BroadSoft, Inc. and its affiliates (collectively "BroadSoft" or “we”) are committed to protecting your privacy.
We comply with data protection legislation. This regulates the processing of personal data relating to you and grants you various rights in respect of your personal data including a right to object to some of your processing.
The aim of this statement is to tell you how we will use your personal data collected in the context of your customer relationship with BroadSoft and the choices available to you regarding collection, use, access, and how to update and correct your personal data.
There may be additional policies and notices to be aware of, if you are using a BroadSoft Solution provided by a service provider or third party. Please refer to the privacy statement or policy of the entity through which you are obtaining BroadSoft Solutions for more details.
Additional information on our personal data practices may be provided in supplemental privacy statements or notices provided prior to or at the time of data collection.
When you use our services, we collect and process the following data:
We will use your personal data for the following purposes:
We will retain your Subscriber Data (such as personal data, profile data, contact lists, etc) for the duration of the contract relationship.
We will retain billing data relevant for invoicing and collection for up to 2 years (except in the EU and EEA where data is stored for six months), or in the case of invoice disputes until the dispute is resolved. Traffic Data will be stored for up to 30 days (except in Germany where data is stored for up to 7 days), unless necessary to investigate faults or investigate cases of fraud.
Data backups, file archives and application log files are deleted every 30 days. Pertinent log information required to troubleshoot a problem encountered by end-users may be retained for up to 1 year.
Data Category |
Retention Time in Production or Live Systems |
Personal data |
Data is deleted as soon as service is terminated or a user is deactivated. |
Credentials |
Data is deleted as soon as service is terminated or a user is deactivated. |
Profile data |
Data is deleted as soon as service is terminated or a user is deactivated. |
Contact lists |
Data is deleted as soon as service is terminated or a user is deactivated. |
User-generated |
Data such as voicemails are deleted as soon as service is terminated or a user is deactivated. |
Usage data |
Data is deleted as soon as service is terminated or a user is deactivated. |
Connectivity |
Data is deleted as soon as service is terminated or a user is deactivated. |
Traffic data |
Data is stored for up to 30 days, except in Germany where data is stored for up to 7 days. |
Billing data |
Data is stored for up to 2 years, except in the EU and EEA where data is stored for six months. |
BroadSoft will share the personal data you provide with other BroadSoft entities and/or third parties who are acting on BroadSoft’s behalf to provide you services such as technical assistance, troubleshooting, customer support and billing. Business partners include for vendors for cloud hosting, service billing, analytics and service monitoring purposes.
Where these recipients are data processors on our behalf, we have entered into appropriate data processing agreements with them. Where these recipients receive your data as controllers, this disclosure is justified by their role in providing services to you and they receive the data necessary to provide and invoice their contribution to these services.
Some of these BroadSoft entities or business partners may be located in multiple geographies, including the US, Canada, United Kingdom, Northern Ireland, EU, Australia, and Japan. Where we export your data outside of the EEA, this is permitted either by appropriate data processing agreements or justified by the need to provide our services to you internationally. Where such transfers are to a Broadsoft entity or business partner in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or Processor Binding Corporate Rules. You can obtain a copy of the relevant mechanism by contacting us on the contact details set out below.
Personal data may be shared with government authorities or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisors and any prospective purchaser’s advisors and will be passed to the new owners of the business.
We have implemented appropriate technical and organizational measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration or disclosure. BroadSoft has earned the prestigious ISO 27001:2013 certification, an international standard for an information security management system.
The BroadCloud product security control baseline incorporates the NIST 800-53 control families that cover various security related areas. These areas represent a broad-based, balanced information security program that addresses the management, operational, and technical aspects of protecting information and information systems.
Additional controls may include:
You are entitled to see the information held about you. If you wish to do this, please contact us at privacy@broadsoft.com. We may require you to provide verification of your identity to provide a copy of the information we hold. Please note that in certain circumstances we may withhold access to your information where we have the right to do so under current data protection legislation.
You may also have the right to correct, delete or restrict the processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller. In addition, you can object to the processing of your personal data in some circumstances, in particular where we don’t have to process the personal data to meet a contractual or other legal requirement, or where we are using the data for direct marketing.
If you opted to receive marketing emails or other communications from BroadSoft or third parties at the time you registered for the services but subsequently change your mind, you may opt-out by emailing privacy@broadsoft.com.You can also email this address to exercise any of your other rights. If you have unresolved concerns, you have a right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
We use the term cookie to refer to all technologies which store and access information on the device that you use to access our Services, such as your computer, tablet or mobile phone to understand how our services are used, and provide essential functions. The cookies used as part of this Service offering are as follows:
Cookie Type |
Category |
Function |
Persistent vs. Session* |
Name |
Duration |
Session ID
|
Essential
|
Identifies session. These cookies tell us when you're logged in, so we can show you the appropriate experience and features
|
Session | JSESSIONID | Expires when browsing session ends |
Session | DWRSESSIONID | Expires when browsing session ends | |||
Session | X-Appia-UUID | Expires when browsing session ends | |||
User Login ID | Essential | These cookies tell us when you're logged in, so we can show you the appropriate experience and features |
Persistent | root.autoUserLoginId | 1 year |
Encrypted userid. These cookies tell us when you're logged in, so we can show you the appropriate experience and features |
Session | X-Appia-ExtAuth | Expires when browsing session ends | ||
Visitor ID |
Essential |
Ofbiz indicator of the visit information | Persistent | OFBiz.Visitor | 1 year |
Node Identifier |
Essential |
Determines which instance of the website this session is being directed to | Session | bsloc | Expires when browsing session ends |
Language/Locale |
Essential |
These provide a localized experience so you will see the site in your preferred language | Persistent | i18next | 1 month |
Stickiness Cookie (created by a load-balancer) |
Essential |
Tells the load-balancer where to direct the session | Session | XRMxxx (ie, XRMINT) | Expires when browsing session ends |
ASM (Application Security Manager) |
Essential |
These cookies are used to sign and secure server transactions. TS cookies check whether other domain cookies change during the transaction and verify the referrer object | Session | TSxxxxxxxxx | Expires when browsing session ends |
BroadSoft encourages parents and guardians to take an active role in their children's online activities. BroadSoft does not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe that we may have collected personal data from someone under the applicable age of consent in your country without proper consent, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and address the issue promptly.
We value your opinions. Should you have questions or comments related to this Privacy Statement, please email our privacy team at privacy@BroadSoft.com.
We may update this Privacy Statement from time to time. If we modify our Privacy Statement, we will post the revised version here, with an updated revision date. You agree to visit these pages periodically to be aware of and review any such revisions. If we make material changes to our Privacy Statement, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our websites or sending you a notification. By continuing to use our website or Solutions after such revisions are in effect, you accept and agree to the revisions and to abide by them.