Unify Phone Service

Privacy Notice

(Effective as of December, 2023)

If you are, or plan to become, a user of Unify Phone Service, this document is meant for you! Some of the data processed by Unify Phone Service are your Personal Data (“Personal Data” means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (‘Data Subject’);

The processing of your Personal Data is protected by the Applicable Data Protection Law, which shall mean the laws and regulations relating to the processing and protection of Personal Data applicable in the country where Unify is established. In particular, Applicable Law means (a) EU Regulation 2016/679 (General Data Protection Regulation; ‘GDPR’) (b) Member State laws or regulations relating to the processing and protection of Personal Data implementing or complementing GDPR; and (c) any other applicable laws or regulations relating to the processing and protection of Personal Data.

Unify operates Unify Phone Service by the URL https://phoneapp.unify.com.

 

1 Controller – GDPR (articles 13.1a / 14.1a)

With respect to Personal Data submitted to the Unify Phone Service, Unify is a “Processor” and Unify’s Tenants are the “Controllers” under GDPR.

This Privacy Notice serves to describe how Unify processes Personal Data as a Processor for and on behalf of its Tenants for the purpose of providing Unify Phone Service to Your Tenant and you, pursuant to the Data Protection Agreement (“DPA”), concluded with Your Tenant and the Applicable Law.

Your Tenant as the Controller is directly accountable to you for the protection of your Personal Data. Your Tenant is contractually obligated by the DPA to give you access to this Privacy Notice and to provide you with all the information that is in its area of responsibilities it has to provide to you to comply with its obligations under the GDPR and which information we are not able to provide to you.

 

2 Data Protection Officer – GDPR (articles 13.1b / 14.1b)

Unify has appointed a Data Protection Officer (“DPO”). You can reach the DPO at the following email address:

gdpr@mitel.com

Depending on the size of the business your Tenant might also have a Data Protection Officer. You have the right to get the contact details from your Tenant.

 

3 Purpose and Legal Basis for Processing – GDPR (articles 13.1c,d / 14.1c / 14.2b)

You have the right to understand the purpose and legal basis for the processing of your Personal Data in Unify Phone Service. This is however the responsibility of your Tenant, as explained in section 1. Your Tenant has the obligation to provide You with this information. This will also determine which rights your Tenant claims in the data you enter into Unify Phone Service, e.g. in form or work results of employees.

 

4 Categories of Personal Data – GDPR (articles 14.1d, 14.2(f))

Your Personal Data processed by Unify Phone Service fall under the following categories:

  • Profile Data:Personal data you create about yourself or are assigned to you by your Tenant, in particular name, email address, phone numbers, access rights (user vs tenant administrator).
  • Activity Data:Personal data collected by Unify Phone Service from your use of the services, in particular call journal data, content deletion or change records or data relating to service usage (e.g. used end-points). These data are collected to provide Call Journal functionalities and transparency to the users of Unify Phone Service and for troubleshooting purposes. These data are also used in strictly anonymized form for usage, adoption, and user experience statistics and reports.
  • Transient and Session Data:Transient Data are data the flow from the OpenScape platform or the Unify Video cloud service through the Unify Phone cloud service without storage (e.g. Personal Phone Book data from a third provider). Session Data and Personal Data (such as IP addresses) which are collected but not stored on Unify Phone Service beyond the duration of the session (such as presence) or which are tied to a log-on session on Unify Phone Service (e.g. IP addresses).

Notes:

  1. a) Private Address Books may contain Personal Data of your personal contacts. Such Private Address Books residing on other systems (such as MS Exchange) are accessible from Unify Phone Service for search and phone number retrieval, but data are not stored on Unify Phone Service. This feature is only available upon activation by the user.
  2. b) Statistics and Reporting Data which Unify produces regularly from Activity Data and shares with tenants are strictly anonymized. You should be aware that tenants may ask for non-anonymized reports, which Unify may provide under certain circumstances. The usage of such reports and their compliance which GDPR, other laws, or applicable policies of business is entirely with the tenant. We recommend inquiring with your Tenant if such reports were requested from Unify or used, but you may also inquire with Unify.
  3. c) User Data may be accessible by the Tenancy Administrator in the OpenScape platform administration If a user is deleted, the User Data of that User may still be accessed by other users who had communicated with that user.
  4. The above-mentioned categories of Personal Data have been obtained either directly from you or indirectly from your Tenant.

 

5 Recipients of Personal Data – GDPR (articles 13.1e / 14.1e)

Data you enter into Unify Phone Service including your Personal Data might be shared with third parties. You have the right to be informed about that:

The Unify Phone Service displays the phone number or the name of a calling party to the called party.

Your Profile Data will also be shared with your Tenant Administrators on Unify Phone Service.

Profile Data are shared between Unify Phone Service, Unify Video and the OpenScape VoIP platform. Private Address Book data residing on other systems are accessible on Unify Phone Service as explained above in section 4 a).

