March 2024
3
Access to personal data is restricted to provide the Service (i.e., for customer support troubleshooting
and remediation, Service monitoring, product improvement, network management, network
monitoring, and to provide customer analytics). Strong access control mechanisms are employed which
limit access to personal data to only those trained and authorized RingCentral and subprocessors’
personnel who have a business need to access said data to enable RingCentral Services. Such controls
include multi-factor authentication (MFA), which is implemented for administrative access to the
production environment, and Identity Access Management (IAM), which tightly controls access to
RingCentral production environments.
Access by Customer Administrators and End Users
Customers can access data regarding the Service, including personal data, directly through the dedicated
portal to administer user accounts and retrieve, update, or delete end users’ personal data. RingSense
Users may access certain personal data on the Service from the ServiceWeb portal.
How RingCentral Service Data Processing Fits with Data Protection Laws
Data Subject Rights
The Service provides technical means to enable customer administrators to take appropriate actions in
response to requests from data subjects exercising their privacy rights. In addition, if end users submit a
request through the RingCentral Data Subject Request Center, we will direct them to contact the
customer to exercise their rights.
Subprocessors
RingCentral uses other RingCentral affiliates and third-party service providers to assist in delivering the
Service. RingCentral contracts only with third-party service providers that provide equivalent levels of
data protection and security as provided by RingCentral.
A current list of subprocessors for RingCentral can be found here.
Data Minimization
When RingSense transcribes a call recording from speech to text, RingSense redacts the following
personal data attributes from the transcript: credit card number, email address, bank account number
(IBAN code), phone number, location (cities, provinces, countries, international regions, bodies of water,
mountain). For the US, RingSense also redacts the following attributes from the transcript: bank account
number, driver’s license, taxpayer ID number, passport number, social security number.
Data Retention
Unless deleted by the Customer in the platform, personal data will be retained for up to 12 months
during the term of the Service, or as otherwise required by law or agreed with the customers. Upon
termination an account will be disabled on the last day of the billing cycle. Once the account is disabled,
the account will be deleted within 30 days, unless otherwise agreed with the customers.
Transparency