Zoom for Government Privacy Statement
Last updated: September 27, 2024
At Zoom, we want everyone who uses our products and services to have the best possible experience. To us, that means your personal data is not being used in ways that are unexpected or objectionable, and that you are getting a clear explanation of what is happening and why.
This Privacy Statement describes how we process personal data as it relates to Zoom for Government products or services. We want every end user and account administrator to be able to read it and understand what happens to their personal data when they use Zoom for Government.
More Information. By “personal data,” we mean information that relates to an identifiable individual. It can be identifiers like a name or email address, or information easily linked to such identifiers. By “process,” we mean anything that can be done with personal data, including collecting, storing, using, sharing, or destroying.
This Privacy Statement applies to all products and services offered as part of Zoom for Government, including but not limited to Meetings, Webinars, Events, Chat, Phone, Zoom Rooms, Zoom Events, and Zoom Whiteboard. A separate Privacy Statement (see here [link]) applies to Zoom products and services that are not part of Zoom for Government.
- What Personal Data We Receive
- How We Use Personal Data
- Why and With Whom We Share Personal Data
- Who Can Access What Personal Data
- How Long We Keep Personal Data
- How End Users Can Exercise Their Rights
- Information Specific to Europe
- Information Specific to California and Other U.S. States
- Changes to this Privacy Statement
What Personal Data We Receive
Directly from end users. We receive data that end users generate in meetings, webinars, events, chat, and other Zoom for Government services. This data is what we call Customer Content, and it may include audio, video, messages, files, whiteboard materials, responses to poll questions, and any other information that end users choose to share with other end users. Zoom employees do not access or use Customer Content without the host account’s authorization, or as required for legal, safety, or security reasons.
We also receive data that end users provide in order to use Zoom for Government services. This data includes Profile and Participant Information, which is information associated with the end user’s Zoom for Government profile such as name, picture, email address, and phone number; Contact Information, which is information end users add to create contact lists or process referral invitations; and Registration Information, which is information end users provide when registering for a meeting, webinar, event, Zoom Room, or recording, and which may include information requested by the host.
Finally, we receive data from end users when they communicate directly with Zoom, for example through support questions, virtual chats, user feedback, and similar inquiries.
More Information - What Personal Data We Receive Directly from End Users. Customer Content may include–in addition to audio, video, messages, files, whiteboard materials, and responses to poll questions–other information end users choose to share, including: transcriptions, transcript edits and recommendations, responses to account-owner / host-sponsored post-meeting or webinar feedback requests, responses to polls and Q&A, and files. Customer Content may also include related context, such as invitation details, meeting or chat names, and meeting agenda. Customer Content may include an end user’s voice or image depending on the account owner’s settings, the end user’s settings, what the end user chooses to share, and what the end user does on Zoom for Government products and services. As stated above, Zoom employees do not access or use Customer Content without the host account’s authorization, or as required for legal, safety, or security reasons.
Profile and Participant Information may include–in addition to an end user’s name, picture, email address, and phone number–other information about the end user, including: display name, job information, stated locale, user ID, and any other information about the end user provided by the end user or the account owner.
Contact Information may also include information an end user integrates from a third-party app.
Registration Information may also include name and contact information, and responses to registration questions.
Directly from the account owner. We receive data that relates to Zoom for Government accounts, such as the administrator’s name and contact information, the account ID, billing and transaction information, and account plan information. Account owners may also provide Profile and Participant Information and Contact Information for particular end users.
Automatically from end users. We receive data automatically through use of Zoom for Government. This data includes “Settings” for the account and for end-user profiles; “Device Information,” such as PC names, MAC addresses, IP addresses, and other details about end-user physical devices; and “Usage Information” that shows how end users and devices interact with Zoom for Government, including the website.
This data also includes “Content from Third-Party Integrations,” which is email and calendar content from third-party services when end users access those services through the Zoom client.
More Information - What Personal Data We Receive Automatically from End Users. Settings may include audio and video settings, recording file locations, screen sharing settings, and other settings and configuration information.
