The statement discloses that users in certain jurisdictions, including the EU, UK, and California, have rights including access, correction, deletion, data portability, objection to processing, restriction of processing, and withdrawal of consent. The availability of each right depends on applicable law and the legal basis for processing.
This analysis describes what Zoom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the range of data subject rights Zoom recognizes under applicable law and the mechanism by which users can exercise them. For enterprise customers, understanding which rights apply to employee or customer data processed through Zoom is relevant to their own data subject access request workflows.
This addition broadens privacy rights language to cover GDPR and regional laws more comprehensively, replacing the California-specific CCPA/CPRA provision with global applicability.
View full change record →The agreement establishes that users in jurisdictions covered by GDPR, UK GDPR, or CCPA can request access to, deletion of, or portability of their personal data by contacting Zoom through the designated privacy rights mechanism. The applicable rights vary by jurisdiction and the legal basis under which data is processed.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Zoom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on applicable law, you may have the right to access personal data we hold about you, correct inaccurate personal data, delete your personal data, object to or restrict our processing of your personal data, receive your personal data in a portable format, and withdraw consent where our processing is based on your consent.— Excerpt from Zoom's Zoom Privacy Statement
1. REGULATORY LANDSCAPE: This provision directly implements GDPR Chapter III data subject rights for EEA users and Article 17 of UK GDPR for UK users. CCPA and CPRA establish equivalent rights for California residents including the right to know, delete, correct, and opt out. Zoom's statement acknowledges jurisdiction-specific variation in applicable rights. 2. GOVERNANCE EXPOSURE: Medium. Enterprises processing personal data through Zoom as a controller must ensure their own data subject access request procedures account for data held by Zoom and establish workflows to respond to requests that require Zoom's involvement. Zoom's response timelines and procedures should be evaluated against GDPR's 30-day response requirement. 3. JURISDICTION FLAGS: EEA users have the broadest set of rights under GDPR, including the right to object to processing based on legitimate interests. UK users have equivalent rights under UK GDPR. California residents have CCPA and CPRA rights that partially overlap. Users in other jurisdictions may have more limited rights depending on applicable local law. 4. CONTRACT AND VENDOR IMPLICATIONS: Enterprise data processing agreements should specify Zoom's obligations to assist the controller in responding to data subject access requests within applicable legal timeframes. Organizations acting as data controllers should confirm that Zoom's DPA includes adequate provisions for DSR assistance. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should map data subject rights exercises that may involve Zoom-held data and establish internal procedures for routing such requests to Zoom. Organizations should verify the timelines Zoom commits to in its DPA for responding to DSR assistance requests and confirm these align with GDPR and CCPA response deadlines.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the range of data subject rights Zoom recognizes under applicable law and the mechanism by which users can exercise them. For enterprise customers, understanding which rights apply to employee or customer data processed through Zoom is relevant to their own data subject access request workflows.
The agreement establishes that users in jurisdictions covered by GDPR, UK GDPR, or CCPA can request access to, deletion of, or portability of their personal data by contacting Zoom through the designated privacy rights mechanism. The applicable rights vary by jurisdiction and the legal basis under which data is processed.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zoom.