Zoom Privacy Notice
Purpose of processing data
Zoom is a service used for recording videos during teaching and for online meetings. Streamed material or recorded on-demand videos can be separately produced lecture or meeting recordings. The first name and surname of participants signed in with a UTU account or a pseudonym of participants signed in without a UTU identification/account are visible on the list of participants to the administrators of a Zoom meeting.
A Zoom front page of the University of Turku is available for signing in the service. In addition, Zoom can be used by signing in the actual Zoom software or through the browser version:
FUNET MIITTI service provided by CSC on 1 Sept 2019 and operated on NORDUnet server can be accessed at https://utu.zoom.us/
Legal basis for processing data
Processing is based on the basic mission of the University stipulated in Section 2 of the Universities Act (558/2007) and its implementation.
IT Services: email@example.com
Processed personal data categories
The following personal data is collected for logging in with a UTU account:
University’s own service:
- Email address
Funet Miitti service:
- Funet Miitti is based on the On-Premise realisation of NORDUnet offered by NORDUnet and tendered in collaboration with Nordic countries as well as on the server environment dedicated to NORDUnet within the EU. In order to secure a functioning system, the following personal data is visible to everyone using the system: First name, surname and EPPN. EPPN is an identification record provided by the University of Turku for disclosing your email address and personnel status (staff/faculty). The University of Turku is the Data Controller of this register for the part of personal data.
Users can store the following data in the server if they wish:
- Name of the meeting (free-form)
- Name of possible recordings (free-form)
- Shared files
- Contents of a shared desktop or app
- Contents of a chat service
- Contents of a poll
- A host of a meeting can give extended admin rights for a meeting they have created to a person they choose (CO-host) if that person has the rights required by the service (personnel status at the University of Turku registered on CSC/NORDUnet)
Videos stored in the service may contain information classified as personal data in the form a shared video image, desktop, file, chat channel, or possible poll/survey. Before recording, lecturers are asked to give a permission for recording, and an electronic agreement is made consisting of the terms and conditions of the recording.
The use of the service creates log entries which are used for ensuring the information security of the service, developing the technology of the service, and for detecting, preventing or investigating technical faults or errors (Sections 138,141,144, and 272 of the Information Society Code (917/2014)).
CSC Funet Miitti service:
According to the University of Turku and the service provider (CSC/NORDUnet), the data are not transferred outside the EU. Information and data communications are transferred only within the EU. The information of a Zoom user in the system (individualising name data) is registered in the Zoom server outside the ETA area.
Retention period for personal data
Personal data of a user is stored in the service as long as necessary, however, only as long as the user’s UTU account is active.
Possible recipients or recipient groups of personal data
The service provider has the right, when necessary, to process personal data stored in the service in their own production activities.
Data publicity and confidentiality
Personal data stored in the system are not publicly available. They are visible to the technical administrators of the system and in certain situation, to other participants in a meeting (a chat in a virtual class room, shared app/display, polls in a meeting room). Names or pseudonyms of participants in a meeting are visible to others participating in the meeting, unless the host of the meeting hides the list of participants.
- You have the right to access your personal data retained by the the Data Controller, the right to rectification or erasure of data, and the right to restrict and object the processing of data.
- The use of the service creates log entries which are used for ensuring the information security of the service, developing the technology of the service, and for detecting, preventing or investigating technical faults or errors (Sections 138,141 and 144 of the Information Society Code (917/2014)). The logs are retained for these purposes for the required time period and they will not be used for any other purposes.
- You have the right to lodge a complaint with the supervisory authority.
- Contact information of the Data Protection Officer at the University of Turku: firstname.lastname@example.org
- Principles for the protection of personal data is described at: https://www.utu.fi/en/privacy/data-security-description