Information on Processing of Personal Data for Users
Effective March 29, 2023Click here to download PDF
If you are, or plan to become, a user of Unify Phone Services, this document is meant for you. Some of the data processed by Unify Phone Services are your Personal Data (“Personal Data” means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. (‘Data Subject’);
The processing of your Personal Data is protected by the Applicable Data Protection Law, which shall mean the laws and regulations relating to the processing and protection of Personal Data applicable in the country where Unify is established. Applicable Law includes specifically (a) EU Regulation 2016/679 (General Data Protection Regulation; ‘GDPR’) (b) Member State laws or regulations relating to the processing and protection of Personal Data implementing or complementing GDPR; and (c) any other applicable laws or regulations relating to the processing and protection of Personal Data.
How do we apply GDPR to Unify Phone Services?
First, Unify Phone Services are meant for businesses, to allow employees, suppliers, partners, and customers to communicate and collaborate with each other. As a result, not only you, but also the business which gives you access to Unify Phone Services has rights regarding the Personal Data processed by Unify Phone Services.
Secondly, Unify Phone Services are delivered from one SW system via the Internet to 1000s of customers, or “Tenants” (meaning the legal entity you are an employee of, and which has contracted for Unify Phone Services), in the same way. Tenants can set certain parameters or activate features regarding data processing, but it is essentially the same for all tenants.
1 Controller – GDPR (articles 13.1a / 14.1a)
The Controller is directly accountable to you for the protection of your Personal Data. Among other responsibilities, the Controller, according to the GDPR,
- Defines the purpose of processing of your Personal Data
- Defines the means of processing of your Personal Data
- Responsible for Accuracy, Quality, Legality, Reliability of Personal Data\
- Provides information to you about your Personal Data and the modalities for the exercise of their rights
- Implements measures to secure and protect of your Personal Data
- Notifies the competent data protection supervisory authority in case of a data breach.
For Unify Phone Service, your Tenant is Controller.
2 Data Protection Officer – GDPR (articles 13.1b / 14.1b)
Unify has appointed a Data Protection Officer (“DPO”). You can reach the DPO at the following email address: firstname.lastname@example.org
Depending on the size of the business your Tenant might also have a Data Protection Officer. You have the right to get the contact details from your Tenant.
3 Purpose and Legal Basis for Processing – GDPR (articles 13.1c,d / 14.1c / 14.2b)
You have the right to understand the purpose and legal basis for the processing of your Personal Data in Unify Phone Services. This the responsibility of your Tenant, as explained in section 1. Your Tenant has the obligation to provide You with this information.
4 Categories of Personal Data – GDPR (articles 14.1d, 14.2(f))
Your Personal Data processed by Unify Phone Services fall under the following categories:
Identification Data: Personal data you create about yourself or are assigned to you by your tenant, in particular name, password, email address, photo, phone numbers, access rights (user vs tenant administrator).
Connection Data: Personal data collected by Unify Phone Services from your use of the services, in particular call journal data, content deletion or change records or data relating to service usage (e.g. used end-points). These data are collected to provide Call Journal functionalities of Unify Phone Services on who did what in a conversation, and for troubleshooting purposes. These data are also used in strictly anonymized form for usage, adoption, and user experience statistics and reports.
Location Data: Personal Data which are collected but not stored on Unify Phone Services (such as presence or location information) or which are tied to a log-on session on Unify Phone Services (e.g. IP addresses). Location information is obtained from your browser or device if activated.
5 Recipients of Personal Data – GDPR (articles 13.1e / 14.1e)
Unify Phone provides a call journal to each user, which shows metadata of calls the user had with other users. Your Profile Data will also be shared with your Tenant Administrators on Unify Phone Services. Tenant Administrators can download your call journal, which can be anonymized as an option.
