8x8 Privacy Notice
Last updated: November 17, 2021
8x8, Inc. and its group companies and affiliates (each an “8x8 Group Entity” and collectively “8x8“, “we“, “our“, “us“) respect your right to privacy. This Privacy Notice applies to 8x8 Inc.; 8x8 UK Limited; 8x8 International SRL (Romania); 8x8 International, Inc. (Canada); 8x8 International Pty Limited (Australia); 8x8 International Pte. Ltd. (Singapore); PT Eight Solutions Indonesia (Indonesia); 8x8 Philippines, Inc. (Philippines); 8x8 (Thailand) Limited (Thailand); and 8x8 International Solutions Company Limited (Vietnam), and explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice applies to personal information that we process about:
- Visitors to our websites at https://www.8x8.com and https://www.easycontactnow.com (“Websites”) which are directed to our business contacts;
- Our suppliers, vendors and business advisors;
- Our existing, prospective and past customers;
- Visitors to our offices; and
- Authors of publicly available research material.
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.
What does 8x8 do?
8x8 offers voice, video, mobile, and unified communications solutions for businesses of all sizes. More specifically, 8x8 offers a portfolio of SaaS, IaaS and/or CPaaS solutions encompassing hosted communications services, contact centres, unified communications, video web conferencing, managed dedicated hosting, virtual private servers and more. 8x8 has been delivering cloud services since 2002 and our customers include small to medium-sized businesses, distributed enterprise organizations and government agencies. We are headquartered in the United States with further offices in the UK, Romania, Australia and Singapore.
For more information about 8x8, please see the About Us section of our Website.
What personal information does 8x8 collect and why?
Note that in general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you if and where this is permitted by applicable data protection laws.
During the course of our relationship with you, we may collect other information than that detailed in this Privacy Notice. If we ask you to provide information voluntarily, then the personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. If we obtain the information from other sources, then we will only do so where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
If you are a visitor to our Websites, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, associated device type, unique device identification numbers, browser type, operating system, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked, when those pages were accessed, how long they were viewed.
Collecting this information enables us to better understand the visitors who come to our Websites, where they come from, and what content on our Websites is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Websites to our visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology.”
If you are a prospective customer (who may also use our Websites), the personal information that we may collect about you falls broadly into the following categories:
- Information that you provide voluntarily. Certain parts of our Websites may ask you to provide personal information voluntarily: for example, to submit an enquiry about our products and services, or to request a quote; to subscribe to marketing communications from us and/or to submit enquiries to us. We will use this information to communicate with your organization about our Websites, products and services, to send you offers, for our other legitimate interests or those of a third party, or to comply with a legal obligation to which we are subject, for example, to investigate and help prevent unlawful or potentially unlawful activity. We may also gather information from our prospective customers through offline communications, such as in-person meetings and phone calls, or corporate/industry events.
- Calls with 8x8’s sales, customer service and other 8x8 departments may be recorded to gather information to improve our customer service. However, if you would prefer that your call was not recorded, you can opt out by stating this, or by hanging up.
In general, the personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point that we ask you to provide your personal information; however, it may include your full name, company, work email address, work phone number, country; and in relation to your employer your industry, revenue, number of employees and purchasing timeframe.
Information that we collect automatically. If you use our Websites to enquire about our products and services, or otherwise interact with us via a digital device, we may collect that information described more clearly in the “Website Visitors” section, above. We use this information to help us analyze how you use our Website and services and to better match your experience with our Websites and services to your organization’s interests.
In addition, we may also collect information about your viewing of our emails (for example, information about whether or not you have opened the email), so we can understand the success of our email campaigns and improve our marketing.
Information that we obtain from third party sources. From time to time, we may receive personal information about you from third-party sources (including third-party websites, data brokers or credit reference agencies), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
The types of information we collect from third parties include biographical information about you and your job role or marketing information; and we use the information we receive from these third parties to help us market our products and services to you or otherwise develop and improve our products and services.
If your organization is a current customer (who may also use our Websites), we may already have collected information about you when your organization was a prospective customer and we will continue to use this information in accordance with our data retention policies.
