Mitel Workflow Studios - DPA Annexes
Annex 1 – Service Description
1. Service Description
"Cloud Services" means Workflow Studio, the no-code/low-code automation and integration platform.
2. Scope
The DPA and this annex applies to Mitel's Processing of Customer Personal Data for the provision of the Services to Customer.
Annex 2 – Details of Personal Data and Processing Activities
1. Categories of Personal Data:
Customer may submit Personal Data to/through the Cloud Services, the extent of which is determined and controlled by Customer, and which may include, but is not limited to:
- Customer Information: first name, last name, phone number, job title, address, email address, geographic location, username and password.
- Communication Records: Chat logs, emails, and inbound and outbound call logs.
- Personal Data from Customer systems including AI systems integrated with the Cloud Service.
- IP addresses, IVR labels, service set-up information, service configurations and settings
- Any other Personal Data comprised in Customer Data, as defined in the Terms.
2. Frequency of the transfer: as required.
3. Nature of the processing: to provide the Cloud Services.
4. Categories of data subjects: Customers and their end users.
5. Purpose of Processing and transfers: to provide the Cloud Services as agreed.
6. Duration of Processing: To the extent that Customer Personal Data is transferred to Mitel, unless otherwise required by law, Mitel will only retain the Customer Personal Data as long as it is necessary for Mitel to provide the Cloud Services. Mitel only stores data during the processing of a workflow and does not store persistent data in the Cloud Service.
7. LIST OF PARTIES
Data exporter (Customer):
[Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]
Contact Name:
Position:
Email:
Role:
Data importer (Service Provider):
[Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]
Contact Name: Matthieu Pere
Position: Group Data Protection Officer
Email: gdpr@mitel.com
Role: Processor
Annex 3 - Technical and Organizational Security Measures
Mitel will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as described in the Technical and Organizational Measures Documentation available at - https://www.mitel.com/legal/mitel-cloud-services-terms-and-conditions
Annex 4 - Standard Contractual Clauses Details
1. UK Standard Contractual Clauses.
The UK Information Commissioner is the exclusive Supervisory Authority for the transfers of UK Personal Data under this Agreement. The UK SCCs shall be governed by the Laws of England and Wales and the parties submit to the exclusive jurisdiction of the English courts in relation to them.
2. EU Standard Contractual Clauses.
2.1 The parties select the following Standard Contractual Clause Module:
- Module One (Controller to Controller)
- Module Two (Controller to Processor)
- Module Three (Processor to Processor)
- Module Four (Processor to Controller)
2.2 For each module, where applicable, the parties agree that the following terms apply:
- (a) the Data Protection Commission of the country whose laws govern the SCCs pursuant to paragraph (c) below shall be the competent Supervisory Authority;
- (b) data subjects for whom Mitel processes Customer Personal Data are third-party beneficiaries under the applicable SCCs;
- (c) the SCCs shall be governed by the laws which governs the Agreement provided that such governing law are the laws of a member of the European Union and that it allows for third-party beneficiary rights. If neither of these conditions are satisfied, then the governing law shall be the laws of Germany; and
- (d) any dispute arising from the SCCs shall be resolved by the courts of the country whose laws govern the SCCs pursuant to paragraph (c) above.
2.3 Supplementary Measures.
In order to maintain the protection of Personal Data granted in the European Economic Area (“EEA”) and the UK, Mitel shall collaborate with Customer in the event of international data transfers from the EEA or from the UK to a third country which is not considered an Adequate Country under applicable Data Protection Laws. For the appropriate safeguards contained in the GDPR and UK GDPR Article 46 transfer tools to be effective, Mitel shall comply with the following supplementary measures -
- (a) Challenge law enforcement requests:
- i. Mitel will take commercially reasonable efforts to challenge law enforcement requests for EU Customer Personal Data from governmental bodies, whether inside or outside the EEA, where the request conflicts with EU law, is overbroad, or where we otherwise have any appropriate grounds to do so; and
- ii. Mitel will take commercially reasonable efforts to challenge law enforcement requests for UK Customer Personal Data from governmental bodies, whether inside or outside the UK, where the request conflicts with UK law, is overbroad, or where we otherwise have any appropriate grounds to do so.
