Date last revised: Jan 1, 2019
Genesys Telecommunications Laboratories, Inc. (“Genesys”) processes Personal Data (defined below) on behalf of our customers all around the world. Some of these customers transfer Personal Data to Genesys from the European Economic Area (EEA) or Switzerland. To that end, Genesys complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA to the United States. In addition, Genesys complies with the U.S.-Swiss Privacy Shield program for personal information transferred from Switzerland. This EEA and Switzerland Privacy Notice sets forth the practices that Genesys follows for such information.
Agent: any third-party data processor that processes Personal Data provided by Genesys on its behalf and under its instructions.
Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Protection Directive: EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Personal Data: any information or set of information that identifies or could be used to identify (together with other information) a living individual. Personal Data does not include information that is anonymized or aggregated.
Sensitive Personal Data: any Personal Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions. In this Privacy Notice, all references to Personal Data include Sensitive Personal Data.
Privacy Shield Principles: the E.U.-U.S. Privacy Shield Framework principles agreed to between the U.S. Department of Commerce and the European Commission concerning the transfer of Personal Data from the E.U. to the U.S.
U.S.-Swiss Privacy Shield Framework: The framework agreed to between the U.S. Department of Commerce and the Federal Data Protection and Information Commissioner of Switzerland concerning the transfer of Personal Data from Switzerland to the U.S.
How can I Find Out More Information on Privacy Shield and U.S.-Swiss Privacy Shield?
To learn more about the EU-U.S. and U.S.-Swiss Privacy Shield, and to view our certification, please visit https://www.privacyshield.gov/ .
How Does Genesys Ensure Compliance with Privacy Shield and US-Swiss Privacy Shield?
Genesys self-certifies compliance with the EU-US Privacy Shield and US-Swiss Privacy Shield Frameworks. As a Privacy Shield participant, we have agreed to abide by the investigatory and enforcement powers of the U.S. Federal Trade Commission or any other U.S. authorized statutory body.
The Privacy Shield Principles enable Genesys to satisfy requirements in both the EEA and Switzerland pertaining to protecting Personal Data that is transferred out of those jurisdictions. Genesys has certified that it adheres to the principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. For Personal Data transferred from the EEA, in the event that there is any conflict between this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. For Personal Data transferred from Switzerland, in the event that there is any conflict between this Privacy Notice and the U.S.-Swiss Privacy Shield Framework, the U.S.-Swiss Privacy Shield Framework will govern.
Does Genesys Maintain a Data Protection Officer?
Genesys maintains a Data Protection Officer as a key contact for questions and complaints regarding Personal Data. Please contact us at [email protected] with any questions or concerns you may have about this Privacy Notice or our use of your Personal Data.
What Personal Data Does Genesys Collect, How Will it be Handled, and How Will it be Used and Disclosed?
Genesys is a Data Processor on behalf of its customers who procure Genesys products and services. Our products and services facilitate our customers to place, record, log, and otherwise manage contacts, telephone calls, and other types of electronic communications which may generate Personal Data (e.g. time of call, call status, parties to a call, call recordings, and others). Some of our products and services enable our customers to transmit information necessary to manage a call center and contacts in which agents at that call center communicate (e.g. first name, last name, address, email address, telephone number, SMS number, Internet screen name, and others).
Genesys only processes Personal Data collected through our products and services at the behest of our customers. We will not sell or otherwise transfer the Personal Data to any third party unless (1) otherwise agreed to by our customers when they transfer information to us, such as to provide needed information to our Agents, resellers, partners and contractors who may provide products or services (e.g. our data center provider); (2) in connection with the sale of all or substantially all of the assets of a business division of Genesys, a line of Genesys’ business or Genesys’ entire business or merger with another company; (3) to payment processing vendors as necessary for processing credit card transactions or support transactions; or (4) for compliance with possible legal or governmental disclosure requirements.
It should be understood that in some rare cases it may be necessary to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
How Can You Restrict the Use or Disclosure of Your Information?