6 Sub-Contractors and Transfers or Personal Data to Third Countries – GDPR (articles 13.1f / 14.1f)
|Google Ireland Limited
|Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
|Data Center Services
|1633 Broadway, 38th Floor, New York, NY 10019, United States
|Managed Data Base Service
|Atos IT Solutions and Services EOOD
|Bul. Maria Luiza 2, TZUM Building floor 4., 1000, Sofia, Bulgaria
|Technical Support Services
|Atos IT Solutions and Services srl
|Calea Floreasca nr.169A, Et. 2, Sector 1014459 Bucureşti, Romania
|Technical Support Services
|Unify Communications S.A.
|Paseo Doce Estrellas, 2. CP, 28042 Madrid, Spain
|Technical Support Services
|Atos Greece SM SA
|455 Irakliou Ave, Iraklio, 14122 Athens, Greece
|Technical Support Services
|Unify – Soluções em Tecnologia da Informação Ltda
|Rua Werner Siemens, 111, Prédio 20 05069-010 – Lapa – São Paulo – SP – Brazil
|Technical Support Services
|Atos India Private Limited
|10th Floor, Tower-B, Hcc-247 Park, Lal Bahadur Shastri Marg, Vikhroli (W), Mumbai 400083 Maharashtra, India
|Technical Support Services
All Atos Group Companies listed here are bound to the level of data protection in the European Union (EU) by the Atos Corporate Binding Roles (https://atos.net/content/dam/global/documents/atos-binding-corporate-rules.pdf) ) according to GDPR Art. 47. For all external subcontractors that are not located in a country of the EU, the European Economic Area or a country for which an adequacy decision of the European Commission according to Art. 46 GDPR is available, standard contractual clauses according to GDPR Art 47 and the Annex of the IMPLEMENTING COMMISSION DECISION on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of 4 June 2021 have been concluded.
Frankfurt a. M., Germany
7 Data Retention – GDPR (articles 13.2a / 14.2a)
Retention of Personal Data, and the deletion of Personal Data, is managed in Unify Phone Services on three levels
- Retention managed by Unify
- Retention managed by Tenant
7.1 Data Retention Managed by Unify
Unify does not delete data of Unify Phone Service tenants on its own as long as there are active Unify Phone licenses. The Tenancy Administrator may deprovision users and delete their Profile Data at any time. After termination of the Unify Phone Service Tenancy and unless there is an ongoing legitimate business need to continue processing Customer’s personal data, Unify will delete all tenancy personal data from the Unify Phone Service production system (e.g. User profile information, Call Journal data, Tenancy data, etc.) within 90 days from the effective termination. Deleted data will still be available in the automatic data base back-ups and finally deleted after 4 weeks.
Customer as the Controller may request deletion of Profile Data and Call Journal Data of individual users by raising a service ticket to Unify or the Accredited Reseller, as applicable. The data will be deleted within 30 days from receipt of the service ticket request. Note that the name of deleted users will remain in the Call Journal of other users they had a call with and is then subject to the retention policy of the respective Call Journal.
Session Data are only stored as long as the session is active. Transient Data are not stored at all.
Call Journal data are stored on Unify Phone Service for 24 months, counting from the day the data were entered by the user. Data which have aged beyond the set retention period are automatically deleted with a 4 week delay for deletion in back-ups. Customer defined retention periods are being implemented.
7.2 Data Retention Managed by Tenant
The Tenancy Administrator may deprovision users and delete their Profile Data at any time, this being from Unify Video where Unify Phone is deployed with Unify Video as ‘Unify Phone for Unify Video’ or from Unify Phone/Associated OpenScape Platform as ‘Unify Phone for OpenScape’.
For other Data retention requests which can be made by the Tenant Administrator see section 7.1 above.
8 Your Rights as a Data Subject and How to Exercise Them
Since your Tenant gives you access to Unify Phone Services, and defines the purpose of its usage, we generally engage with the Tenant before executing a request. We therefore recommend that you place your request with the Tenant, who can give you an answer on your requests from the perspective of your business and execute most of your requests on the Tenant Administration for Unify Phone Services. We have reserved the right from our tenants in the Data Processing Agreement that we may, after due consideration of the legal circumstances with the tenant, execute your request automatically, if required.
