalf for their own commercial purposes or for the commercial purposes of some other company or third party. We may also receive Personal Data that third parties collect in other contexts, which we use in order to better understand our users, advertise and market, and enhance our services.
More about Customer Content
Customer Content is information provided by the customer to Zoom through the usage of the service. Customer Content includes the content contained in cloud recordings, and instant messages, files, whiteboards, and shared while using the service. Customer Content does not refer to data generated by Zoom’s network and systems (i.e., data that Zoom creates because the customer is using the system (e.g., meeting routing information and other meeting metadata).
Zoom, our third-party service providers, and advertising partners (e.g., Google Ads and Google Analytics) automatically collect some information about you when you use our Products, using methods such as cookies and tracking technologies (further described below). Information automatically collected includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referrer URL, exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We use this information to offer and improve our services, trouble shoot, and to improve our marketing efforts.
More about our referral program
You may choose to use our referral service to tell others about our products, which will require you to provide us with their name and email address. We rely on you to obtain the intended recipient’s consent to be contacted. We will automatically send a one-time email inviting them to visit the website. Unless we are authorized to communicate further, we will only use that person’s name and email address for the purposes of sending this one-time email and maintaining an activity log of our referral program.
More about meeting recordings
If you participate in a Recorded Meeting or you subscribe to Zoom cloud recording services, we collect information from you in connection with and through such Recordings. This information may include Personal Data. Meeting hosts are responsible for notifying you if they are recording a meeting, and you will generally hear a notice or see an on-screen notification when recording is in progress.
How we use and disclose Personal Data
We process your Personal Data (i) with your consent (where necessary), (ii) for the performance of any contract you have with us (such as your agreement with us that allows us to provide you with the Products), and (iii) for other legitimate interests and business purposes including in a manner reasonably proportionate to:
- Providing, running, personalizing, improving, operating, maintaining our Products.
We may use all of the types of Personal Data that we collect for:
- Account configuration
- Account maintenance
- Enabling meetings and webinars between users and third-party participants
- Hosting and storing personal data from meetings and webinars on behalf and at the direction of the meeting host
- Fulfilling requests you make related to the service
- Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity
- Providing reports to users based on information collected from use of our service
- Processing your orders and delivering the Products that you have ordered
- Providing support and assistance for our Products
- Providing the ability to create personal profile areas and view protected content
- Providing the ability to contact you and provide you with shipping and billing information
- Providing customer feedback and support
- Complying with our contractual and legal obligations, resolving disputes with users, enforcing our agreements
Some of this information may be shared with other meeting participants. For example, all messages and content you share in a meeting, including Personal Data about you or others, will be available to all other participants in that meeting (unless you elect to chat with a subset of meeting participants). If you share a meeting link with another user who is not already in the meeting, when that user tries to join the meeting he or she will be able to see the list of other users in the meeting, as well as other invitees joining the meeting.
- Facilitating your use of Product features.
Your use of certain product features will result in the sharing or publication of some of your Personal Data. For example, if you participate in a Zoom discussion forum or chat room, you should be aware that the information you provide there will be made broadly available to others, who have access to that discussion forum or chat room.
- Following the instructions of our users.
Much of the Personal Data we collect, we collect on behalf of our customers. (More specifically, for purposes of GDPR and CCPA, we are the “Processor” of that Personal Data, acting as a service provider on behalf and at the direction of our customer, and our customer is the “Controller” or decisionmaker.) For example, the customer may determine when meetings can be recorded, how long they are kept, and the like.
We are typically required to follow a customer’s instructions related to Personal Data we have collected on behalf of that customer. On a customer’s instructions, we may provide reports containing Personal Data relating to the customer’s account.