Unify will only share your Personal Data with approved internal or external subcontractors for the purpose of delivering the service and supporting you as a user.

Sub-contractors are listed in section 6.

Unify Phone Service however have features which, when activated by the Tenant Administrator or by users, disclose Personal Data, for example

  • Your Tenant might assign tenant administration privileges to the reseller the business purchased the cloud service from.

We only provide the technical features. You or Your Tenant Administrator activate these features and must be aware of which Personal Data will be disclosed and to whom and under which circumstances.

 

6 Sub-Contractors and Transfers or Personal Data to Third Countries – GDPR (articles 13.1f / 14.1f)

Name Address Scope of Processing
Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland Data Center Services
Mitel Networks (Bulgaria) EOOD 2 Maria Luiza Blvd.,
TZUM Business Center,
1000 Sofia, Bulgaria
Technical Support Services
Mitel Networks Romania S.R.L. 21st Mihail Kogalniceanu str. Bdg. C6/AP11,
500090 Brasov, Romania
Technical Support Services
Unify Communications Spain S.A.U. 25 Calle de Albarracin,
28307 Madrid, Spain
Technical Support Services
Unify Communications and Collaboration GmbH & Co. KG Otto-Hahn-Ring 6
81739 München
Technical Support Services
Mitel Networks Greece AE 455 Irakleiou Ave, N. Irakleio, 14122 Athens, Greece Technical Support Services
Unify – Soluções em Tecnologia da Informação Ltda Rua do Semeador, 702, Cidade Industrial –
Curitiba City, Paraná State,
Address Code (CEP 81.270-050), Brazil
Technical Support Services
Mitel Communications Private Limited MIDC Plot B1 & B2
Software Technology Park
411062 Talwade, Pune, Maharashtra, India
Technical Support Services
(Resource Pool)
MongoDB Inc. 1633 Broadway 38th floor New York, NY 10019, USA Managed Data Base Service

 

Unify Phone (incl. MongoDB) are hosted in Google data centers, located in Saint Ghislain, Belgium and Frankfurt a. M., Germany.

Note that technical support services can be provided by Mitel Group Companies located in India, United States of America, or Brazil to support different languages and time-zones. The Mitel Group owns and operates the Unify business.

Where Personal Data is transferred for processing operations that are necessary for the performance of Unify Phone Service to a subcontractor that is part of the Mitel Group or  third-party sub-contractors authorized to process Tenants’ Personal Data and located in countries that are not part of the European Economic Area (EEA), any such international transfers are based on an adequacy decision by the European Commission pursuant to Article 45 GDPR or in case there is no such adequacy decision in place, are governed by standard contractual clauses under Article 46 (2) GDPR as set forth by the European Commission (or any competent authority) (in particular the European Commission’s Standard Contractual Clauses pursuant to decision 2021/914 of 4 June 2021.)

To request a copy of concluded standard contractual clauses with a third-party sub-contractor from the above list, please contact us by e-mail at atgdpr@mitel.com.

 

7 Data Retention – GDPR (articles 13.2a / 14.2a)

Retention of Personal Data, and the deletion of Personal Data, is managed in Unify Phone Service on three levels

  1. Retention managed by Unify
  2. Retention managed by Unify Phone Service
  3. Retention You can manage

 

7.1 Data Retention Managed by Unify

We don’t delete data of Unify Phone Service tenants on our own as long as there are active Unify Phone licenses. Upon expiry of the Unify Phone license with your Tenant, we delete all tenancy data at the latest 60 days after the effectiveness of the termination. As an example: if we receive a termination notice from the tenant or a reseller on April 14 with a notice period of thirty (30) days the termination goes into effect on May 15th. At this point all access to the tenancy is suspended. We retain the tenancy with its data until July 14th, in case the tenant wants to reverse cancellation. After this retention period all tenancy data are deleted from the production system of Unify Phone Service. They are still available in the automatic data-base back-ups we take to ensure high service availability. Back-ups still containing data of the terminated tenancy are finally deleted after 4 weeks. At this point, tenancy data including your Personal Data are irreversibly deleted.

Notes:

  1. a) Termination notice period and retention after termination might be different for specific customer arrangements. Please inquire with your Tenant if there are different arrangements agreed with Unify.
  2. b) Conversation and Activity Data you leave as a cross-tenancy guest in foreign tenancies are not affected by the termination of your Tenant (e. the one that gives you access to Unify Phone Service), but are still controlled by the foreign tenant. Please inquire with the foreign tenant on deletion.

 

7.2 Data Retention Managed by Unify Phone Service

Call Journal data stored on Unify Phone Service will be retained for 24 months), counting from the day the data were entered by the user. Data which have aged beyond that retention period are automatically deleted with a 4 weeks delay for deletion in back-ups. This retention mechanism affects all users of the Tenant. If the Tenant removes you as a user of Unify Phone Service, e.g. because you are leaving the company, the following will happen:

  • Your Profile Data (see section 4) are deleted, except for your name
  • For 4 weeks after deletion from the production data base deleted data will remain available in back-ups.

