The updated RingCentral Privacy Notice goes into effect on August 12, 2024
What’s Changed in this Privacy Notice?
How We Use Your Personal Information, we have clarified use limitations with respect to certain types of personal information, such as via SMS or APIs.
International Data Transfers, we have updated the section titled Liability for Onward Transfer with a mention of the UK extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
International Data Transfers, we have updated the section titled Lawful Requests for Personal Information to clarify we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
RingCentral, Inc. and its worldwide affiliates and subsidiaries (collectively “RingCentral”, “us”, “we”, “our”) are committed to protecting your privacy while providing you with a positive experience on our website and in using our products and services.
This Privacy Notice (“Notice”) explains our privacy practices and provides information on how and why we collect, use and share your personal information through our interaction with you in relation to our products and services, when you visit our websites, and associated sub-domains ("Website"), when you use our desktop, IP desk phone, mobile applications, our integrated business apps or our lab solutions ("Apps") or when you use our cloud communications and collaboration solutions ("Services"). The Notice also describes choices that may be available to you regarding use, access, deletion and correction of your personal information.
Additional information on our personal information practices may be provided in supplemental terms and conditions, supplemental privacy statements, or notices provided prior to or at the time of data collection.
QUICK LINKS
We recommend that you read this Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Notice, then you can click on the relevant link below to jump to that section.
- How We Collect Your Personal Information
- What Personal Information We Collect
- How We Use Your Personal Information
- Cookies and Similar Technologies
- How, Why, and What Personal Information We Share With Third Parties
- How We Respect Your Privacy Rights
- How We Keep Your Personal Information Secured (Security)
- How Long We Retain Your Personal Information (Data Retention)
- International Data Transfers
- Children's Privacy
- Third-Party Sites
- Blogs and Forums
- Updates to this Notice
- Contact Us
HOW WE COLLECT YOUR PERSONAL INFORMATION
- We collect your personal information when you actively provide it to us through your interactions with us.
- We may automatically collect personal information from you as you use our Apps and Services, as a user or a participant, including recording communications, when enabled, or when you visit our Websites.
- We may receive personal information about you from a business or commercial partner or another user of our Apps and Services.
- We may infer or derive personal information based on other information we collect, such as with Service features that provide conversational intelligence.
WHAT PERSONAL INFORMATION WE COLLECT
Personal Information you actively provide to us or we collect from third parties, business partners, other users, and service providers, or which is publicly available
Your contact information/Identifiers: Name, username, email address, phone number, identity documents, IP address, and any other identifiers a user provides when accessing or using the Apps or Services.
Your payment information: Billing name, address, and credit card or other payment information.
Other information: Social media profiles, LinkedIn URLs, custom profiles and any other information about you that you may voluntarily provide or any information about you that may be publicly available.
Personal information we collect through your interactions with: RingCentral; our Websites; Apps and Services as a user or a participant
Account information:
- Account holders’ usernames and account numbers, RingCentral phone number, language preference, title, department.
Information about your use of non-RingCentral Services through integrations with our Websites, Apps and Services or otherwise:
- Social media account information, single-sign-on service tokens, Google/Apple/Microsoft sign in tokens.
User content:
- Files, any content of communication in any format (including but not limited to documents, SMS, pictures, transcripts, notes, recordings, voicemails, etc.) or other information you or another user or participant upload, provide, grant access to or otherwise implement. *Note that users and participants control the content that they provide, and it may include any category of personal information.
Service Usage Data:
- Device information (such as IP address, ISP, device and operating system type, operating system and client version, client version, type of microphone or speakers, and other related information)
- System logs, including usage logs, backend logs, client logs
- Internal feature usage analytics
- Cookie identifiers
- Traffic data about the communications that take place through our platform (such as chat, video conferencing) which include, network monitoring data, and call detail records produced by a telephone call or other telecommunications transactions. The call detail record contains various attributes of the call, such as time, duration, completion status, source number and destination number.
- Quality of Service data
- Fraud and threat analysis data
- Connection type and related information (e.g., connected over WiFi)
Geolocation information:
- Information about where you are located when using the Services.
