SUMMARY OF LASTEST CHANGES

This policy was last updated on November 4, 2022. The update restructures the policy for ease of readability, increases transparency, adds provisions necessary for the California Privacy Rights Act (“CPRA”) and makes miscellaneous clarifications throughout. Restructuring includes moving the email tracking section into the Mitel Cookies Policy which has been renamed Cookie and Tracking Technology Policy and removes all references to employment applications which are covered by Mitel’s Privacy Policy for Candidates.

MITEL PRIVACY POLICY

Mitel Networks Corporation and its affiliates, subsidiaries and entities that Mitel Networks Corporation operates (collectively, “Mitel”, “we”, “our”, or “us”) is committed to protecting the security and privacy of your personal data and ensuring that we conduct our business in compliance with laws on privacy, data protection and data security.

This Privacy Policy ("Policy") explains Mitel’s collection, use, disclosure, and storage of personal data for which Mitel, as the “data controller”, determines the purposes and manner of the processing. We handle limited personal data as a “data controller” and any such personal data is typically information about employees of our customers and/or prospective customers. This policy does not apply to our UCaaS or hybrid cloud services. When we process personal data as part of a Mitel UCaaS solution or hybrid cloud service, we are processing data on behalf of and under instructions of our customers (as their processor or service provider) and we are bound by contractual obligations. Additional information about our processing of customer personal data in relation to our UCaaS or hybrid cloud service can be found in our Application Privacy Policy. Furthermore, this Policy also does not apply to job applicants or our employees. For applicant information see Mitel’s Privacy Policy for Candidates. Finally, this policy does not apply to the practices of other websites that we may link to, companies that we do not own or control, or to people that we do not employ or manage.

Whenever you interact with us on behalf of another individual or entity, such as by providing or accessing personal data about another individual, you need to obtain their consent (or have the legal authority without consent) to share any personal data you provide to us.

We encourage you to read this Policy so that you understand Mitel’s commitment to your privacy, and how you can contribute to that commitment.

For the purposes of EU/EEA and UK General Data Protection Regulation (“GDPR”), Mitel Europe Limited is the data controller. Our contact details are set out at the end of this Policy.

If you are a CA resident, see Appendix A – California Supplement for a detailing of the categories of personal data we have collected, sold, shared, or disclosed and the categories of third parties with whom each category was sold, shared, or disclosed.

Sources of information we collect about you

We may collect your personal data:

1. Directly from you, or another person at your organization, including through

   • our worldwide websites and portals, including our online store and our product, partner, and service portals (collectively “our Sites”);

      

   • interactions with our sales, customer support, technical support, professional services, marketing, and training teams;

      

   • ordering documents such as service or purchase orders;

      

    

2. We may automatically collect information or inferences about you through our Sites and email we send you. This is done through the use of cookies, tracking, and other similar technologies. For additional information see our Cookie and Tracking Technology Policy.

    

3. From third parties we work with, such as business partners, channel partners, sub-contractors, advertising networks, lead (and lead enrichment) providers, analytics providers, search information providers, social media providers or media companies and data brokers.

    

4. From publicly available sources such as public profiles and websites

    

We may combine and use information and make inferences from information that we receive from the various sources described in this Policy. We use and disclose the combined information and inferences for the purposes identified below.

Personal data we collect

• name

• address and phone number(s)

• email address

• IP address

• Mitel username

• third party online identifiers

• employer, job title or role and department

• LinkedIn or Twitter link

• other contact details (these details be business or personal, depending on the nature of our relationship with you or the company that you work for)

• other information, which is necessary for us to process an order, to enter into or perform a contract with you or the company you work for

• Signatures on service orders

• where relevant, information about events to which you or your colleagues are invited, and personal data and preferences to the extent that this information is relevant to organizing and managing those events (for example, dietary requirements, social media names/links, personal preferences for hotel rooms)

• other information shared in the creation of a Mitel account

• Technical information, including:

  • the Internet protocol (IP) address used to connect your computer to the Internet

  • your login information

  • your browser type and version

  • time zone setting

  • browser plug-in types and versions

  • operating system and platform

  • non-precise geolocation data, such as your location as derived from your IP address

• Information about your visit to our Sites, including:

  • the full Uniform Resource Locators (URL) clickstream to, through and from our Sites (including date and time)

  • products you viewed or searched for on our Sites

  • Site page response times

  • domain name of the sites from which you came to our Sites

  • number of visits, average time spent, pages viewed on our Sites

  • download errors on Sites

  • page interaction information (such as scrolling, clicks, and mouse-overs) on our Sites

  • methods used to browse away from the page on our Sites

See also our Cookie and Tracking Technology Policy.