- Keeping you up to date on the latest Product announcements, software updates, software upgrades, system enhancements, special offers, and other information. Read more
We may use identifiers, employment information, payment information, Facebook profile information, technical information, demographic information, usage information, and user-generated information:
- To provide customer feedback and support (zoom.us/support)
- To provide and administer opt-in contests, sweepstakes or other marketing or promotional activities on the Zoom.us or affiliate websites
- Providing you with information and offers from us or third parties
- To the extent you choose to participate, to conduct questionnaires and surveys in order to provide better products and services to our customers and end users
- To support recruitment inquiries (zoom.us/careers)
- To personalize marketing communications and website content based on your preferences, such as in response to your request for specific information on products and services that may be of interest
- To contact individuals that you refer to us and identify you as the source of the referral, in accordance with the “Referral” section below
You can sign-up, and therefore consent, to receive email or newsletter communications from us. If you would like to discontinue receiving these communications, you can update your preferences by using the “Unsubscribe” link found in such emails or by emailing email@example.com.
We send you push notifications from time to time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you can turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
- Comply with our legal obligations or the legal obligations of our customers.
This includes responding to a legally binding demand for information, such as a warrant issued by a law enforcement entity of competent jurisdiction, or as reasonably necessary to preserve Zoom’s legal rights.
- A word about location data.
As discussed above, we may collect information about your broad geographic location (city-level location) when you are using our Products or have them installed on your device. We use this information for service-related purposes (such as optimizing your connection to our data center), supporting compliance (such as by telling us where you’re located, which can determine what laws or regulations apply to you), and suggesting customizations to your experience with our Products (e.g. your language preference). We do not “track” you using location data and we only use this information in connection with providing the best experience with the Products to you.
- What role do service providers play?
Note that we may use third-party service providers and our affiliated entities to help us do any of the things discussed here, and they may have access to Personal Data related to the specific activity they are doing for us in the process. We forbid our service providers from selling Personal Data they receive from us or on our behalf, and require them to only use Personal Data in order to perform the services we have asked of them, unless otherwise required by law.
Does Zoom sell Personal Data?
We do not allow marketing companies, advertisers, or anyone else to access Personal Data in exchange for payment. Except as described above, we do not allow any third parties access to any Personal Data we collect in the course of providing services to users. We do not allow third parties to use any Personal Data obtained from us for their own purposes, unless it is with your consent (e.g. when you download an app from the Marketplace). So in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood.
That said, Zoom does use certain standard advertising tools which require Personal Data (think, for example, Google Ads and Google Analytics). We use these tools to help us improve your advertising experience (such as serving advertisements on our behalf across the Internet, serving personalized ads on our website, and providing analytics services). Sharing Personal Data with the third-party provider while using these tools may fall within the extremely broad definition of the “sale” of Personal Data under certain state laws because those companies might use Personal Data for their own business purposes, as well as Zoom’s purposes. For example, Google may use this data to improve its advertising services for all companies who use their services. (It is important to note advertising programs have historically operated in this manner. It is only with the recent developments in data privacy laws that such activities fall within the definition of a “sale”). If you opt out of “sale” of your info, your Personal Data that may have been used for these activities will no longer be shared with third parties.
Data Subject Rights
We do our best to give you reasonable controls over the Personal Data we process about you as set forth below. Depending on where you reside, you may be entitled to certain legal rights with respect to your Personal Data.
Here are the types of requests you may make related to Personal Data about you, subject to applicable laws, rules, or regulations:
- Access:You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data. If you are a California resident, you can request information about both the categories and specific pieces of data we have collected about you in the previous twelve months, the reason we collected it, the category of entities with whom we have shared your data and the reason for any disclosure.
- Rectification:If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
- Objection:You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
- Opt Out of “Sales”: You can ask us to opt you out of certain advertising practices related to your Personal Data by clicking on the “Do Not ‘Sell’ My Personal Information” link. You can also use an authorized agent to submit a request to opt-out on your behalf if you provide the agent written permission to do so. We may require the agent to submit proof that you have authorized them to submit an opt-out request.
