Welcome to our new site! Having issues?

Overall Privacy Statement

Privacy Statement

  1. Introduction

Sangoma Technologies Corporation and its subsidiaries, also referred to as “Sangoma,” “we,” “us,” or “our”,  take your privacy very seriously and are committed to providing you with a positive experience on Sangoma websites (or subdomains), including but not limited to www.freepbx.org, www.asterisk.org, www.sangoma.com, portal.sangoma.com, magento.smge.net, www.voipinnovations.com, www.e4strategies.com (individually, a “Website” or collectively, the “Websites”) and in using our products or services (“Solution” or “Solutions”).  

This Privacy Statement applies to Sangoma websites and Solutions that link to or reference this Privacy Statement and describes how we handle personal information and the choices available to you regarding collection, use, access, and how to update and correct your personal information.  Additional information on our personal information practices may be provided in supplemental privacy statements or notices provided prior to or at the time of data collection. Certain Sangoma websites may have their own privacy statement that describes how we handle personal information for those websites specifically.  

To the extent a notice provided at the time of collection or a website or Solution specific privacy statement conflicts with this Privacy Statement, such specific notice or supplemental privacy statement will control. 

  1. Information you give to us

When you visit the Websites, contact Sangoma, register with an account on the Websites, or purchase Solutions from Sangoma, we collect information from and about you. Some of the information Sangoma collects may be classified as personal data under data protection legislation, that is, “any information relating to an identified or identifiable natural person”.  It may be collected any time you submit it to Sangoma, whatever the reason may be.

This includes personal data collected:

Through our Website or online purchasing process when you register, login, commence or complete an online transaction to use our Solutions, you have provided your consent, in order to:

  1. subscribe to any of our marketing communications;

  2. complete customer surveys;

  3. conduct business as it relates to but not limited to support and purchases;

  4. receive communications about product releases and updates;

  5. enter competitions; or 

  6. provide feedback.

When we do business with you, which will usually include:

Full or partial contact details including names and addresses (including business details), telephone and email details based on the information you have provided to us with our account signup and management process.  We collect payment card and/or bank information from you should you choose to use this form of payment for purchasing or guaranteeing use of our products and services.

  1. Information Automatically Collected

This includes information and personal data collected:

Through our Websites, we automatically log information about you and your computer or mobile device upon access. The information about your use of our Websites comprises http header information which your browser transmits to our web server and information collected through the use of cookies and log information. For example, when visiting our Websites, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Websites, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Websites. 

  1. Use of Cookies

Some of our web pages use "cookies" or other information collection devices so that we can better serve you with more tailored information when you return to our Website. Cookies are identifiers which a website sends to your browser to keep on your computer to facilitate your next visit to our site.  We may track and record your use of our online services, either through cookies or via other means.  Cookies enable us and others to monitor your browsing behaviour. Information generated by the use of cookies may constitute personal data. We may use the personal data collected in this manner for the purposes as stipulated in this Privacy Statement. If you are subscribed to our email list, we also use this information to deliver more relevant content to your inbox. At any time, you can elect to opt out from the use of tracking cookies by clicking here. This will automatically disable tracking cookies and will redirect you back to the page you were originally on.  We do not otherwise respond to Do Not Track signals.

  1. IP Addresses/Web Server Log Files

We may use IP addresses and web server log files to analyze trends, administer a Website, track a user's movement, and gather broad demographic information for aggregate use. Additionally, in areas of a Website requiring registration, we may use this information from time to time to police a Website for unregistered users (but we undertake no obligation to do so). Information of this type may be combined with cookies or other sources of information for these purposes. Specifically, through the use of web server log files, any or all of the following information may be accessed, collected, analyzed, and stored during or after your visits to the Website: the name of the domain name from which you access the Internet; the country from which you access the Website; the date and time you access the Website; the pages you visit on the Website and the sequence in which you visit them; the amount of time you spent on a particular Website page; the Internet address of a website that you visit immediately before or after visiting our Website; the Internet address from which you linked directly to our Website, if any; the type of operating system on your computer; the type of browser that you are using to view a Website. These and similar types of information may also be collected by "web-bugs" or single-pixel gifs and by other means. We use social buttons (such as Facebook, LinkedIn, and Twitter) to enable sharing of material originating from our Websites. The third-party social sites used to share information use scripts and these scripts may be gathering your information.

