Privacy policy for meditation, online courses and workshops through "Zoom".
Below we inform you about the processing of personal data in connection with the use of "Zoom".
Purpose of processing
We use the "Zoom" tool to conduct online meditations, courses and workshops (hereinafter referred to as "Online Meetings"). "Zoom" is a service of Zoom Video Communications, Inc. which is based in the United States.
Responsible person
The Xavi Domènech Institute is responsible for the processing of data directly related to the holding of online meetings.
Note: If you access the "Zoom" website, the "Zoom" provider is responsible for data processing. However, you only need to call the website to use "Zoom" to download the software to use "Zoom".
Zoom" can also be used by entering the corresponding meeting ID and, if necessary, other meeting access data directly into the "Zoom" application.
If the "Zoom" application is not desired or cannot be used, the basic function can also be used via a browser version, which can also be found on the "Zoom" website.
What data are processed?
When using "Zoom", various types of data are processed. The scope of the data also depends on the data provided before or during participation in an "online meeting".
The following personal data are subject to processing:
User data: first name, last name, telephone (optional), e-mail address, password (if not using "Single-Sign-On"), profile picture (optional), department (optional)
Metadata gathering: Topic, description (optional), IP addresses of participants, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing by phone: information about the incoming and outgoing phone number, country name, start and end time. If required, other connection data such as the IP address of the device can be saved.
Text, audio and video data: You can use the chat, question or poll functions in an "online meeting". In this regard, the text entries you make are processed for display in the "online meeting" and recorded if necessary. To enable video display and audio playback, data from your terminal device's microphone and any video camera on the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the "Zoom" applications.
To participate in an "online meeting", you must at least provide your name information to enter the "meeting room".
Scope of processing
We use "zoom" to conduct online meetings. If we want to record online meetings, we will inform you in advance in a transparent manner and, if necessary, ask for your consent. The fact of the recording will also be displayed in the "Zoom" application.
If it is necessary for the purpose of recording the results of an online meeting, we will record the content of the chat. However, this is not usually the case.
In the case of webinars, we can also process questions asked by webinar participants in order to record and follow up on the webinars.
If you are registered as a Zoom user, online meeting reports (meeting metadata, phone call data, webinar Q&A, webinar survey function) can be stored for up to one month in Zoom.
The possibility of software-based "attention tracking" in "online meeting" tools such as "Zoom" is disabled.
Automated decision making as defined in Art. 22 of the GDPR is not used.
Legal basis for data processing
For the collaborators of the Xavi Dòmenech Institute , the Organic Law 3/2018 of 5 December on the Protection of Personal Data (LOPD) is the legal basis for data processing. In the event that the data is not necessary for data processing in connection with the use of "Zoom", but is nevertheless an elementary component in the use of "Zoom", Article 6(1)(f) of the GDPR is the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings".
For other participants in "online meetings" - insofar as the meetings are held within the framework of contractual relations - Art. 6 Para. 1 lit. b) GDPR is the legal basis for data processing.
If there is no contractual relationship, the legal basis is Article 6, paragraph 1, letter f) of the GDPR. Here we are also interested in the effective implementation of "online meetings".
Data reception / transmission
Personal data processed in connection with participation in "online meetings" are generally not transmitted to third parties, unless specifically intended to be transmitted. Please note that the contents of "online meetings" as well as those of face-to-face meetings are often used to communicate information to customers, interested parties or third parties and are therefore intended to be transmitted.
Other recipients: The "Zoom" provider necessarily obtains knowledge of the above data to the extent provided for in our contract processing agreement with "Zoom".
Data processing outside the European Union
"Zoom" is a service provided by a provider in the U.S. Therefore, the processing of personal data is also carried out in a third country. We have concluded an order processing contract with the supplier of "Zoom" that complies with the requirements of Art. 28 RGPD.
The adequate level of data protection is guaranteed, on the one hand, by the "Privacy Shield" certification of Zoom Video Communications, Inc. and, on the other hand, by the conclusion of the so-called EU standard contractual clauses.
Disclosure, correction and deletion of personal data
You may request, free of charge, information about the data we store about you.
You have the right to correct inaccurate or incomplete data that the Xavi Dòmenech Institute has stored.
You have the right to request deletion of your personal data if it is no longer necessary for the purpose for which it was collected. However, we would like to point out that the Xavi Dòmenech Institute is subject to legal obligations that do not allow us to delete certain information immediately. These obligations are the result of accounting and tax laws. However, we may anonymize your data, thus preventing processing for purposes other than those required by law. In addition, you may amend or revoke your declaration of consent at any time without stating reasons, with effect for the future. You may send the revocation by postal mail or e-mail. You will not incur any costs other than the cost of mailing or the cost of e-mail transmission in accordance with existing base rates. A text message (letter, e-mail) is sufficient.
Video surveillance cameras: according to current regulations, our clients are informed that there are surveillance cameras installed in the reception and boutique of the establishment. These recordings are stored for a period of 30 days after which they will be deleted from the archive.
Transfer of data to third parties
We only transfer personal data to third parties for the performance of a contract. This rule is applicable in very specific cases such as yoga vacation programs or teacher training courses, being then hotels, credit card companies or online payments, or banking and/or bank transfer services. This measure is based on Article 6, paragraph 1(b) GDPR, which allows processing of data information to fulfill contractual or pre-contractual measures.
The transfer of data to third countries without guarantees is made on the basis of Article 49, paragraph 1(b) GDPR which allows the transfer to fulfill contractual measures.
Any other transfer of data will only take place with your express consent or if we are required by law to do so, or if such transfer is related to your use of this website.
Your personal data will never be transferred to companies for advertising purposes without your express consent.
Please use the following contact information:
Europe: info@tantra.es
LATAM: contacto@tantra.es
Xavi Domènch Institute.