BroadSoft, Inc. and its affiliates (collectively “BroadSoft” or “we”) are committed to protecting your privacy.
We comply with data protection legislation. This regulates the processing of personal data relating to you and grants you various rights in respect of your personal data including a right to object to some of your processing.
The aim of this statement is to tell you how we will use your personal data collected in the context of your customer relationship with BroadSoft and the choices available to you regarding collection, use, access, and how to update and correct your personal data.
There may be additional policies and notices to be aware of, if you are using a BroadSoft Solution provided by a service provider or third party. Please refer to the privacy statement or policy of the entity through which you are obtaining BroadSoft Solutions for more details.
Additional information on our personal data practices may be provided in supplemental privacy statements or notices provided prior to or at the time of data collection.
WHAT INFORMATION DO WE COLLECT AND PROCESS?
When you use our services, we collect and process the following data:
- Personal data – such as Name, Email Address, Phone Number, Address.
- Credentials – such as user IDs and passwords, authentication tokens and cookies.
- Profile data – Service settings, call forward number, do-not-disturb settings, auto-attendant, etc.
- Contact Lists
- User Generated data – such as instant messages, chat histories and uploaded media files.
- Location data
- Connectivity data – such as IP addresses, device Identifiers (such as IMEI), MAC address, etc.
- Traffic data – such as phone numbers or other identifiers that you call and send messages to and receive from, the date, time, duration (at the time these communications are made).
- Billing data – Data relevant for invoicing and collections, invoice documents and other billing records.
WHAT DO WE USE THIS INFORMATION FOR AND WHAT IS THE LEGAL BASIS FOR THIS USE?
We will use your personal data for the following purposes:
- In the context of your customer relationship with BroadSoft for the performance of our contractual obligations, in particular:
- for the provisioning of and providing the service
- Provide operational support for contracted service
- Communicate with you on status and availability of service
- for billing
- to conduct our business and pursue our legitimate interests and where our interests are not overridden by your data protection rights, in particular:
- for verifying your identity;
- for subscriber and user enquiries and the resolution of problems associated with service;
- for prevention or detection of fraud;
- to carry out research and analysis and monitor use of our network and products and services on an anonymous basis to identify general consumer trends and to understand better our users’ behaviors and partner with other businesses to create new services and to develop interesting and relevant products and services for our customers, as well as personalize the products and services we offer you. We may use information about your location for research and analytics purposes but we will only retain this information in an anonymized form to ensure that you cannot be identified as an individual;
- where you give us your consent
- Where you ask us to send marketing information via a medium or in a format where we need your consent (for example email marketing in certain countries). For more information about how to modify your preferences about marketing communications, please see below;
- for informational type directory services; and
- On other occasions where we ask for your consent, for the purpose we explain at the time.
- For purposes which are required by law, such as responding to requests by government or law enforcement authorities conducting an investigation.
- We also use aggregated information about the use of our services so we can administer and improve our services, analyze trends, and gather broad demographic information. We may pass this information to third parties.
HOW LONG DO WE KEEP YOUR INFORMATION?
We will retain your Subscriber Data (such as personal data, profile data, contact lists, etc) for the duration of the contract relationship.
Traffic Data will be stored for up to 30 days (except in Germany where data is stored for up to 7 days), unless necessary to investigate faults or investigate cases of fraud.
Data backups, file archives and application log files are deleted every 30 days. Pertinent log information required to troubleshoot a problem encountered by end-users may be retained for up to 1 year.
- Personal data: Data is deleted within 60 days of an organization’s service being terminated.
- Credentials: Data is deleted within 60 days of an organization’s service being terminated.
- Profile data: Data is deleted within 60 days of an organization’s service being terminated.
- Contacts lists: Data is deleted within 60 days of an organization’s service being terminated.
- User generated data: Data is deleted within 60 days of an organization’s service being terminated.
- Connectivity data: Data is deleted within 60 days of an organization’s service being terminated.
- Traffic data: Data is stored for up to 30 days, except in Germany where data is stored for up to 7 days.
- Billing data: Invoices and billing records are stored for up to 7 years.
WHO WILL WE SHARE THIS INFORMATION WITH, WHERE AND WHEN?
BroadSoft will share the personal data you provide with other BroadSoft entities and/or third parties who are acting on BroadSoft’s behalf to provide you services such as technical assistance, troubleshooting, customer support and billing. Business partners include for vendors for cloud hosting, service billing, analytics and service monitoring purposes.
Where these recipients are data processors on our behalf, we have entered into appropriate data processing agreements with them. Where these recipients receive your data as controllers, this disclosure is justified by their role in providing services to you and they receive the data necessary to provide and invoice their contribution to these services.
Some of these BroadSoft entities or business partners may be located in multiple geographies, including the US, Canada, United Kingdom, Northern Ireland, EU, Australia, and Japan. Where we export your data outside of the EEA, this is permitted either by appropriate data processing agreements or justified by the need to provide our services to you internationally. Where such transfers are to a Broadsoft entity or business partner in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or Processor Binding Corporate Rules. You can obtain a copy of the relevant mechanism by contacting us on the contact details set out below.
Personal data may be share with government authorities or law enforcement officials if required for the purposes above, if mandated by law or of require for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisors and any prospective purchaser’s advisors and will be passed to the new owners of the business.
We have implemented appropriate technical and organizational measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration or disclosure.
Additional controls may include:
- Encryption of data in transit and secure file transfers
- Protection of authentication passwords via encryption or hashing
- Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- Regular and secure backups of personal data, created and maintained
- Data anonymization (when appropriate e.g. for analytics) – done for Google analytics.
- Conducting penetration tests and vulnerability scans
- Authenticating employees, vendors and contractors access to information systems
- Maintaining appropriate security documentation
WHAT RIGHTS DO YOU HAVE?
You are entitled to see the information held about you. If you wish to do this, please contact us at email@example.com. We may require you to provide verification of your identity to provide a copy of the information we hold. Please note that in certain circumstances we may withhold access to your information where we have the right to do so under current data protection legislation.
You may also have the right to correct, delete or restrict the processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller. In addition, you can object to the processing of your personal data in some circumstances, in particular where we don’t have to process the personal data to meet a contractual or other legal requirement, or where we are using the data for direct marketing.
If you opted to receive marketing emails or other communications from BroadSoft or third parties at the time you registered for the services but subsequently change your mind, you may opt-out by emailing firstname.lastname@example.org.You can also email this address to exercise any of your other rights. If you have unresolved concerns, you have a right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
BroadSoft encourages parents and guardians to take an active role in their children’s online activities. BroadSoft does not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe that we may have collected personal data from someone under the applicable age of consent in your country without proper consent, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and address the issue promptly.
HOW TO CONTACT US
We value your opinions. Should you have questions or comments related to this Privacy Statement, please email our privacy team at privacy@BroadSoft.com.
UPDATES TO THIS BROADSOFT PRIVACY STATEMENT
We may update this Privacy Statement from time to time. If we modify our Privacy Statement, we will post the revised version here, with an updated revision date. You agree to visit these pages periodically to be aware of and review any such revisions. If we make material changes to our Privacy Statement, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our websites or sending you a notification. By continuing to use our website or Solutions after such revisions are in effect, you accept and agree to the revisions and to abide by them.