Device Information may include–in addition to PC names, MAC addresses, and IP addresses (which may be used to infer general location at a city or country level)–other details about end-user physical devices, including: information about speakers, microphone, camera, OS version, hard disk ID, device attributes like operating system or battery level, wifi information, Bluetooth signals, and other device information.
Usage Information shows how end users and devices interact with Zoom for Government services including meetings, webinars, events, messaging, collaborative features, and the website. This information includes: when end users join and leave a meeting; whether participants sent messages; whom participants message; performance data; mouse movements; clicks, keystrokes, or actions (such as mute/unmute or video on/off); edits to transcript text where authorized by the account owner; which third-party apps are added to a meeting or other product or service; what information and actions a third-party app is authorized to access and perform; use of third-party apps and the Zoom for Government App Marketplace; features used such as screen sharing, emojis, or filters; other inputs that help Zoom understand feature usage, improve product design, and suggest features; and other usage information and metrics.
Content from Third-Party Integrations means email and calendar content from third-party services, to the extent that users have integrated those services with their Zoom client. Zoom may collect or process Customer Content and email information, including email content, headers, and metadata, from third-party email services when account owners and/or their licensed users integrate such services with products and services offered or powered by Zoom, such as business analytics tools.
Zoom does not allow children under the age of 16 to create accounts. For educational organizations that use Zoom for Government products and services to provide educational services to children under 18, Zoom’s Children’s Educational Privacy Statement is available here.
From partners. We may obtain information about account owners and their end users from third-party companies such as market data enrichment services, including information about an account owner’s company size or industry, contact information, or activity of certain enterprise domains.
How We Use Personal Data
We use personal data to provide Zoom Products and Services. That means we use data to provide meetings, webinars, events, messages, and other Zoom for Government services. It also means we use data to customize our products, services, and recommendations; identify the products and services that are available in a location; route invitations and messages; provide customer support; and manage account relationships and contracts.
More Information - How We Use Personal Data to Provide Zoom for Government Products and Services. We use personal data to Provide Zoom Products and Services to account owners, their licensed end users, and those they invite to join meetings, webinars, and events hosted on their accounts.
Products and services may include certain video features such as filters, studio effects avatars, and gestures. These video features use information about the user’s movements or the positioning of the user’s face or hands. Such information does not leave the user’s device, is not retained, cannot be used to identify the user, and is only used to generate the selected effects.
Products and services may also include certain audio features such as transcription generation for recordings. These features may apply technology that analyzes the meeting’s audio recording to distinguish one speaker from another in order to create an accurate transcript. The audio analysis is not retained after the transcript is generated.
Products and services may also include, at the user’s discretion, personalized audio isolation. This feature uses a meeting audio clip to create an Audio Signature on the user’s device, which it then uses to isolate the user’s voice and to suppress background noise. Zoom does not receive or retain the clip or Audio Signature, which stays on the user’s device and is only used for noise suppression, and which can be deleted from the device through settings.
Products and services may also include, if enabled by the account owner, intelligent features such as Zoom AI or other tools to recommend chat, email, or other content. These tools may use artificial intelligence, machine learning, or other technology to process Customer Content solely to provide the intelligent features.
Provide Zoom Products and Services also means using personal data: (1) to customize our products and services and recommendations for user accounts; (2) to determine what products and services are available in a user’s location; (3) to route invitations or messages to recipients when they are sent or received using our products or services; (4) for customer support, which may include accessing–at the direction of the account owner or licensed end users–audio, video, files, messages, and other content or context; and (5) to manage our relationships and contracts with account owners and others, including billing, compliance with contractual obligations, and related administration.
We also use personal data for Product Research and Development, if authorized by applicable settings; to Communicate with Users about our products and services; for Authentication, Integrity, Security, and Safety to secure our products and services; and for Legal Reasons, including to comply with applicable laws and respond to requests from law enforcement, government agencies, or civil litigation. If you provide your contact information to Zoom in a context other than your use of Zoom for Government (for example, by signing up for a Zoom promotion or registering for a webinar conducted by Zoom marketing), we may use that information for marketing purposes.