• any phone number used to call our service organization or social media handle used to connect with our customer service team

• other personal data that you provide when communicating with us by phone, by e-mail, via our Sites, via social media, or through other medium

• Inferences drawn from any information we collect about your level of interest in our, our partners, and third-party products and services and your preferred frequency for receiving marketing and promotional communications

How we use your information

We use your personal data to support our business functions, such as fraud prevention, marketing, and legal functions as well as comply with any obligations we have to you or requests you have made of us. Examples of how we use your personal data include:

• to generally support our business relationship

• to fulfill your requests for information, products, services, and support and communicate with you about those requests including scheduling meetings as required

• to take steps to enter into any contract or carry out our obligations arising from any contract entered into between you or the company you work for and us including:

  • supplying products and services to you or the company you work for or receiving them from you or the company you work for, as the case may be

  • administering your/your company's account with us, including completion and support of current activity

• to archive your information

• for legal, safety, fraud prevention, or security reasons

• to access the credit risk of entering into a contract with you or the organization that you work for

• to conduct research and development activities

• to operationalize corporate events or presentations including webinars, contests, promotions, newsletters, and surveys

• as necessary to operate and personalize our Sites. See also our Cookie and Tracking Technology Policy

• to provide communications relevant to products and services your organization has purchased or subscribed to (for example to let you know about software releases or other changes)

• to better understand you and your organization’s behavior so that we may improve our Sites, products, services and applications, as well as our marketing and advertising efforts

• to perform data analytics (which may include the use of machine learning). For example, we may perform data analytics as part our Customer Intelligence Platform, or otherwise: (i) to support our marketing (including targeted marketing), lead and prospect generation programs (which may include building decision maker profiles to increase the efficiency of our marketing programs), (ii) to assess customer satisfaction, churn and risk of churn, and (ii) for other purposes that make sense for our business. In doing so, we may combine various sources of personal data such as information you have directly provided us, information about your visits to our Sites, your interactions with our emails (and clicks therein) and information we have obtained about you and/or your organization either internally (e.g., support calls, complaints, renewal of software assurance) or from our customers, prospects and third parties and extrapolate interests or decisions that you and/or your organization will have or make (e.g. be/remain interested in our products and services including upgrades and maintenance, those of our partners, such as RingCentral, including migration thereto, and/or other third parties.) Information we obtain from third parties may include information known, or inferred, about your organization’s interest in our, our partners, or third-party products, satisfaction with our products and services, and procurement cycles based on your general Internet activity. See also our Cookie and Tracking Technology Policy

• to market our, our partners’ (e.g., RingCentral) and any other third party’s products and services to you (and follow up on leads, including those obtained from third parties, re same) via email, telephone, or other channels (which may involve targeting you with personalized ads on 3rd party websites or social media). For example, we may use personal data to send you newsletters, surveys, questionnaires, promotions, product/service information, special offers or information about events or webinars, opportunities to provide us with feedback or meet with us, to show you personalized ads, to analyze emails sent and content viewed by you, to identify visitors across devices and sites, to identify (lookalike) audiences (including by identifying you across devices and sites). See also our Cookie and Tracking Technology Policy.

• to augment or correct contact information we have about you

• to schedule (and hold) meetings which you agree to attend

Summary of legal basis and purpose of processing

Data protection laws (including the EU and UK GDPR) set out a number of different reasons for which we may collect and process your personal data in certain circumstances. Where data protection Laws apply, the legal bases we rely upon include:

• Consent
  We can collect and process your data with your consent, where required by data protection laws. For example, if you have given your consent to receiving marketing material from us or the party who collected your information.

• Contract obligations
  We process your personal data as required to comply with our contractual obligations. For example, where you have provided us with your email address to receive our services or products, we will use this information in order to effectively deliver and communicate information to you in regard to such products and services.

• Compliance with legal obligations
  If the law requires us to, we may need to collect and process your data for legal compliance reasons. For example, we can pass on details of people involved in fraud or other criminal activity affecting us to applicable law enforcement authorities.