  1. Why do we process your personal data?

Your personal data will be stored in centralized systems which are under the control of the Sangoma and accessible by authorized staff of Sangoma or it's reseller/channel partners, as applicable.

We use the information we collect about you to process your purchase orders, answer your queries, provide services to you and enable you to manage your accounts with us.  With your consent, we will contact you via our marketing and sales channels (email/ phone/ post) about other related products and services we, or our group business, provide which we think may be of interest to you.  Our marketing communications are generally sent by email, but we may sometimes use other methods of delivery such as by mail or SMS.

We mainly collect, store and process personal data at two different stages: (i) before you decide to register an account on our Websites and (ii) when you have registered an account on our Websites.

(i) Before you register an account on our Websites

When you visit our Websites, we collect information about your use of our Websites. This includes both information we collect directly from you, and information we collect about your behaviour. This information may constitute 'personal data' under applicable law. We use this information to provide you with (personal) offers, both on our Websites and via advertisements on other websites you visit. 

Advertising

Generally. We may use other companies to serve third-party advertisements when you visit and use our Websites. These companies may collect, and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to our Websites and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies' use of their tracking technologies is subject to their own privacy policies.

Targeted Advertising. We use Website information to provide you with (personal) offers, both on our Websites and via advertisements on other websites you visit. In order to serve offers and advertisements that may interest you, we may display targeted advertisements on our Websites, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.

ii. After you have registered an account on our Websites

When you register on our Websites, you may be required to provide us with your name, email address, phone number, mailing address, credit card or other payment information as applicable. We use this personal data to process your purchase orders, for billing purposes, and to allow us to communicate with you about your purchase orders.

Overview of activities under stage (i) and (ii):

We may at each of the stages outlined above use your personal data but only when and to the extent the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract, we are about to enter into or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal or regulatory obligation.

Where you have provided your consent.

  1. Sharing your data

We may share your personal data as follows:

  1. Affiliates. We may share some or all of your personal data with our affiliates, in which case we will require our affiliates to comply with this Privacy Statement. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.

  2. Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.

  3. Our Third-Party Service Providers. We may share your personal data with our third-party service providers who provide services such as payment processing, information technology and related infrastructure provision, business support (operational and administrative), customer service, the processing and delivery of marketing communications to you, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data. Third parties are subject to confidentiality obligations and may only use your personal data to perform the necessary functions and not for other purposes. 

  4. Other Disclosures. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Privacy Statement; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.

  5. Third Parties Designated by You. We may share your personal data with third parties where you have provided your consent to do so.

We do not share your data with any third parties outside of the above processing arrangements and we do not share your data with any business external to our group for their own marketing purposes.  From the data we collect, you should only ever receive marketing communications from our own brands.  

General information relevant for all requests and queries

Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law.

We will use reasonable endeavours to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires. If your request is manifestly unfounded or excessive, we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies. If we decide not to honour your request or answer your query, we will explain our reasons for doing so in our reply.

Protection and Storage of Data

We have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored by means of state-of-the-art protection measures. A strictly limited amount of people have access to your personal data.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Our Sangoma Websites take precautions to protect our users' personal data. We use standard industry mechanisms to protect customer data from unauthorized access, for example, by using password protection and standard encryption methods. Transactions, access to transactional records, or access to account information occurs over a server that has safeguards such as secure server software (SSL) which encrypts information before transmission. You can confirm that pages are encrypted, and we urge you to do so before submitting or transmitting sensitive information, by viewing the lock icon on the bottom of most browsers. We also take measures off-line to protect your personal data that is known to us to be financial and business sensitive information to the same extent that we take measures to protect our own such information.

You may edit your account information and account profile at any time using your email address and password. Do not divulge your password to anyone. We will never ask you for your password in an unsolicited telephone call or in an unsolicited e-mail. Remember to sign out of your account and close your browser window when you have finished your work. This may help to protect against access by others to your personal and business information if you share a computer or are using a computer in a public place.

Retention of Information

We will only retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Statement and your continued business relationship with  Sangoma or to the extent permitted by law. 