We do not use any user audio, video, chat, screen-sharing, attachments, or other communications-like Customer Content (such as poll results, whiteboards, and reactions) to train Zoom’s artificial intelligence models or any third-party artificial intelligence models.
More Information - How We Use Personal Data for Other Purposes. Where authorized by applicable settings, we may use personal data (that is not Customer Content*) for Product Research and Development. This means we use such information to develop, test, improve, and troubleshoot our products and services.
We also use personal data to Communicate with Users. We use contact information to communicate with users about our products and services, including product updates, their accounts, and changes to our policies and terms. We also use this information to respond to users when they contact us.
We also use personal data for Authentication, Integrity, Security, and Safety. This includes authenticating accounts and activity; detecting, investigating, and preventing malicious conduct, fraudulent activity, or unsafe experiences; addressing security threats; protecting public safety, and securing our products and services. We use advanced tools to automatically scan certain types of content such as virtual backgrounds, profile images, and files uploaded or exchanged through chat, for the purpose of detecting and preventing violations of our terms or policies and illegal or other harmful activity.
We also use personal data for Legal Reasons. This means we use it to comply with applicable law or to respond to valid legal process, including from law enforcement or government agencies; to investigate or participate in civil discovery, litigation, or other adversarial legal proceedings; to protect us, our users, and other individuals from fraudulent, malicious, deceptive, abusive, or unlawful activities; and to enforce or investigate potential violations of our Terms of Service or policies.
*Zoom employees do not access or use Customer Content including meeting, webinar, event, messaging, or email content (specifically, audio, video, files, in-meeting whiteboards, messaging, or email contents), or any content generated or shared as part of other collaborative features (such as out-of-meeting whiteboards), unless authorized by the owner or administrator of the account hosting the Zoom for Government product or service where the Customer Content was generated, or as required for legal, safety, or security reasons.
Why and With Whom We Share Personal Data
We do not sell Zoom for Government personal data to third parties, and we only share personal data with third parties to the extent necessary to provide Zoom for Government products and services.
We share personal data to provide our products and services, including with vendors who provide technical infrastructure and business services. We require these third-party service providers to protect this data, and prohibit them from using the data for any purpose other than for providing their services or as required by law. Where necessary to provide products and services, we also share data with our corporate affiliates (such as Zoom Voice Communications, Inc.) and third-party developers.
We also share personal data for legal purposes, such as in response to requests from law enforcement or government agencies, or to resolve disputes and enforce agreements. We may also share personal data during negotiations for any sale, merger, acquisition, restructuring, or change of control involving all or a portion of our assets, including a bankruptcy or similar proceeding.
More Information - Why and With Whom We Share Personal Data. We work with third-party service providers to provide, support, and improve our products, services, and technical infrastructure. These vendors can access personal data subject to contractual and technical requirements for protecting such data and prohibiting them from using such data for any purpose other than to provide services to us or as required by law. We may also integrate third-party technology to process information such as face or hand dimensions and gestures to provide video effects. This information is stored on users’ devices and is neither received nor stored by us or the third party.
We also share personal data with corporate affiliates, such as Zoom Voice Communications, Inc., to provide integrated and consistent experiences across Zoom for Government products and services (such as enabling an account owner or their users to integrate a Zoom Phone call into a meeting), and to detect, investigate, and prevent fraud, abuse, and threats to public safety.
When account owners or their users add third-party apps or integrations from the Zoom for Government App Marketplace, we may share personal data with the developer so that it can provide the app or integration.
We may share personal data for legal reasons as needed, to: (1) comply with applicable law or respond to, investigate, or participate in valid legal process and proceedings, including from law enforcement or government agencies; (2) enforce or investigate potential violations of our Terms of Service or policies; (3) detect, prevent, or investigate potential fraud, abuse, or safety and security concerns, including threats to the public; (4) meet our corporate and social responsibility commitments; (5) protect our and our customers’ rights and property; and (6) resolve disputes and enforce agreements.