If Genesys is processing your Personal Data on behalf of one of our customers, you may opt out of any disclosure of your Personal Data to any third party that is not our Agent or the use of that data for a purpose other than the purpose for which it was originally collected from, or subsequently authorized by, you. We will not disclose Sensitive Personal Data to a third party that is not our Agent or use Sensitive Personal Data for a purpose other than the purpose for which it was originally collected from, or subsequently authorized by, you unless we have received your affirmative and explicit consent to do so (i.e., opt-in consent).
For additional information regarding how you may restrict the use or disclosure of your Personal Data, please contact us at [email protected].
How Can You Access or Correct Information Held About You?
You have the right to obtain a confirmation from Genesys of whether we maintain Personal Data relating to you. Upon request, we will provide you with access to the Personal Data that we hold about you within a reasonable time period. We will also enable you to correct, amend or delete Personal Data related to you in our possession and control that is inaccurate or incomplete. Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
For information regarding how you may request to access, correct, amend, or delete your Personal Data please contact us at [email protected].
How Will Your Information be Protected?
Genesys is committed to protecting the Personal Data entrusted to us. We have implemented reasonable and appropriate physical, electronic and administrative procedures to safeguard and secure this information from loss, misuse, unauthorized access or disclosure, alteration and destruction.
We will take special care to ensure the security of Sensitive Personal Data. We will use and disclose Personal Data only in ways that are compatible with and relevant to the purposes for which such information was collected or authorized by you.
To the extent necessary for this purpose, we will take reasonable steps to ensure that Personal Data remains accurate, complete, current and reliable for its intended use.
Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while Genesys utilizes industry standard security technologies and procedures intended to protect all Personal Data, we cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. We will notify you in the event we become aware of a security breach involving your personally identifiable information (as defined by the applicable state and federal laws) stored by or for us. By disclosing your email address to us for any reason, you expressly consent to receive electronic notice from us in the event of such a security breach.
What Steps Will Genesys Take Before Transferring Your Information to Third Parties?
Genesys is potentially liable in cases of onward transfers of Personal Data to third parties. We will obtain written assurances from our Agents that they will safeguard Personal Data in accordance with this Privacy Notice.
Appropriate assurances may include:
- we will require our Agent to enter into a contract with us that requires the Agent to provide at least the same level of protection as is required by the Privacy Shield Principles or U.S.-Swiss Privacy Shield Framework;
- in certain circumstances, our Agent may be subject to the Data Protection Directive;
- our Agent may be established in a country that is subject to a finding of adequacy by the European Commission under Article 25(6) of Data Protection Directive; or
- our Agent may have their own Privacy Shield or U.S.-Swiss Privacy Shield certification.
How are Complaints and Disputes Resolved?
Your complaint may be resolved by Genesys internally. We will investigate the matter and attempt to resolve the issue quickly. In any case, our commitment is to respond within 10 days and resolve the complaint within 45 days. We also agree to participate in independent dispute resolution of your complaints through the EU and Swiss data protection authorities (DPAs). We will cooperate with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield and we agree to comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Privacy Shield Principles. Under certain conditions, it is possible for individuals to invoke binding arbitration before the Privacy Shield Panel.
How Will Genesys Ensure Compliance with this Notice?
Genesys will conduct compliance audits of our privacy practices to verify compliance with this Privacy Notice.
Any Genesys employee that we determine has acted in violation of this Privacy Notice will be subject to disciplinary action up to and including termination of employment.
Any questions or concerns regarding our use or disclosure of Personal Data should be addressed to the Genesys DPO at [email protected].
We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of Personal Data in accordance with the provisions of this Privacy Notice.
Changes to this Privacy Notice
It is our policy to post any changes we make to our Privacy Notice on this website. If we make material changes to how we treat the Personal Data that falls within the scope of our Privacy Notice, we will notify you by email to the email address specified in your account or through a notice on this website.
The date the Privacy Notice was last revised is identified at the top of the page.
Who Should You Contact if You Have Any Questions Concerning this Privacy Notice?
You may contact our Data Protection Officer at [email protected]. We encourage you to contact our DPO to inform us of any complaints or disputes you may have regarding the use of your Personal Data or to request access to your Personal Data.