RingCentral Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RingCentral has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. RingCentral has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Data processed and purposes of data processing
Please see the RingCentral Privacy Notice, publicly available here: https://www.ringcentral.com/legal/privacy-notice.html for information regarding the data categories processed by RingCentral as a controller on our own behalf.
As a processor to our customers, RingCentral processes personal data that customers choose to submit to the services as customer-generated content, call detail records, usage data, and account information. The purposes for such processing is the provision, maintenance, support, and improvement of the services.
Type of third parties to which RingCentral discloses personal data and purposes
Please see the RingCentral Privacy Notice publicly available here: https://www.ringcentral.com/legal/privacy-notice.html for information regarding the types of third parties to which RingCentral discloses personal data and the purposes for such disclosures.
Inquiries or complaints
If you have any questions, comments or concerns about this Notice, you may contact us at privacy@ringcentral.com. In the event of an unresolved complaint, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RingCentral commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, individuals may invoke binding arbitration.
Enforcement authority
The Federal Trade Commission has jurisdiction over RingCentral’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Individual rights to access and to limit use and disclosure
Please see the RingCentral Privacy Notice publicly available here: https://www.ringcentral.com/legal/privacy-notice.html for information regarding how individuals can exercise their rights to access their personal data and to limit the use and disclosure of their personal data.
Lawful requests for personal information
Please see https://www.ringcentral.com/legal/policies/data-request-guidelines.html for information regarding how RingCentral responds to lawful requests by public authorities for RingCentral to disclose personal information.
Liability for onward transfer
In the context of an onward transfer, RingCentral has responsibility for the processing of personal data it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. RingCentral shall remain liable under the EU-U.S. DPF Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless RingCentral proves that it is not responsible for the event giving rise to the damage.