We may share personal data with actual or prospective acquirers, their representatives, and other relevant participants in, or during negotiations of, any sale, merger, acquisition, restructuring, or change in control involving all or a portion of our business or assets, including in connection with bankruptcy or similar proceedings.
We may also share personal data with third-party analytics providers to provide statistics and analytics about how people use our products and services, including our website.
Who Can Access What Personal Data
Other End Users. Other end users and participants have access to the personal data that is needed to provide our products and services. For example, everyone in a meeting has access to everyone else’s display names, profile pictures, and presence statuses, as well as any Customer Content shared with the whole meeting. Meeting participants also see the use of any apps or third-party integrations that receive Customer Content (including audio and video). Depending on the account settings, meeting participants might be able to record, save, and share the meeting’s Customer Content. Meeting hosts also have access to end-user responses to Q&As and polls presented during meetings. In a webinar, all panelists and attendees have access to any Customer Content shared with the whole meeting.
More Information - Who Can Access What Personal Data - Other End Users. Meeting hosts, participants, and invitees may be able to see information about users, including email addresses, display names, profile pictures, and presence statuses, and in Zoom meetings. Meeting hosts, participants, and invitees can also see and (depending on the account owner’s settings) record, save, and share meeting content, audio transcripts, messages sent to Everyone, messages sent to meeting group chats (where enabled, and whether sent in Team Chat or in-meeting), or messages sent to them directly, and files, whiteboards, or other information shared with them (including during a meeting, or through a dedicated meeting group chat). Meeting hosts may also share chat transcripts to Zoom Team Chat, depending on their account owner’s settings. Meeting hosts can also see responses to Q&A and polls generated during the meeting.
Only panelists may be visible to attendees during a webinar, but attendees who agree to unmute can be heard by other attendees. If an attendee agrees to become a panelist during a webinar, they may be visible to other attendees, depending on settings. Panelists and attendees may be able to see the name of a participant who asks a question during a Q&A, along with their question, unless the participant submits the question anonymously.
Those with access to a user’s device and login credentials may be able to see, save and share email and calendar contents on that device. Recipients of Zoom Team Chats can see messages, reactions, emojis, and related content, including emails from third-party services integrated in the Zoom client, that a user or a third party choose to share to Zoom Team Chat, and in-meeting messages that participants send that are synced with Zoom Team Chat through dedicated meeting group chats. Depending on the account owner’s settings, Zoom Team Chat recipients may record, save, or share a sender’s messages.
Accounts Owners. Account owners and their administrators generally have access to all personal data generated by end users on their accounts. This data includes Account Usage, Registration Information, and Customer Content (with exceptions depending on account settings). They also have access to any Customer Content generated in meetings hosted by their accounts.
More Information - Who Can Access What Personal Data - Account Owners. The account owner is the organization or individual that signs up for a Zoom for Government account. An account owner will typically designate one or more people (“administrators”) to manage their account and can grant privileges to users on the account. Depending on their license with Zoom, the account owner can authorize additional users on their account, and the account owner can create and/or access the profile information for all users on their account. The account owner and their users can invite others (including guests not on their account and unlicensed participants) to meetings, webinars, or events hosted on their account.
We give account owners and their administrators controls and features that they can use to determine whether certain types of content, such as recordings or Zoom Team Chat messages, can be created or sent, and what third-party apps can be used, for meetings, webinars, and events hosted on their account. Depending on their settings, account owners and the users they designate can access personal data for participants who join meetings, webinars, and events on their account or send messages to users on their account. Account owners may also be able to determine what information we can access and see.
Account owners and their administrators have access to Account Usage information. This is information about how users and their devices interact with their account, which may include who sent messages to their users in chat, email addresses, IP addresses, device information, and other information about who joined meetings, webinars, or events on their account. It may also include whether their users viewed or downloaded a recording, how long participants participated in their meetings, the time a message was sent, information about Zoom Phone integrations, and other usage information and feedback metrics. Account Usage also includes Participant Lists for Zoom meetings, webinars, or chats, including participants’ names, display names, email addresses, phone numbers, and participant or user IDs.