Notes:

  1. Session Data are only stored as long as the session is active. Transient Data are not stored at all.
  2. Conversation and Activity Data you leave as a cross-tenancy guest in foreign tenancies are not affected by data retention managed by your home tenant (i.e. the one that gives you access to Unify Phone Service), but by the foreign tenant. Please inquire with the foreign tenant on deletion.

 

7.3 Data Retention You Can Manage

Unify Phone Service gives the following options to you as a user:

  • You can delete most of your Profile Data. If a data field cannot be deleted then it is because the data field was provisioned and is controlled by the Tenant. Please inquire with your Tenant about deletion.
  • You can delete Call Journal Data,

What you cannot delete

  • Your name from the Call Journal of other users you had a call with
  • Session Data during the session, since this would destroy the session.

 

8 Your Rights as a Data Subject and How to Exercise Them

Since your Tenant gives you access to Unify Phone Service, and defines the purpose of its usage, we generally engage with the Tenant before executing a request. We therefore recommend that you place your request with the Tenant, who can give you an answer on your requests from the perspective of your business and execute most of your requests on the Tenant Administration for Unify Phone Service. We have reserved the right from our tenants in the Data Processing Agreement that we may, after due consideration of the legal circumstances with the tenant, execute your request automatically, if required.

If you have any queries about our GDPR activities, then please be so kind and complete the online form.

  1. a) Right of Access to Personal Data – GDPR (article 15)
    Users of Unify Phone Service can see all their personal data directly on the Unify Phone Service.
  1. b) Right to Rectification of Personal Data – GDPR (article 16)
    For rectification of Personal Data on the Unify Phone Service please contact your IT helpdesk.
  1. c) Right for Erasure of Personal Data – GDPR (article 17)
  • User Profile Data are deleted automatically upon deprovisioning of the user;
  • Call Journal Data can be deleted any time by the user;
  1. d) Right to Restrict Processing – GDPR (article 18)
    Under specific circumstances, e.g. if you consider processing of your Personal Data inaccurate, unlawful, or no longer required, or if there is a pending objection from your side to the processing, you have the right to request a restriction of processing. We recommend placing a request with your IT helpdesk, but you can also place the request with Unify, in which case we would follow up with your Tenant. In case we restrict processing upon your request the following will happen:
  • Your Profile Data will be deleted, and your name will be anonymized (service request)
  • You lose access to your account
  • You can give your Tenant or us instructions on further processing

If you decide to lift the restriction again and resume your account on Unify Phone Service, your account will be unsuspended. You and your Tenant can re-enter your profile data, your conversation data will appear again under your name.

1.e) Right to Object Processing – GDPR (article 21)
You have the right to object processing of personal data under certain circumstances related to section 3 of this document (Purpose and Legal Basis for Processing). Since these establishing these criteria are with the Tenant we recommend placing a request with your Tenant, but you can also place the request with Unify, in which case we would follow up with your tenant.

1.f) Right to Withdraw Your Consent – GDPR (article 7.3 / 13.2c / 14.2d)
We do not collect consent from you in the sense of GDPR (6-7) as a legal basis for processing your Personal Data. Establishing that legal basis is the responsibility of your Tenant. In case your tenant collects your consent, you would have to withdraw that consent with your Tenant.

1.g) Right to Data Portability – GDPR (article 20)
You can download your Call Journal data from the Unify Phone Service.

1.h) Right to lodge a complaint with a Data Protection Authority – GDPR (article 13.2d / 14.2d / 77)
You have the right to lodge a complaint about the processing described in this document with the data protection authority of your country or of the Federal Republic of Germany.

 

9 Is it a Statutory or Contractual Requirement to Provide Personal Data? – GDPR (article 13.2(e))

Yes. As a user of Unify Phone Service you must be identifiable to Unify and the Tenant at least by your name and email address. Depending on the services you need to provide your business phone number. Beyond that Unify has no more requirements for you to provide your personal data, but your Tenant might have. Please inquire with your Tenant in case of concerns.

 

10 Automated Decision Making

There is no automated individual decision making and profiling about you on Unify Phone Service.

 

11 Google API

Unify uses Google’s People Application Programming Interface (API) Services to enable the user authorization feature for accessing the user’s personal Google Contacts and the user’s organization GSuite directory (i.e., use of your Gmail account to login to the Google Contacts application to access contacts information on the platform). Unify’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

 

12 Changes/Updates

Unify reserves the right to update or modify this Privacy Notice at any time to reflect any changes in the way Unify handles Your Personal Data or any changes in Applicable Laws. Any nonmaterial changes will be posted without prior notice on the Unify website: https://unify.com/en/legal-information/unify-phone/privacy-policy. In case of material changes, we will notify you more directly, for example by emailing you prior to such material changes taking effect. We encourage you to review this Privacy Notice regularly to stay informed of the latest modifications.