SMS messages:
- Content of blocked SMS messages that violate our spam rules.
Inferred or derived data:
- Inferred or derived data may include a summary of information included in recorded content processed by conversational intelligence. Users and participants control the content they provide.
Your communications with us:
- Surveys, voice and video calls and related recordings and transcripts, emails and messages, interactions with chatbots available as part of our Services or Websites, etc.
Other information:
- Any personal information that a user or guest voluntarily provides through their use of the Services, including synchronizing contact information, or through integrations with other applications.
HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information for the following purposes, to: Communicate with you; Verify your identity to prevent fraud in compliance with applicable law; Create your account; Provide you with RingCentral Services including respond to your requests for support; Develop and improve the RingCentral Services; Manage your order and our customer relationship; Market and advertise our Services; Perform surveys; Provide internal training and ensure quality assurance; Improve and optimise your interactions with our teams; Connect you to and optimise your experience using our Website, Apps, and Services; Provide customers dashboards and reports; Conduct fraud and threat analysis and, detect and prevent spam or unlawful or abusive activity or other violations of our Acceptable Use Policy; Monitor performance of our data centres and networks; Conduct analytics to improve RingCentral’s Website, App and Service performance; Personalise your experience with our Websites, Apps and Services; Comply with applicable law including those regulating call detail records; and Perform billing for our Services.
We may use artificial intelligence, machine learning, or other similar technology to provide, maintain, support, and improve our Services and our interactions with you.
We do not pass any individual's consent to receive SMS from RingCentral to any third party. We do not share phone numbers with third parties for the purpose of allowing those third parties to send SMS.
Lawful basis for processing personal information (EEA, Switzerland and UK only)
When we collect personal information about you in connection with offering our Website, Apps or Services within the European Economic Area (EEA), Switzerland and the United Kingdom (UK), our lawful basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal information from you where we need the personal information to perform a contract with you (e.g., when you order a Service), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g., to market and provide our Services). In some cases, we may also have a legal obligation to collect and process the personal information in question (i.e. Service Usage Data) or we may process your personal information where we have your consent to do so. You may withdraw your consent at any time as instructed in the communications or in the Apps or Services, or by contacting us as explained below.
Limited Use for APIs
RingCentral’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. RingCentral does not retain personal information from the Google Workspace API to develop, improve, or train generalised AI and/or ML models.
COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, the functions they perform, and how you can control Cookies, please see our Cookie Notice.
HOW, WHY, AND WHAT PERSONAL INFORMATION WE SHARE WITH THIRD PARTIES
We may share and disclose your personal information (as identified in the section What Personal Information We Collect) solely for legitimate business or legal purposes as described in this Notice and in accordance with applicable law, with the following third parties:
- RingCentral or any of its worldwide affiliates. A list of our current group companies is available on our public filings.
- Business partners (e.g., resellers and other authorised third party agents) to market or sell our Services;
- Service providers, contractors, vendors or agents who operate on our behalf to:
- Operate, deliver, improve and customise our Websites, Apps, and Services;
- Provide support and technical services;
- Send marketing and other operational communications related to our Websites, Apps, and Services;
- detect fraud, enforce our acceptable use policy and protect our system and network infrastructure;
- Conduct analytics in order to improve your experience using RingCentral Websites, Apps and Services; and
- Provide offers and advertisements to customers based on their interests and interactions with us.
- Any third parties as part of, or in connection with, an actual or prospective corporate business transaction, such as a sale, merger, acquisition, joint venture, financing, corporate change, reorganization or insolvency, bankruptcy or receivership;
- Law enforcement agencies, regulatory or governmental bodies, or other third parties in order to respond to legal process, comply with any legal obligation; protect or defend our rights, interests or property or that of third parties; or prevent or investigate wrongdoing in connection with the Website, Apps or our Services; and/or
- Other third parties with your consent.
HOW WE RESPECT YOUR PRIVACY RIGHTS
We provide you with the opportunity to access, review, modify, and delete your personal information that we process.