Should you choose to unsubscribe from our mailing list, please note that your personal data may still be retained on our database to the extent permitted by law


  1. For EU, United Kingdom, and Swiss Individuals: PrivacyNotice for Personal Data Transfers to the United States

It is necessary to transfer your personal information (meaning, “any information relating to an identified or identifiable natural person” as defined by applicable data protection legislation) overseas to Sangoma US Inc. and it’s wholly owned United States subsidiaries, Sangoma Technologies US Inc., VoIP Innovations LLC, VOIP Supply LLC, Digium Cloud Services LLC, and Digium Inc., (collectively, the “Sangoma United States Group”)  as most of our centralized data processing is in the United States of America.  Any transfers will be made in full compliance with all aspects of the applicable regulations.

For the purpose of applicable data protection legislation, the data controller of your personal data is the Sangoma United States Group company that is providing the individual website or other services.  

All members of the Sangoma United States Group may be contacted at the following address: Sangoma Technologies Inc., the operating subsidiary of Sangoma Technologies Corporation, with its main address at 100 Renfrew Drive, Suite 100, Markham, Ontario, L3R 9R6.

When we transfer personal data to a country outside of the EEA, United Kingdom, and Switzerland that does not offer an adequate level of data protection, we will ensure compliance with applicable law.    Sangoma relies on EU Standard Contractual Clauses as the cross-border transfer mechanism from the EEA, United Kingdom, and Switzerland. It has put in place the EU Standard Contractual Clauses among the applicable Sangoma group entities, as well as with its applicable partners and vendors. 

  1. For EU Individuals: Your Rights under the General Data Protection Regulation (GDPR)

In addition to the above, the Sangoma United States Group also processes personal information in compliance with the GDPR.

For the purpose of applicable data protection legislation, the data controller of your personal data is the Sangoma United States Group company that is providing the individual website or other services.  

All members of the Sangoma United States Group may be contacted at the following address: Sangoma Technologies Inc., the operating subsidiary of Sangoma Technologies Corporation, with its main address at 100 Renfrew Drive, Suite 100, Markham, Ontario, L3R 9R6.

  1. Legal Basis for the Processing of your Information 

If you are located in the European Economic Area (“EEA”), the Sangoma United States Group’s processing of your personal information will also be based on the following: To the extent that the Sangoma United States Group obtains your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). If the processing of your personal information is necessary for the performance of a contract between you and the Sangoma United States Group or for taking pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b). Where the processing is necessary for the Sangoma United States  Group to comply with a legal obligation, the Sangoma United States Group will process your personal information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).

 

Please note that where you have given your consent to the processing of your personal information you may withdraw your consent at any time, for example by contacting the Sangoma  United States Group as detailed below which withdrawal will not affect the lawfulness of any processing previously made on basis of your consent. 

 

  1. Your Rights
    We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. You have the right to access, correct, or delete the personal information that the Sangoma United States Group collects. You are also entitled to restrict or object, at any time, to the further processing of your personal information. You may have the right to receive your personal information that you provided to the Sangoma United States Group in a structured and standard format and, where technically feasible, the right to have your personal information transmitted directly to a third party.  You may lodge a complaint regarding the processing of your personal information with the competent EU Data Protection Authorities (DPAs) .

We provide the following rights to all EU and Swiss individuals:

  1. Right to revoke consent

If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward (which may include discontinuation of services and/or processing future orders).

  1. Right of access to your information 

If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by contacting us as defined below.  We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.

  1. Right to rectification and erasure of data, and restriction of processing

If you believe that our processing of your personal data is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by contacting us as defined herein. 

  1. Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with Article 20 of the General Data Protection Regulation, by contacting us as defined below.

  1. Right to object 

You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data.  Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes or to profiling. You can do this by either updating your preferences for your account on our Sangoma United States Group Websites.


You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  https://edpb.europa.eu/about-edpb/board/members_en


For the sake of clarity: without prejudice to the foregoing we are at all times entitled to send you messages that do not constitute direct marketing, i.e. service messages as it relates to your business relationship with the Sangoma United States Group.

 

You may contact the Sangoma United States Group as detailed below to exercise your rights. We will respond to your request in a reasonable timeframe. To protect the privacy and the security of your personal information, the Sangoma United States Group may request information from you to enable the Sangoma Group to confirm your identity and right to access such information, as well as to search for and provide you with the personal information we maintain. There are instances where applicable laws or regulatory requirements allow or require the Sangoma United States Group to refuse to provide or delete some or all of the personal information that the Sangoma United States Group maintains.

