top of page

 

 

DPL Foundation
Zoom Privacy Policy

1. Introduction

This Zoom Privacy Policy explains how DPL Foundation collects, uses, shares, and protects personal information when virtual meetings, trainings, webinars, or events are hosted through the foundation’s Zoom account. This policy is designed to meet the requirements of United States federal privacy laws, Michigan privacy and cybersecurity laws, and the General Data Protection Regulation of the European Union for individuals located in the European Economic Area.

2. Legal Basis for Processing

For individuals in the United States, information is processed for legitimate organizational purposes, to comply with law, to fulfill contractual commitments, or to maintain the security and integrity of systems.

For individuals located in the European Economic Area, information is processed under these GDPR bases. The legitimate interests of the foundation in operating secure and effective virtual communication. The performance of a contract such as participation in a program or partnership. Explicit consent when required such as for optional recordings or specific data sharing. Compliance with legal obligations.

3. Information We Collect Through Zoom

The foundation may collect or access the following types of information.

Participant Information

  • Name and display name.

  • Email address.

  • Role or affiliation.

  • Profile picture.

  • Information entered into chat, polls, or Q and A.

  • Voluntary information shared verbally or visually during meetings.

Meeting and System Information

  • Times, dates, and duration of meetings.

  • Attendance information.

  • Technical information such as IP address, device type, browser type, connection quality, and general location data.

  • Security and access logs.

  • Audio, Video, and Recordings

  • Audio, video, and screen shares.

  • Chat logs and automated transcripts when used.

  • Recordings are captured only when necessary and with appropriate notice.
     

4. How We Use Zoom Information

Zoom related information is used to:

  • Operate virtual meetings, programs, and events.

  • Support training and documentation of organizational activities.

  • Protect security and investigate potential misuse.

  • Comply with legal or regulatory requirements.

  • Improve virtual engagement practices and technology performance.

  • All use is limited to legitimate organizational needs consistent with applicable laws.

5. Sharing of Information

The foundation does not sell personal information. Information may be shared only in the following cases:

  • Internal staff who require access to fulfill their responsibilities.

  • Service providers that support Zoom operations including cloud storage providers and security systems.

  • Program partners when access is necessary to deliver a program or event and appropriate safeguards exist.

  • Government or law enforcement agencies when required by law.

  • Legal or financial advisors who are bound by confidentiality duties.

  • All third parties must use information only for authorized purposes and must maintain appropriate safeguards as required under United States law, Michigan law, and GDPR.

6. International Transfers

Zoom data may be stored or processed outside the country where a participant is located. For individuals in the European Economic Area, the foundation uses safeguards permitted under GDPR such as Standard Contractual Clauses, vendor level compliance programs, and additional technical and administrative measures.

7. Recording Practices and Participant Notice

Recordings are made only when there is a legitimate operational purpose such as training or documentation. When a meeting is recorded, the following applies: 

  • Zoom provides automated notification.

  • Verbal notice is given when reasonable.

  • Participants may choose to keep cameras off or decline involvement in recorded activities when feasible.

  • Recordings are stored securely and access is limited.

  • Recordings are retained only for as long as needed under legal and internal retention rules.

  • Highly sensitive meetings are not recorded without explicit authorization.

  • Consent may be required under GDPR for optional recording features. When applicable, participants may withdraw consent at any time and the foundation will stop future recording of their participation when feasible.
     

8. Confidentiality and Security

The foundation follows reasonable administrative, technical, and physical safeguards that meet or exceed requirements under Michigan cybersecurity law, federal data protection standards, and GDPR. These measures include the use of access controls and authentication, secure storage for recordings and logs, monitoring for unauthorized access, and careful configuration of meeting settings such as passwords, waiting rooms, and controlled screen sharing. Training is provided to staff on privacy and security practices.

Although strong safeguards are in place, no system can be guaranteed entirely secure.

9. Rights of Individuals

Rights under United States law and Michigan law

  • The right to request access to certain information.

  • The right to request corrections.

  • The right to request deletion of information when allowed by law.

  • The right to opt out of non essential communications.

Rights under GDPR

  • The right of access.

  • The right to rectification.

  • The right to erasure.

  • The right to restrict processing.

  • The right to data portability.

  • The right to object to processing based on legitimate interests.

  • The right to withdraw consent when processing is based on consent.

Requests may be submitted through the foundation’s designated contact channels. Identification may be required to verify requests. Some requests may be limited by legal or operational obligations.

10. Data Retention

Zoom related data is retained only as long as necessary to fulfill operational needs, meet legal requirements, and support secure and compliant record keeping. When information is no longer required, it is deleted or anonymized. Retention schedules comply with Michigan record keeping rules and GDPR requirements for storage limitation.

11. Third Party Services

Zoom is operated by Zoom Video Communications, which maintains its own privacy and security practices. Participation in a meeting may involve data collection by Zoom beyond the control of the foundation. Participants should review Zoom’s privacy policy for additional details.

12. Updates to This Policy

The foundation may revise this policy to reflect changes in law or operational needs. Updated versions will include a revised effective date.

13. Contact Information

Individuals may submit questions or privacy related requests to the foundation’s main office or designated privacy contact email.

For individuals in the European Economic Area, requests may also be directed to the foundation’s designated GDPR contact or representative when applicable.

bottom of page