Account owners and their administrators also have access to Registration Information, which is any information provided during the registration for a meeting, webinar, event, Zoom Room, or recording hosted by the account.
Account owners and their administrators also have access to Customer Content. Account owners can watch the content of recordings of meetings, webinars, and events hosted on their account. They can also view, share, and enable advanced features for transcripts of meeting audio. Account owners can also see information about who provided responses to their polls, Q&A, or post-meeting, webinar, or event feedback requests, including name and contact information, together with the responses or feedback, unless responses are submitted anonymously.
Depending on the account settings, account owners and their administrators may also be able to see information about who sent and received Zoom Team Chat messages, including synced in-meeting messages (e.g., from a dedicated meeting group chat that is synced with Zoom Team Chat), to users on their account, along with information about the message (for example, date and time, and number of members or participants). They may also be able to see sender and receiver information and other messaging data. Unless the account owner has enabled Advanced Chat Encryption, they may also be able to see the content of messages sent to and from users on their account (including from in-meeting chat where dedicated meeting group chats are enabled). They may also be able to see the content shared through collaborative features, including whiteboards, files, and images shared in Zoom Team Chat.
Depending on the account settings, account owners and their administrators may also be able to see sender and receiver information and the content of messages sent to or from a user on their account in a meeting or webinar, under the following circumstances: (1) messages sent to Everyone in a meeting that is recorded; (2) messages sent to the meeting group chat in a meeting when a dedicated meeting group chat that is synced with Zoom Team Chat is enabled); (3) messages sent to panelists in a webinar that is recorded; (4) messages sent in dedicated meeting group chats in Zoom Team Chat; and (5) direct messages if the account owner has enabled archiving.
If a participant in a meeting is subject to archiving, their account owner will have access to messages sent to Everyone in the meeting, as well as direct messages sent to that participant. If a participant who is a member of a dedicated meeting group chat is subject to archiving, the member’s account owner will have access to the meeting group chat messages, as well as direct messages sent to that member. If a guest in a meeting with a dedicated meeting group chat is subject to archiving, the guest’s account owner will have access to messages sent to the meeting group chat, as well as direct messages sent to that guest.
Third-Party Developers. Third-party developers have access to personal data when account owners authorize apps and integrations, and end users add this software to their Zoom for Government profiles. The personal data shared depends on the account settings, and becomes subject to the third-party developer’s terms and privacy policies, rather than Zoom’s. Meeting participants can see when another end user in a meeting is sharing audio or video with an app or integration.
More Information - Who Can Access What Personal Data - Third-Party Developers. Account owners and their administrators can choose to add apps and integrations developed by Zoom or third parties to their account and the Zoom for Government products they use, including through the Zoom for Government App Marketplace. They can also control whether their users can add and use specific apps and integrations, including in meetings, webinars, events, and chats hosted on their account. Depending on account and user settings, approved apps and integrations may have access to all personal data categories listed above, including account information, profile and contact information, registration information, participants list, settings, content, product usage, device information, and third-party emails. Where third-party developers integrate or embed Zoom meetings into their own websites or app experiences, personal data is subject to the third-party developer’s terms and privacy policies, rather than Zoom’s.
Livestreams. Anyone with access can watch the livestream of a meeting, webinar, or event that the host chooses to stream. Meeting participants can see when the host in a meeting is streaming.
Third-Party Resellers. Third-party resellers of our products and services may have access to personal data, including Customer Content, when account owners who license or purchase accounts from those resellers authorize such access.
How Long We Keep Personal Data
We keep personal data only as long as needed for the uses we describe above, unless we are required by law to keep it longer. How long we keep personal data depends on how long the account exists and whether the account owner modifies or deletes end user profiles. It also depends on our legal requirements and if there are any relevant potential legal disputes.
More Information - How Long We Keep Personal Data. Certain laws require us to keep records for a certain period of time before we can delete them. We may also keep personal data when it might be needed for legal disputes involving the enforcement of agreements, resolution of disputes, application of statutes of limitations, litigation, or regulatory investigation.