• Legitimate interest
  We may require your data to pursue our legitimate interests or those of a third party in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedom or interests. For example, it is in our legitimate interests to (a) ensure that content from our Sites are presented in the most effective manner for you and your computer and that we provide you with the information, products and services that you request from us, (b) to keep our Sites safe and secure; (c) for measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you (including individual and pseudonymous analysis and profiling); (d) to allow you to participate in interactive features of our service when you choose to do so, and (e) to use marketing related information about you that we have lawfully collected.

Sometimes more than one legal basis applies to the processing of the same piece of personal data, depending on the processing activity taking place.

Who we give your information to:

We may disclose your personal data to:

• any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, and our subcontractors, who support our processing of personal data under this policy

• appropriate service providers and/or third parties including:

  • our channel partners, business partners, customers, suppliers, sub-contractors and third-party service providers who (i) support the provision and/or operationalization of our products and services and/or our sales and marketing and advertise efforts including targeted advertising campaigns, (ii) who form part of our distribution channel, or (iii) otherwise assist us. For example, we may provide personal data to: (i) service providers involved in our UCaaS products, (ii) enterprise data warehousers who store information for us and (iii) advertisers, advertising platforms and advertising networks (“advertisers") that require data to select and serve relevant adverts to you and others on the Internet. With the exception of contact information (e.g., email addresses), we do not disclose information about identifiable individuals to our advertisers. Advertisers make may use of data which we provide for their own purpose. Where they do so, we are not responsible for their privacy practices or personal data processing policies

  • our auditors, legal advisors and other professional advisors

  • credit reference agencies who assess credit scores

  • analytics and search engine providers involved in the improvement and optimization of our Sites

• with other entities in connection with a corporate transaction, e.g.,

  • if we sell or buy any Mitel business or assets, or engage in other form of corporate change including but not limited to bankruptcy, we may disclose your personal data to the prospective seller or buyer of such business or assets

  • if Mitel or substantially all of its assets are acquired by a third party, in which case personal data held by Mitel about its customers may be one of the transferred assets

• with law enforcement, a court or tribunal, or other government agency, such as where we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our supply terms or other agreements with you or the company you work for; or to protect the rights, property, or safety of Mitel, our customers, or others

• other companies and organizations involved in fraud protection, credit risk reduction and cybercrime prevention

Where your information is stored

Personal data collected by us may be stored and processed in your region, in Canada, and in any other country where Mitel or its service providers operate. We maintain major data centers in the following countries: the United Kingdom, France, Canada and the United States. Where your information is stored by Mitel itself, typically, the primary storage location is in your region. If you are a UK or EU citizen, where we are permitted by law to do, personal data that we process in relation to you may be transferred and stored at, a destination outside the UK/EEA that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the UK/EEA who work for us or for one of our suppliers. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.

• We may transfer your personal data outside the UK/EEA:

  • in order to store it

  • in order to enable us to provide goods or services to and fulfil our contract with you or the company your work for

  • where we are legally required to do so

  • in order to facilitate the operation of our group of businesses, where it is in our legitimate interests, and we have concluded these are not overridden by your rights

Where your information is transferred outside the UK/EEA, we take steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as, where applicable, relying on a recognized legal adequacy mechanism and contracts, to help ensure your rights and protections travel with your data and that your personal data is treated securely and in accordance with this Policy. Please reach out to us using the contact information in the Contact Information section below if you want to receive further information about how we transfer personal data.

How we protect your information

Mitel takes precautions that are consistent with industry practices and data protection laws to ensure the security of your personal data. We strive to protect your personal data from loss, destruction, falsification, manipulation and unauthorized access or disclosure.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. We will do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our Sites; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorized access.

How long we keep your information

We keep your contact information, and our extrapolation of your organization’s procurements cycle and the likelihood that you and/or your organization will be interested in our products and services and/or those of any of our partners, until you ask to us delete it or unsubscribe to our marketing list. For clarity, even where you ask us to delete your contact information or opt-out of future marketing, we will keep your email and phone number on our email and phone opt-out lists.

Where we process personal data about you in conjunction with the supply of our products or services (e.g., contact data for technical or billing purposes), we retain that personal data for as long as necessary to provide the products and fulfill the transactions our clients have requested, or for other purposes such as complying with our legal or regulatory requirements, resolving disputes and enforcing our agreements.

The criteria used to determine our retention periods includes (i) whether your personal data is still needed to provide, maintain or improve the performance of our products and services, (ii) whether you have requested that your personal data be deleted, (ii) our retention period for the type of data at issue, (iv) where we are processing based on your consent, if you have withdrawn your consent, (v) if we have completed the processing for which we collected your personal information and (vi) legal requirements.