Requests from End Users regarding personal information we process on behalf of our Customers as a Data Processor or Service provider
We provide our Services and Apps as ordered by our customers and in that context, we act as data processor or service provider on behalf of our customers. In particular, when processing the content of communications such as voicemails, faxes, recordings, etc., in connection with our Services, we do so on behalf of our Customers and in accordance with their instructions as a data processor or service provider. This means that if you believe RingCentral may have collected or stored personal information about you on behalf of a RingCentral customer as a data processor or service provider or if you wish to access, review, modify or delete any content of your communications, under applicable law or otherwise, you should direct your request to that Customer.
Your Privacy Rights as an EEA/UK/Swiss Resident
- Access: You can request more information about the personal information we hold about you. You can request to download a copy of the personal information.
- Rectification: If you believe that any personal information we are holding about you is incorrect or incomplete, you can request that we change, correct, or supplement the data. If you are a customer, you can also correct some of this information directly by logging into your Service account. Please contact us as soon as possible if you notice any inaccuracy or incompleteness.
- Objection: You can let us know that you object to the collection or processing of your personal information for certain purposes.
- Restriction of Processing: You can ask us to restrict further processing of your personal information. (This just means you can ask us to stop using it for the reasons we have been using it.) This may mean that we have to delete your account.
- Erasure: You can request that we erase some or all of your personal information from our systems. You can also delete some of this information directly by logging into your Service account, if you are a customer.
- Portability: You can ask for a downloadable copy of your personal information in a machine-readable format. You can also request that we transmit the data to someone else where it’s technically possible.
- Withdrawal of Consent: If you have consented to our use of personal information for a specific purpose, you have the right to change your mind at any time. Any such decision will not affect any processing that has already occurred nor will it affect processing of your personal information conducted in reliance of lawful processing grounds other than consent. Withdrawing your consent may mean your access to the Services will be limited or suspended, and your accounts may be terminated, as applicable. Where you withdraw your consent, but we are using your information because we or a third party (e.g. your employer) have a legitimate interest in doing so, or we have different legal basis for using your information (for example, fulfilling a contract with you), we may continue to process your information, subject to your rights to access and control your information.
- Right to File Complaint: You have the right to lodge a complaint about RingCentral’s practices with respect to your personal information with your supervisory authority. Contact details for supervisory authorities for the EU, the UK, and Switzerland.
- No Automated Decision Making: We do not undertake decision-making about you based solely on automated processing, including profiling; however, certain features of our Services could be used by our customers for decision-making purposes.
Your Privacy Rights as a Resident of Certain U.S. states
The rights described in this section apply only if you are a resident of a state within the United States that has an applicable and effective privacy law providing for the below rights.
- Data portability: You can ask for a downloadable copy of your personal information in a machine-readable format. You can also request that we transmit the data to someone else where it’s technically possible.
- Knowledge and access: You may have the right to know more about personal information that we have collected and disclosed in the preceding 12 months. You may be able to access, receive details on collection, the purpose of processing, and any sharing that may have occurred.
- Deletion: You have the right to request RingCentral to delete the personal information we have collected about you under certain circumstances.
- Non-discrimination for the exercise of your privacy rights: You have the right to not receive discriminatory treatment by RingCentral for the exercise of your privacy rights.
- Rectification: If you believe that any personal information we are holding about you is incorrect or incomplete, you can request that we change, correct, or supplement the data. You can also correct some of this information directly by logging into your account, if you are a customer. Please contact us as soon as possible if you notice any inaccuracy or incompleteness.
- Opt-out of selling or sharing your personal information: You have the right to request RingCentral to stop sharing your personal information for the purposes of cross-context behavioral advertising or targeted advertising. You may opt out of having your cookie identifiers used for this type of sharing by turning on the Global Privacy Control at the browser level. RingCentral does not sell your personal information as may be commonly understood. However, you may opt out of having your personal information shared with certain vendors that we use for providing insights about user interactions with our website and for delivering ads to you.
- No Automated Decision Making: We do not undertake any decision making about you based solely on automated processing, including profiling; however, certain features of our Services could be used by our customers for decision-making purposes.
We will not share your personal information with third parties for the third parties’ direct marketing purposes unless you have agreed to such disclosure.