In addition, where your organization is a current customer, the further types of personal information that we may collect about you falls broadly into the following categories:
Information that you provide voluntarily.
Once your organization has entered into an agreement with 8x8, we will collect and maintain information about that agreement, including your
organizations’ payment information and information about its transactions. We also collect information to enable us to manage and deliver our online services, support and training, for example:
- we will collect your username and password for your organization’s account when you register to use our services (including via our online portal);
- we may also collect additional personal information relating to you or your organization, including your name, address, email address, telephone number and/or payment card details during the registration/payment process, or for emergency services registration;
- we will collect information relating to your (and your organization’s) use of our services, including the phone numbers you dial or provide to our services, service set-up information, service configurations and settings, recorded calls, messages, and meetings, voicemails, incoming and outgoing faxes, user-saved or stored content shared among users, email and text communications, Call Records Data, and contact center customer information you provide to us;
- Other information you choose to provide to us, for example the purpose of your visit if you visit one of our site locations or any feedback you provide to us in relation to your use of our Websites or services.
- if you register as a third party reseller or distributor, we may also collect personal data relating to you in the context of our reseller/distribution program including your name, address, email address and telephone number.
We will use this information to process your organization’s payments and to provide your organization with the information, products or services
that it has requested from us (including controlling access to those services, for example enabling your organization to join meetings or to log into our portal); to respond to your enquiries and requests; to enable your organization to register on our Websites; to administer records about your organization’s account; quality control of and to improve our Websites and services; to provide you and your organization with marketing and other communications about our products and services (where permitted by law); and for the purpose of general business or contract relationship management within 8x8, including auditing the use of our services and establishing, exercising or defending any legal claims against us.
We may also use your personal information for our other legitimate business interests, including providing training and support; to manage any queries, complaints or claims relating to the services that 8x8 provides to your organization; for entertainment purposes (e.g. to invite you to events) and to facilitate ongoing relationships; and for investigating and helping to prevent unlawful or potentially unlawful activity that threatens either 8x8, any company affiliated with 8x8, or any of our respective customers.
Calls with 8x8’s sales, customer service and other 8x8 departments may be recorded to gather information to improve our customer service. However, we will let you know if your call is being recorded before we do so if you would prefer that your call was not recorded, you can opt out by stating this, or by hanging up.
Information that we obtain from third party sources
From time to time, to protect your credit card, debit card or charge card from use without your consent, we may validate your name, address and other personal information supplied by you during the order process against appropriate third party databases, such as Credit Reference Agency databases. We may also use your personal information in combination with information we receive about other individuals for the purposes set out in this Privacy Notice.
Data obtained from Google Gmail APIs: The 8x8 – Contact Center use and transfer of information received from Gmail APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Suppliers and Business Advisors
If you are an employee of a supplier or business advisor, we may process the following personal information about you.
- Identification data – such as your name, date of birth.
- Contact details – such as business address, telephone/business email address;
- Professional details – such as job title/position, affiliated organization, office location;
- Financial characteristics – such as your or your organization’s account number and bank details.
- National identifiers – such as tax ID and VAT number of your organization.
- Information relating to your transactional history with us.
- Other information you choose to provide to us, for example the purpose of your visit if you visit one of our site locations.
We may collect and use personal information about you for the following purposes:
- For the purpose of general business relationship management within 8x8;
- To manage our daily business activities, such as executing payments and obtaining the goods, advice or services that we have purchased from your organization;
- For entertainment purposes (e.g. to invite you to events) and to facilitate ongoing relationships with your organization;
- To manage any queries, complaints or claims relating to the services your organization provides to 8x8;
- For product development purposes, to allow us to improve our products and services or develop new products and services;
- Where necessary to comply with laws and regulations, under judicial authorization, or to exercise or defend the legal rights of 8x8;
- To help us conduct our business more effectively and efficiently or check and improve the quality of our products and/or services;
- To carry out research and development with various 8x8 Group Entities;
- To investigate violations of law or breaches of other 8x8 policies.
- We may also collect personal information from you when you use our Websites. For further information about how we use personal information that we collect when you visit our Websites, please click on following link to see the Website Visitors.