- (b) Disclose the minimum amount necessary: Notwithstanding sub (a) above, if Mitel is compelled by a valid and binding legal request to disclose Customer Personal Data, we will disclose only the minimum amount of Customer Personal Data necessary to satisfy the request.
- (c) Promptly notify the data exporter/subject of the request or order received from the public authorities of the third country, except were prohibited by law or by court order.
3. Swiss Standard Contractual Clauses (Swiss SCCs)
To the extent Mitel processes Customer Personal Data that is protected by the Swiss Data Protection Laws, the EU SCCs will apply, with the following modifications:
- a. any references in the EU SCCs to “Directive 95/46/EC” or “Regulation (EU) 2016/679” shall be interpreted as references to the Swiss DPA;
- b. references to “EU”, “Union”, “Member State” and “Member State law” shall be interpreted as references to Switzerland and Swiss law, as the case may be; and
- c. references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the FDIPC and competent courts in Switzerland, unless the EU SCCs as implemented above cannot be used to lawfully transfer such Personal Data in compliance with the Swiss DPA, in which event the Swiss SCCs shall instead be incorporated by reference and form an integral part of this Addendum and shall apply to such transfers. Where this is the case, the relevant Annexes of the Swiss SCCs shall be populated using the information contained in Annex 1 and 2.
4. Conflict.
To the extent there is any conflict between the Standard Contractual Clauses, and any other terms in this DPA, the provisions of the Standard Contractual Clauses will prevail.
Annex 5 - Authorized Subprocessors
To support delivery of our Cloud Services, Mitel (or one of its Affiliates listed below), may engage and use data processors with access to certain Customer Data (each, a "Subprocessor"). Customer Personal Data is only processed within the region where the Customer account is created.
| Entity Name | Services | Location of Subprocessors |
|---|---|---|
| Amazon Web Services, Inc. | Third-party hosting provider | United States |
| Amazon Web Services, Inc. | Workflows | United States/ EU/ AP |
Affiliates
Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Cloud Services provided, Mitel may also engage any of its Affiliates as Subprocessor to deliver some or all of the Cloud Services provided to a Customer.
Updates
As our business grows and evolves, the Subprocessors we engage may also change. Please check back frequently for updates.
Related Documents
 |
Mitel Unify Phone Data Processing Agreement Annexes This document outlines the annexes to the Data Processing Agreement (DPA) for Mitel Unify Phone, detailing service descriptions, personal data processing activities, security measures, standard contractual clauses, and authorized subprocessors. |
 |
Mitel Secure Cloud DPA Annexes: Service Description and Data Processing This document outlines the service description, data processing activities, technical and organizational security measures, and standard contractual clauses for Mitel Secure Cloud services, ensuring compliance with data protection laws. |
 |
Mitel Cloud Services Fair Usage Policy This document outlines the Fair Usage Policy for Mitel Cloud Services, detailing usage limits for Mitel Secure Cloud and Mitel Workflow Studios, and the process for policy changes and waivers. |
 |
Mitel Cloud Services Fair Usage Policy Official Fair Usage Policy for Mitel Cloud Services, outlining usage limits and terms for Mitel Secure Cloud and Mitel Workflow Studios. |
 |
Mitel Cloud Services Fair Usage Policy This document outlines the Fair Usage Policy for Mitel Cloud Services, detailing usage limits and terms for customers and their users to ensure fair resource consumption and maintain service quality. |
 |
Mitel Technical and Organizational Security Measures Details Mitel's commitment to maintaining high security standards through policies, network security, workstation security, data center security, data encryption, access controls, incident response, risk management, business continuity, and employee training to protect customer data and business operations. |
 |
Mitel Workflow Studios Customer Data Retention Schedule This document outlines the data retention policy for Mitel Workflow Studios, detailing how long customer data, configuration data, and logs are stored and where they are located. |
 |
Mitel Workflow Studio Administrator Guide A comprehensive guide for administrators on using Mitel Workflow Studio to design, configure, and manage workflows. Learn about features, actions, triggers, and best practices for creating automated business processes. |