EU-U.S. and Swiss-U.S. Privacy Shield Policy

Last updated: March 31, 2021

Dialpad, Inc. (“Dialpad”, “we”, “our”, or “us”) provides tools to help individuals and organizations communicate more effectively, including Dialpad Talk, Dialpad Support, Dialpad Sell, UberConference, Highfive, and associated websites and mobile apps (“Services”). We have subscribed to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”). Dialpad recognizes that the Privacy Shield is no longer a valid transfer mechanism for personal information from the European Union and its Member States, the European Economic Area, or Switzerland. However, we continue to comply with the requirements under Privacy Shield due to our commitment to the Privacy Shield Principles, as described below.

The Dialpad Privacy Shield Policy (“Privacy Shield Policy'') and the Dialpad Privacy Policy (“Privacy Policy”) describe how we protect cross-border transfers of personal information pursuant to applicable legal requirements and in reliance on the Privacy Shield. Should there be any conflict between the Privacy Shield Policy and the Privacy Policy, the Privacy Shield Principles shall control. To learn more about the Privacy Shield program visit www.privacyshield.gov, and to view our certification, please visit https://www.privacyshield.gov/list.

This Privacy Shield Policy applies to personal information covered by Dialpad’s Privacy Shield certification, which covers the following types of personal information:

  • Personal information regarding current, former, and perspective partners, contractors, and employees for the purposes internal Dialpad management and human resources administration.

  • Personal information regarding current, former, and prospective users and their personnel for the purposes of delivering Dialpad services.

  • Personal information regarding third parties, such as vendors, service providers, sub-processors, etc., and their personnel for the purposes of managing and administering ongoing business activities.

Privacy Shield Principles (the “Principles”)

Individual Notice and Choice

We collect and process personal information from certain individuals for the purposes described in this Privacy Shield Policy. Personal information covered by this Privacy Shield Policy is collected and processed only as permitted by the Principles.

Dialpad collects information directly provided by users as well as information gathered through the use of our Services, such as device and session information, telephony information, and call audio. This information is collected with notice to and consent from users prior to data collection. Such information is collected for the sole purpose of providing the Services. The user can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features within the Services. In general, unless Dialpad offers appropriate choice and receives appropriate consent from its users, Dialpad only uses personal information as indicated in this Privacy Shield Policy and the Privacy Policy.

Notice to users regarding personal information collected and how that information is used may be provided through this Privacy Shield Policy and the Privacy Policy, or in other direct forms of communication with users, such as contracts or through the normal means of communication with the users.

Data Integrity and Purpose Limitation

Dialpad collects and processes personal information only to the extent that it is compatible with the purposes for which it was collected or subsequently authorized by the user. We do not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorized and delete personal information upon request by the user. Dialpad takes reasonable steps to ensure that the personal information that is required for the delivery of Dialpad’s Services and that such information is accurate, complete, and current.

Disclosures and Accountability for Onward Transfers

We do not license or sell your personal information to third parties, including advertisers, without your consent. As described below, when we share any information about you with third parties, we pseudonymize and aggregate any information about you before we share it unless more detail is necessary to the function of the Services. Although Dialpad’s Privacy Policy and Privacy Shield Policy do not apply to the practices of companies we don’t own or control or people that we don’t manage, our Data Processing Agreements with European customers and/or users in the European Union define how these third parties can use and store your information, consistent with this Privacy Shield Policy and the Principles. Consistent with the Principles, Dialpad may disclose personal information to third parties under one or more of of the following conditions:

  • We employ other companies and people (“sub-processors”) to perform tasks on our behalf and need to share your information with them to provide the Services to you. This disclosure is made in connection with the operation of our business, the provision of Services to the user, and is consistent with the purpose for which the personal information was collected. We maintain written contracts with these sub-processors, including, where appropriate, Data Processing Agreements, and require that the sub-processors provide at least the same level of privacy protection as required by the Principles. The sub-processors do not have any right to use the personal information we share with them beyond what is necessary to assist us and may not use such information for marketing purposes. We remain liable under the Principles if a subprocessor processes your information on our behalf in a manner that is inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. Dialpad’s list of sub-processors can be viewed within our Help Center.

  • We will share your personal information with affiliated businesses only if you or your Dialpad Services administrator opt-in to such a disclosure by setting up an integration, and we will only share your information to the extent that it is related to the transaction or service. If you choose to take part in any transaction or service relating to an affiliated website or business, please review their policies.

  • We reserve the right to access, read, preserve, and disclose any personal information that we believe is necessary to comply with the law; to respond to lawful requests by public authorities, a court order or subpoena; to enforce or apply our Terms of Service and other agreements; or to protect the rights, property, or safety of Dialpad, our employees, our users, or others, including to meet national security or law enforcement requirements. In such cases, unless prohibited by law, we will provide notification to the user prior to such disclosure.

Data Security

We use reasonable and appropriate physical, electronic, and administrative safeguards to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the personal information and the risks involved in processing that information.

Access to Personal Information

Through your account settings, you may access, and, in some cases, edit, or delete certain information you’ve provided to us.

The information you can view, update, and delete may change as the Services change. You also have the right to access, correct, amend, or delete information that we hold via a Data Subject Access Request. When you update information, we may maintain a copy of the unrevised information in our records.

You may request deletion of your Dialpad Talk, Dialpad Support and/or Dialpad Sell account by contacting support@dialpad.com. You may delete your Dialpad UberConference account by selecting the “Delete My Account” link at the bottom of the account page. Consistent with the Principles, after deletion of your account, some information may remain in our records for a period of time that is consistent with the purpose it was collected for. We may use any anonymized and aggregated data derived from your personal information after you update or delete it, but not in a manner that would identify you personally.

Following the cancellation of your Services, we will delete and/or anonymize information related to your account so that no personal information is retained by Dialpad or its contractors, unless otherwise required by law.

Recourse, Enforcement and Dispute Resolution

Dialpad commits to resolve complaints about the collection or use of your personal information. If you have questions, concerns, or complaints, please contact our Privacy Team at legal@dialpad.com. We will investigate and attempt to resolve all complaints and disputes regarding the collection and use of your personal information in accordance with the Principles. For any unresolved privacy complaints, Dialpad has committed to cooperate with the EU Data Protection Authorities and/or the Swiss Federal Data Protection and Information Commissioner (collectively, the “DPAs”), as appropriate, as the independent dispute resolution bodies to address complaints and provide appropriate recourse free of charge to the individual. Dialpad commits to comply with the advice provided by the DPAs with respect to both non-human resources and human resources data transferred from the EU and/or Switzerland, as applicable.

You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For more information, please visit the Privacy Shield website.

DIalpad is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Contact Information

If you have any questions regarding this Privacy Shield Policy, please contact us by email at legal@dialpad.com.

Changes to this Privacy Shield Policy

This Privacy Shield Policy may be changed from time to time, consistent with the requirements of the Privacy Shield; we will not update this Privacy Shield Policy in any way that contradicts the Principles so long as we remain certified to the Privacy Shield. You can determine when this Privacy Shield Policy was last revised by referring to the “LAST UPDATED” date at the top of this page.