BroadSoft Hospitality - Privacy

BroadSoft Hospitality Privacy Statement

BroadSoft, Inc. and its affiliates (collectively "BroadSoft" or “We”) are committed to protecting your privacy. 

We comply with data protection legislation, which regulates the processing of your personal data and grants you rights in how your personal data is used – including, but not limited to, the right to object to some of your processing.

The aim of this statement is to inform you how We will use the personal data collected in the context of your customer relationship with BroadSoft and the choices available to you regarding collection, use, access, and how to update and correct your personal data.

If you are using a BroadSoft Solution provided by a service provider or third party, there may be additional policies and notices to be aware of. Please refer to the privacy statement or policy of the entity through which you are obtaining BroadSoft Solutions for more details.

Additional information on our personal data practices may be provided in supplemental privacy statements or notices provided prior to or at the time of data collection.

What information do we collect and process?

  • BroadSoft collects and processes the following data:Personal data – Name, Email Address, Phone Number, Address, Hotel Room Number.
  • Credentials- User IDs and passwords, Web Interface credentials, authentication tokens, and cookies
  • Profile data – Service settings.
  • User Generated data –instant messages, uploaded media files, voice messages.
  • Connectivity data – IP addresses and MAC address.
  • Location data – based on IP address or device location.
  • Usage data – communications metadata such as call logs.
  • Billing data - Data (such as call detail records which include the cost of your communications) relevant for invoicing and collections, invoice documents and other billing records.


What do we use this information for and what is the legal basis for this use?

We will use your personal data for the following purposes:

  • In the context of your customer relationship with BroadSoft for the performance of our contractual obligations with either you or your service provider, in particular:
    • for the provisioning of and providing the service;
    • to provide operational support for contracted service;
    • to communicate with you on status and availability of service; or
    • for billing.
  • To conduct our business and pursue our legitimate interests. Where our interests are not overridden by your data protection rights, We may use your personal data to:
    • verify your identity;
    • perform subscriber and user enquiries and aide in the resolution of problems which may arise associated with service;
    • aide in the prevention or detection of fraud;
    • carry out research and analysis and monitor use of our network, products and services on an anonymous basis in order to identify general consumer trends and to better understand our users’ behaviors; partner with other businesses to create new services and to develop interesting and relevant products and services for our customers, as well as personalize the products and services we offer you; use information about your location for research and analytics purposes but We will only retain this information in an anonymized form to ensure that you cannot be identified as an individual;
    • enforce compliance with our terms of use and other policies or otherwise in connection with legal claims, compliance, regulatory and investigatory purposes as necessary (including disclosure of such information in connection with legal process or litigation) or preventing, investigating and/or reporting fraud, terrorism, misrepresentation, security incidents or crime.
  • Where you give us your consent, We will use your information to:
    • send marketing information via a medium or in a format you designate (for more information about how to modify your preferences about marketing communications, please see below);
    • provide informational type directory services; and
    • provide other services or information, the consent of which will be asked for at that time.
  • For purposes which are required by law, such as responding to requests by government or law enforcement authorities conducting an investigation.
  • We also use aggregated information about the use of our services so we can administer and improve our services, analyze trends, and gather broad demographic information. We may pass this information to third parties.


How long do we keep your information?

We will retain your Subscriber Data (such as personal data, profile data, contact lists, etc) for the duration of the contractual relationship.

We will retain billing data relevant for invoicing and collection for up to six months in the EU and EEA, or in the case of invoice disputes until the dispute is resolved.

Data backups, file archives and application log files are deleted every 30 days in the EU and EEA regions. Pertinent log information required to troubleshoot a problem encountered by end-users may be retained for up to 1 year.

Data Category

Retention Time in Production or Live Systems in the EU and EEA regions

Personal data

Data is deleted as soon as service is terminated or a user is deactivated.
Guest information is stored for up to 30 days.

Credentials

Data is deleted as soon as service is terminated or a user is deactivated.

Profile data

Data is deleted as soon as service is terminated or a user is deactivated.

User generated data

Data such as hotel guest voicemails are stored for up to 14 days.

Usage data

Usage data is retained for up to 30 days.

Connectivity data

Data is deleted as soon as service is terminated or a user is deactivated.

Billing data

Data is stored for up to six months.
Invoices and billing records are stored for up to 7 years.

 

Who will We share this information with, where and when?

BroadSoft will share the personal data you provide with other BroadSoft entities and/or third parties who are acting on BroadSoft’s behalf to provide services such as technical assistance, troubleshooting, customer support and billing. Third parties may include, but are not limited to, vendors providing cloud hosting, service billing, analytics and service monitoring.

  • Where these recipients are data processors on our behalf, we have entered into appropriate data processing agreements with them.
  • Where these recipients receive your data as controllers, this disclosure is justified by their role in providing services to you and they receive the data necessary to provide and invoice their contribution to these services.

Some of these BroadSoft entities or business partners may be located in multiple geographies, including the US, Canada, United Kingdom, Northern Ireland, EU, Australia, and Japan.  Where we export your data outside of the EEA, this is permitted either by appropriate data processing agreements or justified by the need to provide our services to you internationally. Where such transfers are to a Broadsoft entity or business partner in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or Processor Binding Corporate Rules.  You can obtain a copy of the relevant mechanism by contacting us on the contact details set out below.  

Personal data may be shared with government authorities or law enforcement officials if required for the purposes above, if mandated by law, or if required for the legal protection of our legitimate interests in compliance with applicable laws.

In the event that the business is sold or integrated with another business, your details will be disclosed to our advisors and any prospective purchaser’s advisors and will be passed to the new owners of the business.

Security

We have implemented appropriate technical and organizational measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration or disclosure.

Additional controls may include:

  • Encryption of data in transit and secure file transfers
  • Use of authentication tokens for integrating with 3rd party applications
  • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • Conducting penetration tests and vulnerability scans
  • Authenticating employees, vendors and contractors access to information systems
  • Maintaining appropriate security documentation


What rights do you have?

You are entitled to see the information held about you. If you wish to do this, please contact us at privacy@broadsoft.com. We may require you to provide verification of your identity to provide a copy of the information we hold. Please note that in certain circumstances we may withhold access to your information where we have the right to do so under current data protection legislation.

You may also have the right to correct, delete or restrict the processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller. In addition, you can object to the processing of your personal data in some circumstances, in particular where we don’t have to process the personal data to meet a contractual or other legal requirement, or where we are using the data for direct marketing.

If you opted to receive marketing emails or other communications from BroadSoft or third parties at the time you registered for the services but subsequently change your mind, you may opt-out by emailing privacy@broadsoft.com.You can also email this address to exercise any of your other rights. If you have unresolved concerns, you have a right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.

Children's Privacy

BroadSoft encourages parents and guardians to take an active role in their children's online activities. BroadSoft does not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe that we may have collected personal data from someone under the applicable age of consent in your country without proper consent, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and address the issue promptly.

How to Contact Us

We value your opinions. Should you have questions or comments related to this Privacy Statement, please email our privacy team at privacy@BroadSoft.com.

Updates to this BroadSoft Privacy Statement

We may update this Privacy Statement from time to time. If we modify our Privacy Statement, we will post the revised version here, with an updated revision date. You agree to visit these pages periodically to be aware of and review any such revisions. If we make material changes to our Privacy Statement, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our websites or sending you a notification. By continuing to use our website or Solutions after such revisions are in effect, you accept and agree to the revisions and to abide by them.

The BroadSoft Privacy Statement was revised and posted as of May 21, 2018.