Zoom
Zoom is a video conferencing and telecommunication service.
Score
Citation
Specific Requests. In addition to the uses described above, Zoom may also receive data from you for specific purposes. When you give it to us, we use the data for that specific purpose: [...] To personalize marketing communications and website content based on your preferences, such as in response to your request for specific information on products and services that may be of interest.
Notes
The data used for this kind of targeting is only collected from the marketing site, not the services.
Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.
Score
Citation
We will retain personal data collected for as long as required to do what we say we will in this policy, unless a longer retention period is required by law. Customers can delete their own content.
Notes
It is unclear whether this applies to data collected for marketing.
This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).
Note that whether the policy allows sharing aggregated user data does not affect this question.
If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).
If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).
Score
Citation
Data we may obtain about you: Data collected through the use of cookies and pixels (Data collected from tools such as Google Analytics and Google Ads)
Score
Citation
In certain limited circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal data.
In certain situations, Zoom may be required to disclose personal data in response to valid and lawful requests by public authorities or pursuant to requests from law enforcement.
Score
Citation
Zoom is committed to protecting your personal data. We use a combination of industry-standard security technologies, procedures, and organizational controls and measures to protect your data from unauthorized access, use, or disclosure.
We recommend you take every precaution in protecting your data when you are on the Internet. For example, change your passwords often, use a combination of upper and lower-case letters, numbers, and symbols when creating passwords, and make sure you use a secure browser. If you have any questions about the security of your data, please contact our security team at security@zoom.us
Score
Citation
If we make any material changes to the way we handle personal data as described here, we will notify you by posting an updated notice on our website. We encourage you to review this page regularly for the latest information on our privacy practices. The effective date at the top of this policy indicates when the policy was last revised.
Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.
Score
Notes
The policy has no mention of a data breach disclosure protocol.
Score
Citation
If we make any material changes to the way we handle personal data as described here, we will notify you by posting an updated notice on our website.
Notes
Users are not actively notified; changes are announced via a banner on their website. (Few users interact with Zoom via the site; most use a desktop/mobile app.)
This includes the use of data brokers and independent verification authorities (such as background check providers).
Score
Citation
(In table "Data we may obtain about you")
Third Parties --- Data Enrichment services, Mailing Lists, Public Sources --- Send you marketing communications, unless you tell us not to (or if you say it’s OK, i.e., opt-in); Provide tailored information based on your interests
Score
Notes
The privacy policy contains several tables that lay out the types of data collected and how it's used.
Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.
Score
Citation
[We send] you marketing communications, unless you tell us not to (or if you say it’s OK, i.e., opt-in)
You have choices about what cookies can be used. You can adjust cookie settings by turning off optional cookies in your browser’s setting or by using our Cookie Preferences link at the bottom of the Zoom homepage. To ensure that you do not receive Advertising Cookies, you can adjust the slider at the Cookie Preferences link to “Required Cookies/CCPA Opt-Out”.
Because of CCPA’s broad definition, as is the case with many providers since the CCPA became law, we provide a “Do Not Sell My Personal Information” link at the bottom of our marketing sites. You can use this link to change your Cookie Preferences and opt out of the use of these advertising tools. If you opt out, Personal Data that was used by these tools will no longer be shared with third parties in a way that constitutes a “sale” under CCPA.
Score
Notes
While the policy is relatively clear about the data it collects, it uses ambiguous language like "such as" to avoid concrete statements.
Last Updated
May 26, 2021
Sources
Contributors