 

  1. Additional Data Security
    In addition to the security measures detailed above, the Sangoma United States Group takes the following steps to protect personal data: (i) takes measures to ensure the ongoing confidentiality, integrity, availability, and resilience of the Sangoma United States Group’s processing systems and services; (ii) takes measures to ensure the Sangoma United States Group’s ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident; and (iii) has a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures. 

 

  1. Customer Proprietary Network Information (CPNI)

As an interconnected VoIP Provider Sangoma US Inc. and its wholly owned subsidiaries have access to a highly regulated form of customer personal information known as Customer Proprietary Network Information (CPNI) and shares this access with its wholly owned subsidiaries and also with its parent company Sangoma Technologies Corporation. Please see https://www.sangoma.com/legal/ for the Sangoma Customer CPNI Policy.

11. Human Resources Privacy Statement

 Please view our Human Resources Privacy statement for information specific to how Sangoma uses, processes, and protects personal information provided for human resource purposes. 


12. For California Individuals (excluding California job applicants and employees):  Your rights under the CCPA

For individuals who reside in the state of California (excluding job applicants and employees, who should view the Human Resources Privacy Statement for information specific to them), in addition to following the above procedures detailed under “General” below, Sangoma also protects your personal information in accordance with section 1798.100 (b) of the California Consumer Privacy Act (CCPA). The CCPA defines “personal information” as, “categories of information that identifies, relates to, describes or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly to a particular individual or household.” 

You are responsible for ensuring that the data you submit to us is correct and true. You are under no statutory or contractual obligation to provide personal data to Sangoma. However, if you do not provide the information, we may not be able to render service to you properly or at all. Your personal data will be treated as strictly confidential.

  1. How Sangoma Collects, Shares, and Retains Your Data


We have set out below the categories of personal information we may have collected about you and, for each category of personal information that may have been collected, the categories of sources from which that information may have been collected, and the categories of third parties with whom we may have shared the personal information.

Category of Personal Information

We have collected such personal information from the following categories of sources:

We shared such personal information with the following categories of third parties:

Identifiers: e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

  • Directly from you, e.g., from forms you completed.

  • Indirectly from you, e.g., information you authorized a third-party or service provider to provide to us.

  • From service providers that interacted with us in connection with the services performed.

  • From a public source (i.e., the internet or public records).

  • Public entities and institutions (e.g., regulatory, quasi-regulatory, tax or other authorities, law enforcement agencies, courts, arbitrational bodies, fraud prevention agencies)

  • Professional advisors including law firms, accountants, auditors, insurers, and tax advisors.

  • Service Providers

Personal information categories: e.g., name, contact information.

Some personal information included in this category may overlap with other categories.

 

 

  1. We Also May Share Any of the Personal Information We Collect as Follows:

Sharing for Legal Purposes: We may share personal information with third parties in order to: (a) comply with a legal process or a regulatory investigation (e.g., a subpoena or court order); (b) our Terms of Service, this Privacy Statement, or other contracts with our business partners, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our business partners, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes.

Sharing In the Event of a Corporate Transaction:  We may also share personal information in the event of a corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, for purposes of due diligence connected with any such transaction or transition of service to another provider. In such cases, your personal information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

Sharing with Sangoma Entities: Sangoma may share personal information with Sangoma entities in order to perform the business purposes detailed below. 

The Sangoma entities are: 

North America

Sangoma Technologies Corporation, an Ontario, Canada business corporation which is a holding company only with no employees.

Sangoma Technologies Inc. an Ontario, Canada business corporation which is a wholly owned subsidiary of Sangoma Technologies Corporation and which is the operating arm of Sangoma Technologies Corporation

Sangoma US Inc., a Delaware corporation in the United States and a wholly owned subsidiary of Sangoma Technologies Inc.

Digium Inc. a Delaware corporation in the United States and a wholly owned subsidiary of Sangoma US Inc. 

Digium Cloud Services LLC, a Delaware corporation in the United States and a wholly owned subsidiary of Digium Inc. 

E4 Technologies, LLC, a Michigan Limited Liability company in the United States and a wholly owned subsidiary of Sangoma US Inc.

VoIP Supply LLC, a New York corporation in the United States and a wholly owned subsidiary of Sangoma US Inc.

VoIP Innovations LLC, a Delaware corporation in the United States and a wholly owned subsidiary of Sangoma US Inc.

Europe

Sangoma Technologies Limited, an Irish company in Ireland and a wholly owned subsidiary of Sangoma Technologies Inc.