We will verify your request using your name and email. Depending on the nature of your request, we may need additional information to verify your identity. You may authorise an agent to make a request on your behalf to exercise your privacy rights under applicable privacy laws.
Certain U.S. states provide the right to appeal RingCentral’s denial of an individual rights request.
To exercise your rights or to allow your authorised agent to exercise your rights, please submit, or have your authorised agent submit, a ticket through our Data subject access request portal, or contact our Privacy Team at [email protected].
RingCentral Customer Proprietary Network Information (“CPNI”) (US account holders only)
Title 47 of the United States Code, as amended by the Telecommunication Act of 1996, protects, among other things, CPNI of customers that have a US account, and regulates RingCentral’s use of CPNI.
CPNI is information that relates to a RingCentral US customer or end user collected in the course of providing voice services and includes information such as: phone numbers dialled and received by customers; portion of international calls, local or long distance calls; number of phone numbers assigned to an account; precise location of RingCentral softphones; average length of customer calls; IP address of phone or softphone; internet connection, device type, operating system and software information; call detail records, usage data, service plans, and prices paid. CPNI does not include a customer’s basic contact information (such as name, phone number, and address).
RingCentral collects CPNI while providing telecommunications and interconnected voice-over-Internet-protocol (interconnected VoIP) services. We use this information for several purposes, including billing and administrative purposes, to prevent fraud and abuse of our services, to provide call location information for public safety and in the provision of emergency services, or to offer personalised offers and services, which you may find valuable, through our agents and affiliates, in compliance with CPNI requirements.
Customers have a right, and RingCentral has a duty, under federal law, to protect the confidentiality of CPNI. RingCentral personnel are not permitted to access, use, or share any CPNI unless they are authorised and have a legitimate business need to do so. RingCentral will not sell, share, disclose, or enable access to CPNI by any third party outside of our own agents and affiliates, except as required by law.
Customers have the right to opt out of RingCentral’s use of their CPNI for the purpose of marketing communications-related services, (as defined by the law). The decision to opt out will not affect the RingCentral service, however, your consent may enhance RingCentral’s ability to offer products and services tailored to your needs. If you wish to opt out from receiving any marketing communications based on our use of your CPNI, you can do so at any time by notifying RingCentral using one of the contact methods below. If you do not opt out, your consent will remain valid until you tell us otherwise.
You can opt out through the Administrative Portal or by contacting us at [email protected].
Unsubscribe from our mailing list
You can manage your communication preferences through the following methods:
- Following the instructions included in each promotional email from us to unsubscribe from that particular mailing
- Sending us an email at [email protected]
- Visiting the RingCentral Subscription Center
These choices do not apply to service notifications or other required communications that are considered part of certain Apps and Services, which you may receive periodically unless you stop using or cancel the App or Service in accordance with its terms and conditions.
HOW WE KEEP YOUR PERSONAL INFORMATION SECURED
Keeping your information secure is important to us. We have taken appropriate steps designed to reduce the risk that your personal information may be subject to loss, misuse, unauthorised access, disclosure, alteration or destruction.
For more information on RingCentral security measures, please visit the Security Trust Center.
HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
We will retain your personal information for no longer than is necessary to fulfil the purposes for which the information was originally collected unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.
Where we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.
INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, information collected in the European Economic Area ("EEA") and the UK, may be transferred to and stored on our servers in the United States and Switzerland, and potentially in other countries where our group companies and third-party service providers and partners operate. These countries may have data protection laws that are different to the laws in your country (and in some cases, may not be as protective).
Data Privacy Frameworks (EU-U.S. DPF, UK Extension, Swiss-U.S. DPF)
RingCentral Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RingCentral has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. RingCentral has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Data processed and purposes of data processing
Please see the relevant sections of this Notice, sections WHAT PERSONAL INFORMATION WE COLLECT and HOW WE USE YOUR PERSONAL INFORMATION, for information regarding the data categories processed by RingCentral as a controller on our own behalf and the purposes.