How End Users Can Exercise Their Rights
Users in the European Economic Area (EEA), Switzerland, or the United Kingdom, or in California or other U.S. states with applicable privacy laws, can refer to the dedicated sections below. Where requested by users who are not in any of those jurisdictions, we will: (1) inform them of any personal data about them that is under our control; (2) amend or correct such data, or direct the user to the applicable tools; and/or (3) delete such personal data, or direct the user to the applicable tools. Users should be aware that their personal data may not be under our control, and that they may have to contact the host account owner.
Users may exercise their rights to personal data controlled by Zoom by contacting us as described under Learn More. Where legally permitted, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others. Account owners and users under licensed accounts may visit their accounts and modify personal data directly.
More Information - How End Users Can Exercise Their Rights. Users may contact us with privacy-related questions or comments related to this Privacy Statement, and contact our Data Protection Officer, by sending an email to privacy@zoom.us, and specifically identifying themselves as Zoom for Government users. Users may also contact us by writing to the following address:
Zoom Video Communications, Inc.
Attention: Data Protection Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113
Users may also contact us by writing to our representatives in the EU at the following address:
Lionheart Squared (Europe) Limited
Attn: Data Privacy
2 Pembroke House
Upper Pembroke Street 28-32
Dublin
DO2 EK84
Republic of lreland
email: zoom@LionheartSquared.eu
Users may also contact us by writing to our representatives in the UK at the following address:
Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
Fordingbridge
Hampshire
SP6 1QX
United Kingdom
Contact: zoom@LionheartSquared.co.uk
Information Specific to Europe
Users in the European Economic Area (EEA), Switzerland, or the United Kingdom have specific rights as to personal data that we process as a controller, including: (1) the rights of access and/or portability; (2) the right to erasure; (3) the right to object to processing; (4) the right to rectification; and (5) the right to restrict processing. Users may exercise these rights by clicking here.
More Information - Information Specific to Europe - Data Subject Rights. The rights of access and/or portability provide that users have the right to access any personal data that we hold about them, and in some circumstances to have that data provided to them so they can provide or “port” that data to another provider.
The right of erasure provides that in certain circumstances, users have the right to the erasure of personal data that we hold about them (for example, if it is no longer necessary for the purposes for which it was originally collected).
The right to object to processing provides that in certain circumstances, users have the right to request that we stop processing their personal data and/or stop sending them marketing communications.
The right to rectification provides that users have the right to require us to correct any inaccurate or incomplete personal data.
The right to restrict processing provides that in certain circumstances, users have the right to request that we restrict processing of their personal data (for example, where they believe the personal data we hold about them is not accurate or lawfully held).
Users who have questions about our use of their personal data can send a request at the contact details specified in the How End Users Can Exercise Their Rights section of this Privacy Statement. We may request that such users provide us with additional information in order to confirm their identity and to ensure they are entitled to access the relevant personal data. Users also have the right to lodge complaints with data protection authorities. Users who want more information should contact their local data protection authority.
We only process personal data in a manner that is lawful, transparent, and fair. When we process personal data as a controller, the legal basis for processing will depend on the data involved and the context.
More Information - Information Specific to Europe - Legal Basis for Processing.
As necessary for the performance of our contract: We process personal data as necessary for the performance of a contract with the user. When we enter into a contract directly with a user, we process the user’s personal data on the basis of our contract in order to prepare and enter into the contract, as well as to perform and manage the contract (i.e., to provide our products, features, and services to account owners, their users, and those they invite to join meetings, webinars, and events hosted on their accounts; and manage our relationship and contract, including billing, compliance with contractual obligations, and related administration). If we do not process a user’s personal data for these purposes, we may not be able to provide them with all products and services.
As necessary for compliance with legal obligations: We process personal data as necessary for compliance with our legal obligations under EEA laws, regulations, codes of practice, guidelines, or rules applicable to us; and for responses to requests from, and other communications with, competent EEA public, governmental, judicial, or other regulatory authorities. This includes detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activity and compliance with privacy laws.
