Data protection with Zoom X

The University of Hohenheim uses the Zoom X video conferencing solution, powered by Telekom, for digital teaching, research and administration. Data processing is carried out by Deutsche Telekom AG, acting as a data processor, on servers located in Germany or the European Union. 

The use of Zoom X for private purposes is prohibited. There is no monitoring of performance or conduct. 

Terms and conditions of use

Privacy settings
KIM has configured Zoom X so that only a minimum amount of data is processed: meetings start with video disabled and the microphone muted, automatic recording is disabled, and chat logs are not saved. Before use, the privacy settings should be checked and adjusted if necessary (Privacy by Default, data minimisation, purpose limitation). 

End-to-end encryption
For content requiring a high level of security (e.g. exams, disciplinary proceedings, job interviews), end-to-end encryption must be enabled. Please note that this means some features (breakout rooms, polls, browser dial-in, phone dial-in) will not be available. 

Recording of events
The recording of online events is permitted provided that data protection regulations are complied with. Further details are set out in the guidance on recording with Zoom X: 

File sharing
Files requiring special protection should not be shared via Zoom X. Instead, use shared drives, FEX or bwSync&Share.

Privacy notice in accordance with Article 13 of the GDPR

Responsible body 
University of Stuttgart, represented by the President Prof. Dr. Christoph Schneider 
Schloss Hohenheim 1, 70599 Stuttgart | www.uni-hohenheim.de 

Data Protection Officer 
UIMC Dr. Voßbein GmbH & Co. KG, attn. Dr. Heiko Haaz 
Otto-Hausmann-Ring 113, 42115 Wuppertal | dsb@uni-hohenheim.de 

Purpose and legal basis 
Zoom X is used to conduct virtual meetings, online courses, and online seminars as part of university tasks (teaching, research, administration). The legal bases are Art. 6 para. 1(a) (consent), (b) (contract), and (e) (public task) GDPR. 

Processed data 
Required for use: Name and Hohenheim email address. Depending on use, further data may be processed: Meeting metadata (topic, IP address, device information), audio and video data and, in the case of recordings, the corresponding media files. 

Recipient 
Processing is carried out by Deutsche Telekom AG as a processor (Art. 28 GDPR) on servers in Germany/EU. The data will not be passed on to other third parties. 

Storage period 
Data will be deleted as soon as the purpose of processing has been achieved and there are no retention obligations. The user account must be deleted at the latest when you leave the university. 

Your rights 
You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR). You can lodge a complaint with the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information. 

Contact

Do you have questions or comments about this site? contact form