As a processor to our customers, RingCentral processes personal data that customers choose to submit to the services as customer-generated content, call detail records, usage data, and account information. The purposes for such processing is the provision, maintenance, support, and improvement of the services.
Type of third parties to which RingCentral discloses personal data and purposes
Please see the relevant section of this Notice: HOW, WHY, AND WHAT PERSONAL INFORMATION WE SHARE WITH THIRD PARTIES for more information regarding the type of third parties to which RingCentral discloses personal data and for what purposes.
Independent Recourse Mechanism
If you have any questions, comments or concerns about this Notice, you may contact us at [email protected]. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RingCentral commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, individuals may invoke binding arbitration through the Data Privacy Framework Panel. For more information, please see Annex I of the EU-U.S. Data Privacy Framework Principles.
Enforcement Authority
The Federal Trade Commission has jurisdiction over RingCentral’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Lawful Requests for Personal Information
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For more information, please visit: https://www.dataprivacyframework.gov/framework-article/16%E2%80%93Access-Requests-by-Public-Authorities
Please see RingCentral’s Data Request Guidelines for information regarding how RingCentral responds to lawful requests by public authorities for RingCentral to disclose personal information.
Individual rights to access and to limit use and disclosure
Please see the relevant section in this Notice HOW WE RESPECT YOUR PRIVACY RIGHTS for information regarding how individuals can exercise their rights to access their personal data and to limit the use and disclosure of their personal data.
Liability for Onward Transfers
In the context of an onward transfer, RingCentral has responsibility for the processing of personal information it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. RingCentral shall remain liable under the EU-U.S. DPF Principles, the UK extension to the EU-U.S. DPF and the Swiss-U.S. DPF if its agent processes such personal information in a manner inconsistent with the Principles, unless RingCentral proves that it is not responsible for the event giving rise to the damage.
Standard Contractual Clauses
RingCentral has taken (i) appropriate safeguards, including adherence to the Standard Contractual Clauses adopted by the European Commission for the transfer of your personal information outside the EEA, the UK and Switzerland to RingCentral, and (ii) further technical and organisational measures to ensure that personal information will remain protected in accordance with this Notice and any applicable laws.
CHILDREN'S PRIVACY
RingCentral does not knowingly provide products or services directly to children under the age of 16, or knowingly collect or solicit personal information from or about children under the age of 16 outside of the school offering, which is subject to the Children’s COPPA notice. If you believe that a child under the age of 16 has disclosed personal information to RingCentral outside of the school offering, please contact [email protected].
If you have received a meeting invitation for your child from a teacher or school, or for information regarding how RingCentral handles personal data as part of the school offering, please visit: www.ringcentral.com/legal/childrens-privacy-notice-school-parental-notification.
THIRD-PARTY SITES
This Notice does not apply to, nor are we responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Website or Apps link including but not limited to social media sites. The inclusion of a link on the Website or Apps does not imply our endorsement of the linked site or service. You should check the privacy notices of those sites before providing your personal information to them.
BLOGS AND FORUMS
Our Website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas is public and may be read, collected, and used by others who access them and may remain on the public forum indefinitely. To request removal of your personal information from our blog or community forum, you can submit a request through our online portal. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. We encourage all users to exercise caution when providing personal information in blogs and community forums.
UPDATES TO THIS NOTICE
We may update this Notice from time to time in response to changing legal, technical, or business developments. If we make changes to our Notice, we will post those changes on this page in addition to updating the "Last Updated" or effective date at the top of this webpage. If we make material changes, we will notify you either by emailing you or by posting a notice of such changes prominently on this page prior to such material changes taking effect.
CONTACT US
If you have any questions, comments or concerns about this Notice, please email our data protection officer at [email protected]. Or, you can write to us at:
RingCentral, Inc.
Attn: RingCentral Chief Privacy Officer
20 Davis Drive,
Belmont, California 94002
USA
USA
RingCentral has appointed a Data Protection Officer (DPO) pursuant to applicable legal requirements:
Dyann Heward-Mills
HewardMills Ireland Ltd.
Fitzwilliam Hall, Fitzwilliam Place, Dublin 2. DO2 T292 Ireland