As necessary in order to protect vital interests: We process certain personal data to protect the vital interests of users or other natural persons by detecting and preventing illicit activities that impact vital interests and public safety, including the transmission of child sexual abuse material.
As necessary for the purposes of the legitimate interests: We process personal data for our legitimate interests when those interests are not overridden by the user’s interests or fundamental rights and freedoms. These interests include: (1) entering and performing the contract with the account owner and/or reseller providing users with products and services (including billing, compliance with contractual obligations, and related administration and support); (2) developing, testing, improving, and troubleshooting our products and services; (3) ensuring the authentication, integrity, security, and safety of accounts, activity, and products and services, including detecting and preventing malicious conduct and violations of our terms and policies, preventing or investigating bad or unsafe experiences, and addressing security threats; (4) sending marketing communications, advertising, and promotions related to the products and services; (5) complying with non-EEA laws, regulations, codes of practice, guidelines, or rules that are applicable to us; (6) responding to requests from, and other communications with, competent non-EEA public, governmental, judicial, or other regulatory authorities; (7) meeting our corporate and social responsibility commitments; and (8) resolving disputes, enforcing agreements, and protecting our rights and property and the rights and property of our customers.
Zoom for Government data is stored in the United States. The United States may have data protection rules that are different and less protective than those of the countries or regions where the data was originally collected.
We protect user personal data in accordance with this Privacy Statement wherever it is processed, and take appropriate contractual or other steps to protect it under applicable laws. Where we transfer the personal data of users in the EEA, Switzerland, or the UK to countries outside the EEA, Switzerland, or the UK that have not been recognized as having an adequate level of data protection, we ensure that the transfer is governed by the European Commission’s standard contractual clauses.
More Information - Information Specific to Europe - Cross-Border Transfer. We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. Users may learn more about the Data Privacy Framework (DPF) program and view our certification at the following website: https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of user personal data. EU and UK and Swiss individuals with questions or complaints about our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact us at: privacy@zoom.us.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
We adhere to the DPF Principles. The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
If third-party agents process personal data on our behalf in a manner inconsistent with the DPF Principles, we remain liable unless we prove we are not responsible for the event giving rise to any damages. Users who have questions or complaints related to our compliance with the DPF Principles should contact us as indicated in the How End Users Can Exercise Their Rights section of this Privacy Statement.
Under limited circumstances and after other available dispute resolution mechanisms have been exhausted, binding arbitration is available to address certain residual complaints under the DPF not resolved by other means.
Information Specific to California and Other U.S. States
Residents of California and other U.S. states with comparable privacy laws are entitled to certain information in a Notice at Collection, including a list of the categories of personal data that are being collected, the purposes for which these categories of data are being used, and an option to opt out of the sale or sharing of personal data.
More Information - Information Specific to California and Other U.S. States - Categories of Personal Data.
Categories of Personal Data Collected. Zoom may collect, or process on behalf of our customers, the following categories of personal data, as described above, in the What Personal Data We Receive section of this Privacy Statement: identifiers (such as in Account Information, Profile and Participant Information, Contact Information, and Registration Information), financial account information (such as in Account Information); commercial information (such as in Account Information); internet or other electronic network activity information (such as Device Information and Usage Information); audio, electronic, and visual information (such as in Customer Content) education information such as from university customers; inferences we derive from the preceding or other information we collect; and sensitive personal information (such as certain categories in Account Information, Customer Content).
Sources of Personal Information. We receive information from sources as described in the “What Personal Data Do We Receive?” section, including: from users (including through their use of our products and services); from partners; from customers; and from publicly available sources. We collect education information from schools that use our services. Users can see our Children's Educational Privacy Statement [link] for more information.
Purposes for Use of Personal Data. We use personal data for the following business and commercial purposes: to Provide Zoom Products and Services; for Product Research and Development; for Marketing and Promotions; Authentication, Integrity, Security, and Safety; to Communicate with Users; and for Legal Reasons. We do not use meeting, webinar, or messaging content, or any content generated or shared as part of other collaborative features, for any marketing or promotions. For more information, users can look at the How We Use Personal Data section of this Privacy Statement. For information about third parties to whom we disclose personal data, users can look at the Why and With Whom We Share Personal Data section of this Privacy Statement.