Visitors to our offices
When you visit one of our offices, you will be asked to provide your name and company to us. We collect this information for our legitimate business interests, including administrative, notification and housekeeping purposes.
Authors of publicly available research material
8x8 carries out research for our legitimate business interests, more specifically to improve our business and technology. In order to do this we sometimes use publicly available research material. If you are the author of this material then we will collect and process information about you related to your research material such as your name, title, organization and relevant qualifications.
Who does 8x8 share my personal information with?
We may disclose your personal information to the following categories of recipients:
- to our group companies, third party services providers and partners who provide data processing services to us, for example (i) to support the delivery of, provide functionality on, or help to enhance the security of our Websites or services, (ii) for quality control and assurance, or (iii) improving our services and developing new services. We may also share personal information with such third parties where we consider that such disclosure is necessary to protect the safety or legitimate business interests of those third parties, including to investigate suspected fraud or to trace debtors.
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to an actual or potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
- to any other person with your consent to the disclosure.
Legal basis for processing personal information
This section applies to European Economic Area visitors website only. If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only (i) where the processing is in our legitimate interests and not overridden by your rights, (ii) where the processing is a contractual necessity, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to enter into a contact with your organization, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our Websites or services and to communicate with you as necessary to provide our services to your organization; as well as for our legitimate commercial interests, for instance, when responding to your queries, improving our Website or services, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below in the How to contact us section of website.
Cookies and similar tracking technology
How does 8x8 keep my personal information secure?
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include SSL encryption technology for protection of sensitive information such as payments when in transit. We have industry-standard administrative, technical and physical safeguards in place to protect the confidentiality, integrity and availability of your personal information. Furthermore, in the US we are validated to HIPPAA and FISMA standards, in the UK we are certified to ISO27001; ISO9000:2015 and Cyber Essentials certification schemes and in Singapore we are certified to CSA Cybersecurity Certification – Cyber Trust mark.
International data transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our Websites servers are located in various locations, including the UK, the US and Singapore, and our group companies and third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These include implementing an intra-group agreement based on the European Commission’s Standard Contractual Clauses for transfer of personal information between our group companies.
8x8 also requires such third parties to protect personal information they process from the European Economic Area (“EEA”) in accordance with European Union data protection law. Further details can be provided upon request.
8x8 Inc. has certified certain of our services, for which we act as a data processor, under the European Union United States Privacy Shield Framework and the United States Swiss Privacy Shield Framework (collectively “Privacy Shield Framework”). The certification can be found here). In the event of any conflict between the terms in this Privacy Notice and the Principles in the Privacy Shield Framework, the Privacy Shield Framework Principles shall govern.
8x8 Inc. adheres to the principles of the Privacy Shield Framework with respect to personal data of individuals in the European Economic Area member states and Switzerland (“Covered Individuals”) included in the content of communications transmitted, received, or stored by 8x8 Inc.’s customers or by 8x8 Inc. on behalf of its customers in reliance on the Privacy Shield Framework through the following services: 8x8 Virtual Office and 8x8 Virtual Contact Center (“Personal Data”).
8x8 Inc. provides cloud communications services, including virtual private branch exchange and virtual contact center services, to business customers. In providing these services, 8x8 Inc. processes the communications our customers transmit, receive, or store through our services or instruct us to process on their behalf. While 8x8 Inc.’s customers decide what, if any, Personal Data to include in such communications, it typically includes information about 8x8 Inc. customers’ users, their current, prospective, or former customers, or any other person or entity communicating with 8x8 Inc. customers.
Purposes for which data is used:
8x8 Inc. may use Personal Data for providing, managing, deploying, enhancing, or improving our services, as otherwise instructed by the 8x8 Inc. customer or other data controller who transmitted, received, or stored the data, or in accordance with contractual requirements. 8x8 Inc. may also use Personal Data for other purposes for which the customer or other data controller has obtained the relevant Covered Individual’s consent.