Your rights

You, or a verifiably authorized person acting on your behalf, have the right under certain circumstances to be provided with a copy of your personal data held by us.

Depending upon the data protection law applicable to you, you may have the following rights in certain circumstances. These rights may be exercised directly by you or indirectly via your authorized agent:

• to request confirmation that we process your Personal Data and the specific pieces of information we process. You may also have the right to request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, selling, or sharing the Personal Data, and to whom we have disclosed Personal Data and why.

• to be provided with a copy of your personal data held (or disclosed) by us

• to request the rectification or erasure of your personal data held by us

• to request that we restrict the processing of your personal data (for example, while we verify or investigate your concerns about your information)

• to object to the further processing of your personal data, including the right to object to marketing

• to request that your personal data be moved to a third party

• to opt out of our sale and sharing (as such terms are defined under the California Consumer Privacy Act) of your personal data. In order to exercise this right, you must:

  • Disable the use of advertising cookies in the preference center in the bottom left-hand corner on our Site. You must complete this step on each of our websites from each browser and on each device that you use. These steps are necessary so that we can place a first-party cookie signaling that you have opted out on each browser and each device you use.

  • Note that if you block cookies, we may be unable to comply with your Right to Opt Out of Sale or Sharing request with respect to device data that we automatically collect and disclose to third parties online using cookies, pixels, and other tracking technologies. If you clear cookies, you will need to disable the use of all advertising cookies in the preference center again on each browser on each device where you have cleared cookies.

• to opt out of automated decision making

• Except where permitted by law, to not be discriminated against

It is important to Mitel that the information we have is accurate and complete. We encourage you to keep your information with us up to date by sending a mail to - [email protected]

Your right to withdraw consent and/or object to marketing:

Where the processing of your personal data by us is based on consent (provided either directly to us or to a third party from whom we obtained your personal data), depending on jurisdiction you may have the right to withdraw that consent without detriment at any time by contacting us using the contact details at the end of this Policy.

You can opt out of receiving our marketing emails at any time by changing your Marketing Preferences, selecting the "unsubscribe" link at the end of all our marketing and promotional email communications to you or by sending an email to our Privacy Service Team at [email protected]. Even if you opt-out, you will continue to receive transaction-related emails regarding products or services you have purchased. For telephone communications, we maintain a telephone Mitel specific “do-not-call” list. If you would like to be added to our “do-not-call” list you can email [email protected] or if we call you, let us know you prefer not to be contacted again.

How to exercise your rights

You (or your agent) can exercise the rights listed above at any time by contacting our Privacy Service Team by emailing [email protected], or where permissible at law, calling at 888 –257 –8624. You can opt out from the “sale” or “sharing” of your data by disabling the use of advertising cookies in the preference center in the bottom left-hand corner on our Sites (see additional notes about how to exercise this right above).

Prior to processing any of the aforementioned requests, Mitel will require proof of identity acceptable to Mitel such as photo ID (where required or permitted by law), proof of address, and/or security or other questions preestablished with you or based on information known to Mitel about you. Proof threshold will be based on information requested. In the case of a request made by an agent, Mitel will require verification of the identity and authority. Mitel will retain any such proof for a period time which we determine reasonably necessary. It may be necessary for Mitel to contact you to accomplish the verification of identity, and authority, if applicable.

If you have any further questions, comments or concerns about our privacy policies or practices, please contact our Privacy Service Team at [email protected]. Mitel Networks Corporation is committed to resolving any concerns you may have regarding this Policy quickly and efficiently.

If you are a UK or EU citizen, and if your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.

Children's Privacy

Our Sites are intended for individuals 18 years of age and older. The Sites are not directed at, marketed to, nor intended for, children under 18 years of age. As a general rule, we do not knowingly collect any information, including personal data, from children under 18 years of age. If you believe that we have inadvertently collected personal data from a child under the age of 18, please contact us, and we will take prompt steps to delete the information.

Changes to this policy

Any changes we make to this Policy in the future will be posted on our websites and all related websites for additional languages and regions.

This Policy was last updated on: November 4, 2022

Contact us

Mitel Legal Department
[email protected]

Annex A- Supplemental Information for California Residents

[1] Please see our Cookie and Technology Tracking Policy. You can adjust our cookie settings by clicking on the cookie icon in the bottom left-hand corner of your screen or by clicking on the do not sell button.