Mitel Unify Phone - Data Processing Agreement Annexes
Annex 1 – Service Description
1. Service Description
Cloud Service means Unify Phone.
2. Scope
The DPA and all annexes apply to Mitel's Processing of Customer Personal Data for the provision of the Cloud Services to Customer.
Annex 2 - Details of Personal Data and Processing Activities
1. Categories of Personal Data:
- Profile Data: first name, last name, phone number, job title, address, email address, geographic location, username and password.
- Communication Data: inbound and outbound call logs, chat history
- Transient and Session Data: IP addresses, user presence
- Private Address Books: which may contain Personal Data of your personal contacts.
2. Frequency of the transfer: as required.
3. Nature of the processing: to provide the Cloud Services.
4. Categories of data subjects: Data Subjects are users provisioned by the Customer for the Unify Phone Service and external callers leaving their phone number in logs.
5. Purpose of Processing and transfers: to provide the Cloud Services as agreed.
6. Duration of Processing: Until termination of the contract. Customer as a Data Controller may be able to delete certain data within its control.
7. List of Parties:
Data exporter (Customer):
[Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]
Contact Name:
Position:
Email:
Role:
Data importer (Service Provider):
[Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]
Contact Name: Matthieu Pere
Position: Group Data Protection Officer
Email: gdpr@mitel.com
Role: Processor
Annex 3 - Technical and Organizational Security Measures
Mitel will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Technical and Organizational Measures Documentation available at - https://www.mitel.com/legal/mitel-cloud-services-terms-and-conditions
Annex 4 - Standard Contractual Clauses Details
1. UK Standard Contractual Clauses.
The UK Information Commissioner is the exclusive Supervisory Authority for the transfers of UK Personal Data under this Agreement. The UK SCCs shall be governed by the Laws of England and Wales and the parties submit to the exclusive jurisdiction of the English courts in relation to them.
2. EU Standard Contractual Clauses.
The parties select the following Standard Contractual Clause Module:
- Module One (Controller to Controller)
- Module Two (Controller to Processor)
- Module Three (Processor to Processor)
- Module Four (Processor to Controller)
2.2 For each module, where applicable, the parties agree that the following terms apply:
- (a) the Data Protection Commission of the country whose laws govern the SCCs pursuant to paragraph (c) below shall be the competent Supervisory Authority;
- (b) data subjects for whom Mitel processes Customer Personal Data are third-party beneficiaries under the applicable SCCs;
- (c) the SCCs shall be governed by the laws which governs the Agreement provided that such governing law are the laws of a member of the European Union and that it allows for third-party beneficiary rights. If neither of these conditions are satisfied, then the governing law shall be the laws of Germany; and
- (d) any dispute arising from the SCCs shall be resolved by the courts of the country whose laws govern the SCCs pursuant to paragraph (c) above.
2.3 Supplementary Measures.
In order to maintain the protection of Personal Data granted in the European Economic Area (“EEA”) and the UK, Mitel shall collaborate with Customer in the event of international data transfers from the EEA or from the UK to a third country which is not considered an Adequate Country under applicable Data Protection Laws. For the appropriate safeguards contained in the GDPR and UK GDPR Article 46 transfer tools to be effective, Mitel shall comply with the following supplementary measures -
(a) Challenge law enforcement requests:
- i. Mitel will take commercially reasonable efforts to challenge law enforcement requests for EU Customer Personal Data from governmental bodies, whether inside or outside the EEA, where the request conflicts with EU law, is overbroad, or where we otherwise have any appropriate grounds to do so; and
- ii. Mitel will take commercially reasonable efforts to challenge law enforcement requests for UK Customer Personal Data from governmental bodies, whether inside or outside the UK, where the request conflicts with UK law, is overbroad, or where we otherwise have any appropriate grounds to do so.
(b) Disclose the minimum amount necessary: Notwithstanding sub (a) above, if Mitel is compelled by a valid and binding legal request to disclose Customer Personal Data, we will disclose only the minimum amount of Customer Personal Data necessary to satisfy the request.
(c) Promptly notify the data exporter/subject of the request or order received from the public authorities of the third country, except were prohibited by law or by court order.