Inquiries and complaints:
If you are a Covered Individual covered by the Privacy Shield Framework and this Privacy Notice and believe that 8x8 Inc. maintains your Personal Data in one of the services within the scope of our Privacy Shield certification, you may submit any privacy or data use concerns concerning such data by email to email@example.com or by mail to:
8x8, Inc. 675 Creekside Way, Campbell, CA 95008, USA Attention: Privacy
8x8 Inc. will respond within 45 days of receiving the communication. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
If neither 8x8 Inc. nor our U.S.-based third party dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration as provided under the Privacy Shield Program (See Privacy Shield website).
Third parties who may receive Personal Data:
8x8 Inc. may disclose Personal Data to its affiliates, as well as to a limited number of third-party business partners, service providers, vendors, suppliers and other contractors (collectively, “Service Providers”) for the purpose of assisting us in providing, managing, deploying, enhancing, or improving our services. 8x8 Inc. maintains contracts with these 8x8 Inc. affiliates and Service Providers restricting their access, use and disclosure of Personal Data in compliance with our Privacy Shield Framework obligations, and 8x8 Inc. may be liable if such parties fail to meet those obligations and we are responsible for the event giving rise to the damage. We also may share or disclose Personal Data to the extent that the customer or other data controller has obtained the relevant Covered Individual’s consent.
Your rights to access, to limit use, and to limit disclosure:
Covered Individuals have rights to access their stored Personal Data and to limit its use and disclosure. With our Privacy Shield certification, 8x8 has committed to respect those rights. Because 8x8 Inc. personnel have limited ability to access data our customers or other data controllers transmit, receive, or store through our services, if you are an Covered Individual covered by Privacy Shield and this Privacy Notice, and you wish to request access to or to limit use or disclosure of your Personal Data, please provide the name of the 8x8 Inc. customer or other data controller who transmitted, received, or stored your Personal Data through our services. We will refer your request to that customer or other data controller and will support that business as needed in responding to your request.
U.S. Federal Trade Commission enforcement:
8x8 Inc.’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission or the applicable United States authorized statutory body.
8x8 Inc. may be required to disclose Personal Data in response to lawful requests by public authorities, or administrative or judicial process, including to meet national security or law enforcement requirements.
Children are not eligible to use 8x8’s website and services, and we ask that minors (under age eighteen) not submit personal information to us. If we become aware that we have inadvertently received personal information from an individual under the age of eighteen, we will delete this information from our records.
Information about others
If you provide us with information about another person, you confirm that you have obtained their consent to the processing of their personal data by us (or are otherwise legally entitled to provide us with that information) and that you have informed them of our identity, the purposes for which their personal data will be processed and their rights (as set out in this Privacy Notice), as well as where they can obtain a copy of this Privacy Notice.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
EEA data protection rights
If you are a resident of the EEA you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details using the contact details provided below. You may also be able to access and update certain information via your online account.
- In addition, if you are a resident of the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided below.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
California privacy rights
As noted above, this Privacy Notice applies to personal information that we process about visitors to our Websites, which are directed to our business contacts; our suppliers, vendors and business advisors; our existing, prospective and past customers; visitors to our offices; and authors of publicly available research material
This section contains disclosures required by the California Consumer Privacy Act (“CCPA”) and applies only to “personal information” that is subject to the CCPA. We do not, and will not, sell your personal information in any manner that requires an opt-out opportunity under the CCPA. Consumers with disabilities may access this notice through the use of standard screen readers or by emailing firstname.lastname@example.org to obtain a copy in an alternative format.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
How to contact us
If you have any questions or concerns about our use of your personal information, please contact our data protection officer using the following details:
675 Creekside Way Campbell, CA 95008 United States
8x8 UK Limited Oxford House Bell Business Park Aylesbury HP19 8JR United Kingdom
8x8 Research and Innovation SARL Bulevardul 21 Decembrie 1989 77, Cluj-Napoca 400124, Romania
8x8 Australia Pty Limited Level 13 135 King Street, Sydney, NSW 2000
8x8 International Pte. Ltd., 1 George Street, #22-03/04 One George Street, Singapore
Depending on which of our Websites and services you use, the data controller of your personal information will be the 8x8 Group Entity that your organization has contracted with, or otherwise the Website operator.