Retention: Zoom retains personal data for as long as required to engage in the uses described in this Privacy Statement, unless a longer retention period is required by applicable law. Additional details can be found in the How Long We Keep Personal Data section of this Privacy Statement.
Sensitive Information. We receive information that may be considered sensitive under some state laws, such as certain Account Information (e.g., financial information, log-in information) and certain Customer Content. We process sensitive personal information to Provide Zoom Products and Services, for Product Research and Development, for Authentication, Integrity, Security, and Safety, to Communicate with Users, for Legal Reasons, and as allowed by the user’s consent. We do not use or disclose sensitive personal information (as defined under CCPA) for purposes of inferring characteristics about a consumer, or in any way that would require us to provide a right to limit under the CCPA. Under certain laws, residents may also be permitted to opt out of certain profiling relating to automated processing analyzing certain categories of an individual’s information that would produce a legal or similarly significant effect. We do not engage in this type of profiling of individuals.
Under some U.S. state laws, including the California Consumer Privacy Act of 2018 (as amended by the California Consumer Privacy Rights Act) (CCPA), residents of those states may have specific rights as to their personal data.
More Information - Information Specific to California and Other U.S. States - Individual Rights. Residents of California and other U.S. states with comparable privacy laws may have the right to: (1) access the categories and specific pieces of personal data we have collected, the categories of sources from which the personal data is collected, the business purposes for collecting the personal data, and the categories of third parties with whom we have shared personal data; (2) obtain personal data in a portable and, to the extent technically feasible, readily usable format; (3) under certain circumstances, delete personal data; (4) under certain circumstances, correct personal data; and (5) opt out of the sale or sharing of personal data for targeted advertising purposes. These rights are not absolute, are subject to exceptions and limitations, and may not be afforded to residents of all states.
We do not sell Zoom for Government personal data to third parties, and we only share personal data with third parties as necessary to provide Zoom for Government products and services; there is therefore no sale or sharing of personal data for targeted advertising purposes. To exercise any other rights, users can click here [link]. California residents may also call +1-888-799-9666. We will acknowledge receipt of the user’s request within 10 business days, and provide substantive response within 45 calendar days, or inform the user of the reason and extension period (up to a total of 90 days) in writing. We will not discriminate against a user for exercising any of these rights, and we may not be allowed to do so under state law.
We will need to verify the user’s identity to process requests, and reserve the right to confirm the user’s state residency. To verify a user’s identity, we may require them to log into their existing Zoom for Government account (if applicable), give a declaration as to their identity under penalty of perjury, and/or provide additional information, such as providing at least two pieces of personal information relating to their account or as we otherwise may already have in our possession, such as their email and phone number. We will verify requests by comparing information the user provides to information already in our possession, and take additional steps to minimize the risk of fraud. Users may designate authorized agents to submit their verified consumer requests by providing written permission and verifying their identities, or through proof of power of attorney.
In certain cases, we may decline requests to exercise these rights where permitted by law. If we decline to process a request, users may have the right to appeal our decision. They may do so by replying directly to our denial or emailing privacy@zoom.us.
Users can view our Disclosure of Privacy Rights Requests here.
Under California’s Shine the Light law, users may also ask companies with whom they have formed a business relationship primarily for personal, family, or household purposes to provide: (1) the names of third parties to whom they have disclosed certain personal information (as defined in the law) during the preceding calendar year for their own direct marketing purposes; and (2) the categories of personal information disclosed. Users who want this information can send requests to privacy@zoom.us. Such requests should have the subject, “Shine the Light Request,” and provide the user’s first and last name and mailing address (to verify that they are a California resident). We reserve the right to require additional information to confirm identity and California residency. We are not able to accept requests by telephone, physical mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
Changes to this Privacy Statement
From time to time we will update this Privacy Statement to account for changes in how we process personal data. If we make material changes, we will notify account owners and give them a chance to review the changes before continuing to use our products and services.