Zoom does not exchange your Personal Data with third parties for payment, even if you do not opt-out of the “sale” of information. If you opt-out, we will adjust your preferences accordingly.
- Erasure:You can request that we erase some or all of your Personal Data from our systems.
- Restriction of Processing:You can ask us to restrict further processing of your Personal Data.
- Portability:You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
- Withdrawal of Consent:If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you may have the right to withdraw your consent at any time.
- Right to File Complaint:You have the right to lodge a complaint about Zoom’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters including a Zoom user’s rights to data contained in their account, we cannot verify your identity, or it involves disproportionate cost or effort. But in any event, we will respond to your request within a reasonable timeframe and provide you an explanation.
In order to make such a request of us, please contact our Privacy Team at firstname.lastname@example.org or by writing to the following address:
Zoom Video Communications, Inc.
Attention: Data Privacy Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113
If you have a password protected Zoom account, we will use your account information to verify your identity. If not, we will ask you to provide additional information needed to verify your identity. The type and amount of information we request will depend on the nature of your request, the sensitivity of the relevant information, and the risk of harm from unauthorized disclosure or deletion. If you are a California resident and would like to designate an authorized agent to exercise any of your rights, please contact email@example.com.
- Residents of the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland.
If you reside in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have legal rights with respect to your Personal Data, including those set forth under the EU’s General Data Protection Regulation (“GDPR”).
- Residents of the state of California.
If you reside in California, you may have legal rights with respect to your Personal Data, including those set forth under the California Consumer Privacy Act (“CCPA”). Zoom is prohibited from discriminating against California consumers that choose to exercise their privacy-related rights under the CCPA.
How long we retain your Personal Data depends on the type of data and the purpose for which we process the data. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required by law.
Security of your Personal Data
Zoom is committed to protecting the Personal Data you share with us. We utilize a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use, or disclosure. When we transfer credit card information over the Internet, we protect it using Transport Layer Security (TLS) encryption technology.
We recommend you take every precaution in protecting your Personal Data when you are on the Internet. For example, change your passwords often, use a combination of upper and lower-case letters, numbers, and symbols when creating passwords, and make sure you use a secure browser. If you have any questions about the security of your Personal Data, you can contact us at firstname.lastname@example.org.
Linked Websites and Third-Party services
Our websites and services may provide links to other third-party websites and services which are outside our control and not covered by this policy. We encourage you to review the privacy policies posted on these (and all) sites you visit or services you use.
Transfer and Storage of Personal Data
Our Products are generally hosted and operated in the United States (“U.S.”) through Zoom and its service providers, though data may be collected from wherever our users are located. We may transfer your Personal Data to the U.S., to any Zoom affiliate worldwide, or to third parties acting on our behalf for the purposes of processing or storage. Where local law requires, we may store data locally in order to comply with global regulations. By using any of our Products or providing any Personal Data for any of the purposes stated above, you consent to the transfer and storage of your Personal Data, whether provided by you or obtained through a third party, to the U.S. as set forth herein, including the hosting of such Personal Data on U.S. servers.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Zoom Video Communication, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield. Zoom is committed to subjecting all Personal Data received from EU member countries, Switzerland, and the United Kingdom, in reliance on the Privacy Shield Frameworks, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List, https://www.privacyshield.gov/list.
Zoom is responsible for the processing of Personal Data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Zoom complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, Switzerland, and the United Kingdom including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, Zoom is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Zoom may be required to disclose Personal Data in response to valid and lawful requests by public authorities or pursuant to requests from law enforcement.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you can invoke binding arbitration when other dispute resolution procedures have been exhausted.
Standard Contractual Clauses
In certain cases, Zoom will transfer Personal Data from the EU in accordance with the European Commission-approved Standard Contractual Clauses, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.
Zoom Video Communications, Inc.
Attention: Data Privacy Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113
If you reside in the EU, United Kingdom, Lichtenstein, Norway or Iceland, you can also contact our Data Protection Officer.