Annex 5 - Authorized Subprocessors
| Entity Name | Location | Function |
|---|---|---|
| Mitel Networks (Bulgaria) EOOD | 2 Maria Luiza Blvd., TZUM Buisiness Center, 1000, Sofia, Bulgaria | Technical Support Services |
| Mitel Networks Romania S.R.L. | 21st Mihail Kogalniceanu str. Bdg. C6/AP11, 500090 Brasov, Romania | Technical Support Services |
| Unify Communications Spain S.A.U. | 25 Calle de Albarracin, 28307 Madrid, Spain | Technical Support Services |
| Mitel Networks Greece ΑΕ | 455 Irakleiou Avenue, N. Irakleio, 14122 Athens, Greece | Technical Support Services |
| Unify - Soluções em Tecnologia da Informação Ltda. | Rua do Semeador, 702, Cidade Industrial - Curitiba City, Paraná State, Address Code (CEP 81.270-050), Brazil | Technical Support Services (Resource Pool) |
| Mitel Communications Private Limited | MIDC Plot B1 & B2 Software Technology Park 411062 Talwade, Pune, Maharashtra, India | Technical Support Services |
| Google Ireland Limited¹ | Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | Data Center Services |
| MongoDB, Inc.² | 1633 Broadway 38th Floor New York, NY 10019, United States | Managed Data Base Service |
¹ The Cloud Service is hosted in data centers in the following countries: Google Cloud Platform (GCP) region of Frankfurt a.M. (Europe-west3), Germany. The MongoDB databases are installed in the Google Cloud Platform (GCP) region of Frankfurt (Europe-west3). Encryption at rest is used for the data encryption by Unify with keys owned and managed by Unify.
² MongoDB is a managed service. Unify creates the database on nodes installed and maintained by MongoDB.
3. China Standard Contractual Clauses (China SCCs)
To the extent that there is a transfer of Customer Personal Data protected and within the scope of the Chinese Data Protection Law to any country outside China, the parties shall sign the China SCCs (a current copy to be provided) separately and fulfil any necessary filing formalities, as applicable.
4. Swiss Standard Contractual Clauses (Swiss SCCs)
To the extent Mitel processes Customer Personal Data that is protected by the Swiss Data Protection Laws, the EU SCCs will apply, with the following modifications:
- a. any references in the EU SCCs to “Directive 95/46/EC” or “Regulation (EU) 2016/679" shall be interpreted as references to the Swiss DPA;
- b. references to “EU”, “Union”, “Member State” and “Member State law” shall be interpreted as references to Switzerland and Swiss law, as the case may be; and
- c. references to the “competent supervisory authority” and “competent courts" shall be interpreted as references to the FDIPC and competent courts in Switzerland, unless the EU SCCs as implemented above cannot be used to lawfully transfer such Personal Data in compliance with the Swiss DPA, in which event the Swiss SCCs shall instead be incorporated by reference and form an integral part of this Addendum and shall apply to such transfers. Where this is the case, the relevant Annexes of the Swiss SCCs shall be populated using the information contained in Annex 1 and 2.
5. Conflict.
To the extent there is any conflict between the Standard Contractual Clauses, and any other terms in this DPA, the provisions of the Standard Contractual Clauses will prevail.
Related Documents
 |
Mitel Workflow Studios DPA Annexes: Service Description, Data Processing, Security, and Subprocessors This document outlines the service description, details of personal data processing activities, technical and organizational security measures, standard contractual clauses (including UK, EU, and Swiss), and authorized subprocessors for Mitel Workflow Studios. |
 |
Mitel Secure Cloud DPA Annexes: Service Description and Data Processing This document outlines the service description, data processing activities, technical and organizational security measures, and standard contractual clauses for Mitel Secure Cloud services, ensuring compliance with data protection laws. |
 |
Mitel Technical and Organizational Security Measures Details Mitel's commitment to maintaining high security standards through policies, network security, workstation security, data center security, data encryption, access controls, incident response, risk management, business continuity, and employee training to protect customer data and business operations. |
 |
Mitel Cloud Services Global Terms of Service This document outlines the global terms of service for Mitel Cloud Services, covering user responsibilities, data handling, service limitations, and legal provisions for customers and users. |
 |
Mitel Cloud Services Acceptable Use Policy This document outlines the Acceptable Use Policy (AUP) for Mitel Cloud Services, detailing rules and guidelines for customers and users to ensure the integrity and performance of the network and services. It covers prohibited uses such as encumbering resources, unauthorized access, illegal activities, and misuse of data. |
 |
Unify Phone Service Level Agreement (SLA) | Mitel Details the Service Level Agreement (SLA) for Mitel's Unify Phone service, covering availability, technical support, and product defect handling. |
 |
Mitel Unify Phone Customer Data Retention Schedule This document outlines the data retention schedule for Mitel Unify Phone, detailing how long customer data is kept and when it is deleted. |
 |
Mitel MiVoice 5000 SBC Implementation Manual: SIP Trunk, Dialer OTT, Unify Phone Comprehensive implementation guide for the Mitel MiVoice 5000 SBC service, covering SIP Trunking, Mitel Dialer OTT, and Unify Phone integration, including configuration, security, and architecture details. |