BroadSoft, Inc. and its affiliates (collectively "BroadSoft" or “we”) are committed to protecting your privacy.
We comply with data protection legislation. This regulates the processing of personal data relating to you and grants you various rights in respect of your personal data including a right to object to some of your processing.
The aim of this statement is to tell you how we will use your personal data collected in the context of your customer relationship with BroadSoft and the choices available to you regarding collection, use, access, and how to update and correct your personal data.
There may be additional policies and notices to be aware of, if you are using a BroadSoft Solution provided by a service provider or third party. Please refer to the privacy statement or policy of the entity through which you are obtaining BroadSoft Solutions for more details.
Additional information on our personal data practices may be provided in supplemental privacy statements or notices provided prior to or at the time of data collection.
When you use our services, we collect and process the following data:
We will use your personal data for the following purposes:
We will retain your data such as personal data, profile data, etc. for the duration of the contract relationship.
We will retain billing data relevant for invoicing and collection for up to 6 months, or in the case of invoice disputes until the dispute is resolved. Traffic Data will be stored for up to 30 days (except in Germany where data is stored for up to 7 days), unless necessary to investigate faults or investigate cases of fraud.
Data backups, file archives and application log files are deleted every 30 days. Pertinent log information required to troubleshoot a problem encountered by end-users may be retained for up to 1 year.
Data Category |
Retention Time in Production or Live Systems |
Personal data |
Data is deleted as soon as service is terminated or a user is deactivated. |
Credentials |
Data is deleted as soon as service is terminated or a user is deactivated. |
Profile data |
Data is deleted as soon as service is terminated or a user is deactivated. |
User generated data |
Voice communication data such as call recordings are stored for 30 days as default. |
Traffic data |
Data is stored for up to 30 days, except in Germany where data is stored for up to 7 days. |
Billing data |
Data is stored for up to six months. Invoices and billing records are stored for up to 7 years. |
BroadSoft will share the personal data you provide with other BroadSoft entities and/or third parties who are acting on BroadSoft’s behalf to provide you services such as technical assistance, troubleshooting, customer support and billing. Business partners include vendors for cloud hosting, service billing, analytics and service monitoring purposes.
Where these recipients are data processors on our behalf, we have entered into appropriate data processing agreements with them. Where these recipients receive your data as controllers, this disclosure is justified by their role in providing services to you and they receive the data necessary to provide and invoice their contribution to these services.
Some of these BroadSoft entities or business partners may be located in multiple geographies, including the US, Canada, United Kingdom, Northern Ireland, EU, Australia, and Japan. Where we export your data outside of the EEA, this is permitted either by appropriate data processing agreements or justified by the need to provide our services to you internationally. Where such transfers are to a Broadsoft entity or business partner in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or Processor Binding Corporate Rules. You can obtain a copy of the relevant mechanism by contacting us on the contact details set out below.
Personal data may be share with government authorities or law enforcement officials if required for the purposes above, if mandated by law or of require for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisors and any prospective purchaser’s advisors and will be passed to the new owners of the business.
We have implemented appropriate technical and organizational measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration or disclosure. The CC-One solution’s technical and organizational security measures are dictated by PCI-DSS standards.
Additional controls may include:
You are entitled to see the information held about you. If you wish to do this, please contact us at privacy@broadsoft.com. We may require you to provide verification of your identity to provide a copy of the information we hold. Please note that in certain circumstances we may withhold access to your information where we have the right to do so under current data protection legislation.
You may also have the right to correct, delete or restrict the processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller. In addition, you can object to the processing of your personal data in some circumstances, in particular where we don’t have to process the personal data to meet a contractual or other legal requirement, or where we are using the data for direct marketing.
If you opted to receive marketing emails or other communications from BroadSoft or third parties at the time you registered for the services but subsequently change your mind, you may opt-out by emailing privacy@broadsoft.com.You can also email this address to exercise any of your other rights. If you have unresolved concerns, you have a right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
BroadSoft encourages parents and guardians to take an active role in their children's online activities. BroadSoft does not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe that we may have collected personal data from someone under the applicable age of consent in your country without proper consent, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and address the issue promptly.
We value your opinions. Should you have questions or comments related to this Privacy Statement, please email our privacy team at privacy@BroadSoft.com.
We may update this Privacy Statement from time to time. If we modify our Privacy Statement, we will post the revised version here, with an updated revision date. You agree to visit these pages periodically to be aware of and review any such revisions. If we make material changes to our Privacy Statement, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our websites or sending you a notification. By continuing to use our website or Solutions after such revisions are in effect, you accept and agree to the revisions and to abide by them.