If you have any queries about our GDPR activities, please contact the Unify Data Protection Officer shown under 2.
a) Right of Access to Personal Data – GDPR (article 15)
You can access all Personal Data directly on Unify Phone Services. Your Profile Data are shown under Profile on Unify Phone Services. Your Call Journal Data are shown. and depending on configuration also on phone devices. If you have been offline and e.g. missed calls this information will be shown on your Unify Phone Services client.
b) Right to Rectification Personal Data – GDPR (article 16)
You can rectify most of all Profile Data yourself on Unify Phone Services unless provisioned by your tenant, e.g. from a directory system of your business. Please contact your Tenant for rectification. If Connection or Location Data are incorrect, it is most likely because of a SW defect. Please use the mechanisms offered by your Tenant of Unify Phone Services to open a trouble ticket.
c) Right for Erasure of Personal Data – GDPR (article 17)
Please see section 6 on Data Retention on details how to delete (erase) Personal Data. We recommend placing a request with your Tenant, but you can also place the request with Unify, in which case we would follow up with your tenant.
d) Right to Restrict Processing – GDPR (article 18)
Under specific circumstances, e.g. if you consider processing of your personal data inaccurate, unlawful, or no longer required, or if there is a pending objection from your side to the processing, you have the right to request a restriction of processing. We recommend placing a request with your Tenant Administrator. but you can also place the request with Unify, in which case we would follow up with your tenant. In case we restrict processing upon your request the following will happen:
Your Profile Data will be deleted, and your name will be anonymized. This also requires changes to be made by your administrator on the associated OpenScape platform being used with Unify Phone Services., and associated Cloud Services such as Unify Video by RingCentral.
If Unify Phone is being used with Unify Video then the user identity and profile is held and mastered on the Unify Video tenant and your profile would be suspend from Unify Video which can then suspend access to Unify Phone.
For Unify Phone for OpenScape (where Unify Video is not associated) then the user profile is mastered on Unify Phone but controlled by the associated OpenScape platform.
We keep your account in Unify Phone Services including associated call journal data.
You lose access to your account on Unify Phone Services.
You can give your tenant or us instructions on further processing
If you decide to lift the restriction again and resume your account on Unify Phone Services, your account will be unsuspended. You and your Tenant Administrator can re-enter your profile data, your call journal data will be restored.
e) Right to Object Processing – GDPR (article 21)
You have the right to object processing of personal data under certain circumstances related to section 3 of this document (Purpose and Legal Basis for Processing). Since these establishing these criteria are with the tenant we recommend placing a request with your tenant, but you can also place the request with Unify, in which case we would follow up with your tenant.
f) Right to Withdraw Your Consent – GDPR (article 7.3 / 13.2c / 14.2d)
We do not collect consent from you in the sense of GDPR (6-7) as a legal basis for processing your Personal Data. Establishing that legal basis is the responsibility of your Tenant. In case your tenant collects your consent, you would have to withdraw that consent with your Tenant.
g) Right to Data Portability – GDPR (article 20)
You can export the Call Journal in a Microsoft Excel CSV (Comma Separated) File Format.. This can be done by individual users on their account and also at the tenant level by the tenant administrator.
h) Right to lodge a complaint with a Data Protection Authority – GDPR (article 13.2d / 14.2d / 77)
You have the right to lodge a complaint about the processing described in this document with the data protection authority of your country or of the Federal Republic of Germany.
9 Is it a Statutory or Contractual Requirement to Provide Personal Data? – GDPR (article 13.2(e))
Yes. As a user of Unify Phone Services you must be identifiable to Unify and the tenant at least by your name and email address. Depending on the services you need to provide your business phone number. Beyond that Unify has no more requirements for you to provide your personal data, but your tenant might have. Please inquire with your Tenant in case of concerns.
10 Automated Decision Making
There is no automated individual decision making and profiling about you on Unify Phone Services.