Date last revised: September 2024
Genesys Cloud Services, Inc. (“Genesys”) processes Personal Data (defined below) on behalf of our customers all around the world. Some of these customers transfer Personal Data to Genesys from the European Economic Area (EEA). To that end, Genesys complies with the Data Protection Framework Framework, and its extensions, as further explained below, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA to the United States.
This EU Privacy Notice sets forth the practices that Genesys follows for such information.
Definitions Used:
Agent: any third-party data processor that processes Personal Data provided by Genesys on its behalf and under its instructions.
Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Protection Laws: means the EU GDPR, UK GDPR, Swiss Data Federal Data Protection Act and other regional applicable regulations in the European Economic Area, as well as United States’ state laws appliacable to the company when conducting business and processing Personal Data.
Personal Data: any information or set of information that identifies or could be used to identify (together with other information) a living individual. Personal Data does not include information that is anonymized or aggregated.
Sensitive Personal Data: any Personal Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions. In this Privacy Notice, all references to Personal Data include Sensitive Personal Data.
Data Protection Framework Principles: the Data Protection Framework principles agreed to between the U.S. Department of Commerce and the European Commission concerning the transfer of Personal Data from the E.U. to the U.S.
To learn more about the Data Protection Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/ .
Genesys complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Genesys has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Likewise, Genesys has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
The DPF Principles enable Genesys to satisfy requirements in the EEA pertaining to protecting Personal Data that is transferred out of those jurisdictions. Genesys has certified that it adheres to the principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. For Personal Data transferred from the EEA, in the event that there is any conflict between this Privacy Notice and the Data Protection Framework Principles, the Data Protection Framework Principles shall govern.
Genesys maintains a Data Protection Officer as a key contact for questions and complaints regarding Personal Data. Please contact us at DataPrivacy@genesys.com with any questions or concerns you may have about this Privacy Notice or our use of your Personal Data.
Genesys is a Data Processor on behalf of its customers who procure Genesys products and services. Our products and services facilitate our customers to place, record, log, and otherwise manage contacts, telephone calls, and other types of electronic communications which may generate Personal Data (e.g. time of call, call status, parties to a call, call recordings, and others). Some of our products and services enable our customers to transmit information necessary to manage a call center and contacts in which agents at that call center communicate (e.g. first name, last name, address, email address, telephone number, SMS number, Internet screen name, and others).
Following the principles of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF Principles, Genesys only processes Personal Data collected through our products and services at the behest of our customers. We will not sell or otherwise transfer the Personal Data to any third party unless (1) otherwise agreed to by our customers when they transfer information to us, such as to provide needed information to our Agents, resellers, partners and contractors who may provide products or services (e.g. our data center provider); (2) in connection with the sale of all or substantially all of the assets of a business division of Genesys, a line of Genesys’ business or Genesys’ entire business or merger with another company; (3) to payment processing vendors as necessary for processing credit card transactions or support transactions; or (4) for compliance with possible legal or governmental disclosure requirements.
In connection with the above, it should be understood that in some rare cases it may be necessary to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If Genesys is processing your Personal Data on behalf of one of our customers, you may opt out of any disclosure of your Personal Data to any third party that is not our Agent or the use of that data for a purpose other than the purpose for which it was originally collected from, or subsequently authorized by, you. We will not disclose Sensitive Personal Data to a third party that is not our Agent or use Sensitive Personal Data for a purpose other than the purpose for which it was originally collected from, or subsequently authorized by, you unless we have received your affirmative and explicit consent to do so (i.e., opt-in consent). The above is aligned with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF Principles.
For additional information regarding how you may restrict the use or disclosure of your Personal Data, please contact us at DataPrivacy@genesys.com.
You have the right to obtain a confirmation from Genesys of whether we maintain Personal Data relating to you. Upon request, we will provide you with access to the Personal Data that we hold about you within a reasonable time period. We will also enable you to correct, amend or delete Personal Data related to you in our possession and control that is inaccurate or incomplete. Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
For information regarding how you may request to access, correct, amend, or delete your Personal Data please contact us at DataPrivacy@genesys.com.
Genesys is committed to protecting the Personal Data entrusted to us. We have implemented reasonable and appropriate physical, electronic and administrative procedures to safeguard and secure this information from loss, misuse, unauthorized access or disclosure, alteration and destruction.
We will take special care to ensure the security of Sensitive Personal Data. We will use and disclose Personal Data only in ways that are compatible with and relevant to the purposes for which such information was collected or authorized by you.
To the extent necessary for this purpose, we will take reasonable steps to ensure that Personal Data remains accurate, complete, current and reliable for its intended use.
Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be completely secure. As a result, while Genesys utilizes industry standard security technologies and procedures intended to protect all Personal Data, we cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. We will notify you in the event we become aware of a security breach involving your personally identifiable information (as defined by the applicable state and federal laws) stored by or for us. By disclosing your email address to us for any reason, you expressly consent to receive electronic notice from us in the event of such a security breach.
When providing services to our customers, we will engage a limited number of Agents which play a role in delivering a part of the solution and potentially processing data on our behalf, as part of our customer’s instructions. Agents are bound by strict compliance and contractual terms which provide the same level of protection to Personal Data as that foreseen towards our customers. Genesys keeps the list of such Agents and Sub-processors up to date in the following link: https://help.mypurecloud.com/articles/genesys-subprocessors/
Genesys is potentially liable in cases of onward transfers of Personal Data to third parties. We will obtain written assurances from our Agents that they will safeguard Personal Data in accordance with this Privacy Notice.
Appropriate assurances may include:
Please note that all along the process described above, Genesys will firmly and consistently comply with the Principles of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF Principles.
Your complaint may be resolved by Genesys internally. We will investigate the matter and attempt to resolve the issue quickly. In any case, our commitment is to respond within 10 days and resolve the complaint within 45 days. We also agree to participate in independent dispute resolution of your complaints through the EU data protection authorities (DPAs). We will cooperate with the DPAs in the investigation and resolution of complaints brought under the Data Protection Framework and we agree to comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, it is possible for individuals to invoke binding arbitration before the panel.
The Lead Supervisory Authority for Genesys in the EU is The Netherlands’ Data Protection Authority.
Likwewise, the Federal Trade Commission has jurisdiction over Genesys’ compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Genesys will conduct compliance audits of our privacy practices to verify compliance with this Privacy Notice.
Any Genesys employee that we determine has acted in violation of this Privacy Notice will be subject to disciplinary action up to and including termination of employment.
Any questions or concerns regarding our use or disclosure of Personal Data should be addressed to the Genesys DPO at DataPrivacy@genesys.com.
We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of Personal Data in accordance with the provisions of this Privacy Notice.
It is our policy to post any changes we make to our Privacy Notice on this website. If we make material changes to how we treat the Personal Data that falls within the scope of our Privacy Notice, we will notify you by email to the email address specified in your account or through a notice on this website.
The date the Privacy Notice was last revised is identified at the top of the page.
You may contact our Data Protection Officer at DataPrivacy@genesys.com. We encourage you to contact our DPO to inform us of any complaints or disputes you may have regarding the use of your Personal Data or to request access to your Personal Data.
Lastly, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Genesys commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
