The following facts apply to Zoom provided by NORDUnet:
- Service Delivery: University of Skövde use Zoom operated by NORDUnet. The service is provided by the national NREN in Sweden SUNET.
- GDPR compliance: Zoom operated by NORDUnet is GDPR compliant and in accordance with other European privacy directives. This is secured through the individual contracts entered into and the chain of Data Processing and sub-processing agreements. University->NREN->NORDUnet->Zoom->sub-providers
- User account data: Data from users of NORDUnet's Zoom service is not stored with Zoom in the United States. The account data is stored in Zoom datacentres in Europe. We use dedicated servers installed in Copenhagen, Denmark, Stockholm, Sweden, Helsinki, Finland and Oslo, Norway, for all meetings and meeting data.
- Logging in: University of Skövde use a Single Sign-On solution (SSO).
- Personal information: Personal information about users of NORDUnet's Zoom service is processed within the EU in accordance with the applicable data processing agreement. This applies to personal information necessary for using the service, such as first name, last name, email address, role, etc. Typically, as released by the home institution, using the national identity federation, through SAML attributes. No credit card details, telephone numbers or other similar information is stored in the Zoom instance provided by NORDUnet. (See section above for storing of personal data)
- Zoom public service: Zoom provides a so-called "public" or public service. Zoom from NORDUnet is not part of this public service. NORDUnet provides a private Zoom service, regulated by a separate agreement.
- Zoom local administrators: All organizations that use Zoom provided by NORDUnet have one or more local institution administrators. As with other ICT services, local Zoom administrators have a higher degree of access and use of control tools than ordinary users. Such access is necessary to keep good quality of service and to suppport users if they need assistance.
- Local recording: NORDUnet's Zoom service allows for local recording. If a meeting is recorded, participants in the meeting are automatically notified with a symbol in the video window and in the attendee list. The local institution administrator can set up Zoom so that all attendees must approve any recordings. The local administrator can also control whether other participants can record the meeting.
- On-prem Cloud recording: Zoom operated by NORDUnet has support for so called Cloud Recording. The Cloud Recordings are processed and stored temporally on local servers placed with the Zoom zones in the Nordic. After the meeting has ended, the recording is transferred to one of the NORDUnet on-prem media management services (Kaltura MediaSite), and a download link to retrieve the recording is provided. The recordings are stored in video/audio format.
Please note:
- Safe meetings: Zoom offers a number of mechanisms for creating safe meetings. For example, waiting rooms, and the possibility for the meeting hosts to password protect the meeting. Meeting hosts can also “lock” meetings, then no one but the invited participants can participate, this also applies to administrators. No one can use meeting rooms created by other users without permission.
You can find more information on https://explore.zoom.us/en/trust/security/ or read this guide on how to secure your meetings https://nordunet.zendesk.com/hc/article_attachments/4407216402706/Securing_Your_Zoom_Meetings.pdf - Encryption: All video and audio traffic and data are by default encrypted, too and from the meeting servers. Real End-to-End encryption is achievable between a limited number of meeting participants (200), functional limitations apply with EE2E encryption enabled.