Data protection information for online meetings, telephone conferences and webinars via "Zoom"

Data protection and especially the security of your data are very important to us. Therefore, our data protection practice is in accordance with the EU Data Protection Regulation and the new version of the Federal Data Protection Act.

We would like to inform you below about the processing of personal data in connection with the use of "Zoom".


The data controller for data processing directly related to the conduct of "online meetings" is the
YXLON International GmbH
Managing Director Dr.-Ing. Thomas Wenzel
Essener Bogen 15
22419 Hamburg
Phone: +49 (0)40 527 29 - 0
Fax: +49 (0)40 527 29 - 170

Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, calling up the website is only necessary for the use of "Zoom" in order to download the software for the use of "Zoom".

You can also use "Zoom" if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the "Zoom" app.

If you do not want to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.

Our data protection officer

You can reach our internal data protection officer at
YXLON International GmbH
Data Protection Officer
Essener Bogen 15
22416 Hamburg
Phone: +49 (0)40 527 29 - 237

The data protection officer is of course available to answer any questions you may have.

Irrespective of this, the State Office for Data Protection is available to you as a supervisory authority.

What we process your data for / purpose of processing

We use the tool "Zoom" to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings"). "Zoom" is a service of Zoom Video Communications, Inc. which is based in the USA.

Legal basis for data processing

Insofar as personal data of employees of YXLON International GmbH are processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of "Zoom", Art. 6 (1) f) DSGVO is the legal basis for data processing. In these cases, our interest lies in the effective implementation of "online meetings".

Furthermore, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective conduct of "online meetings".

What data is processed?

When using "Zoom", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting".

The following personal data are subject to processing:

User details: First name, last name, e-mail address, profile picture (optional), department (optional)

Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.

Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" applications.

In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

Scope of the processing

We use "Zoom" to conduct "online meetings". If we want to record "online meetings", we will transparently inform you of this in advance and - insofar as required - ask for consent. The fact of the recording is also shown to you in the "Zoom" app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered as a user at "Zoom", then reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at "Zoom" for up to one month.

Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Recipients / passing on of data

Personal data processed in connection with participation in "online meetings" will generally not be passed on to third parties unless it is intended to be passed on. Please note that the content of online meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of "Zoom" necessarily receives knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with "Zoom".

Data processing outside the European Union

"Zoom" is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of "Zoom" that complies with the requirements of Art. 28 DSGVO. An appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.

Data protection rights as a data subject

In accordance with Article 15 of the EU Data Protection Regulation, you have the right to information about the personal data we have processed about you. In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification (Art.16 EU-DSGVO), deletion (Ar.17 EU-DSGVO) or restriction of processing (Art.18 EU-DSGVO), insofar as you are entitled to this by law.

In addition, you have a right of objection (Art. 21 EU-DSGVO) against the processing within the framework of the legal requirements.

Furthermore, the right to data portability (Art.20 EU-DSGVO) applies.
In addition, the restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to deletion.

Furthermore, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO).

Data deletion

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.

Right of appeal

You have the right to complain about our processing of personal data to a data protection supervisory authority.

Amendment of this data protection notice

We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

Status: January 8th, 2021