Asia Pacific

Sangoma HK Limited, a Hong Kong company and a wholly owned subsidiary of Sangoma Technologies Inc.

India

Sangoma Technologies Private Limited, a wholly owned subsidiary of Sangoma Technologies Inc. located in India.

Sharing With Service Providers:  We share any personal information we collect with our service providers, which may include (for instance) providers involved in technical or customer support, operations, web or data hosting, auditing, legal consultancy, security, marketing, or otherwise assisting us to provide, develop, maintain, and improve our company and our services. 

Sharing of Aggregate Information: We may aggregate and/or de-identify any information collected so that such information can no longer be linked to a single person (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.

For Which Business Purposes Sangoma Collects, Uses, Discloses, and Retains Your Data

We may collect, use, disclose and retain your personal information for one or more of the following business or commercial purposes (each, a “Business Purpose”):

  • To comply with regulatory and legal obligations such as (i) fulfilling control and reporting obligations under applicable financial regulations, including securities regulations; (ii) complying with investor protection or conduct of business regulation (such as carrying out suitability or appropriateness assessments; (iii) comply with state and federal law requiring employers to maintain certain records.

  • Other internal purposes, for example authorizing, granting, administering, monitoring, and terminating access to or use of company systems, software, facilities, records, property, and infrastructure.

  • To protect the company, its employees, and the public against injury, theft, legal liability, fraud or abuse, internal research, internal operations, auditing, detecting security incidents, debugging, short-term and transient use, quality control, and legal compliance.

  • To provide you with information, products, or services that you request from us.

  • To facilitate or complete a transaction you request from us.

  • To provide you with email alerts, communications, and other notices concerning our products or services, or events or news, that may be of interest to you.

  • To improve our website and enhance your experience on our platforms.

  • To detect security incidents.

  • To verify customer information.

  • For testing, research, and product development.

  • As necessary or appropriate to protect the rights, property, or safety of us, our clients, or others.

  1. Retention of Personal Information

Personal information will not be kept for longer than is necessary for the Business Purpose for which it is collected and processed and will be retained in accordance with our internal document retention policies. In certain cases, laws or regulations require us to keep records for specific periods of time, including following termination of the employment relationship. In other cases, records are retained in order to administer the employment relationship or to resolve queries or disputes which arise from time to time.

  1. Protection and Storage of Personal Data

We have used and will continue to use reasonable endeavors to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored by means of state-of-the-art protection measures. A strictly limited amount of people has access to your personal data.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We take precautions to protect your information. We use standard industry mechanisms to protect data from unauthorized access, for example, by using password protection and standard encryption methods. Transactions, access to transactional records, or access to account information occurs over a server that has safeguards such as secure server software (SSL) which encrypts information before transmission. You can confirm that pages are encrypted, and we urge you to do so before submitting or transmitting sensitive information, by viewing the lock icon on the bottom of most browsers. We also take measures off-line to protect your information that is known to us to be financial and business sensitive information to the same extent that we take measures to protect our own such information. 

In addition to the security measures detailed above, Sangoma takes the following steps to protect personal data: (i) takes measures to ensure the ongoing confidentiality, integrity, availability, and resilience of Sangoma processing systems and services; (ii) takes measures to ensure Sangoma’s ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident; and (iii) has a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures. 

VI.  Your California Rights and Choices

Without being discriminated against for exercising these rights, California residents have the right to request that we disclose what personal information we collect from you, to delete that information, and to opt-out of the sale of your personal information, subject to certain restrictions. You also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, to the extent Sangoma acts as a “business” (as opposed to a “service provider”) for purposes of handling personal information.  (To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.)

a. Right to Opt-Out of the Sale of Your Personal Information.

California residents may opt-out of the “sale” of their personal information. California law broadly defines what constitutes a “sale” – including in the definition making available a wide variety of information in exchange for “valuable consideration”. We do not, and will not, sell your personal information.

b. Right to Request Deletion of Your Personal Information

You may also request that we delete any personal information that we have collected directly from you (note that this is different from your right to “opt-out” of us selling your personal information, which is described above). However, we may retain personal information for certain important purposes, such as (a) to protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality (such as de-bugging purposes), (c) as necessary for us, or others, to exercise their free speech or other rights, (d) to comply with law enforcement requests pursuant to lawful process, (e) for scientific or historical research, (f) for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations.  If you ask us to delete it, you may no longer be able to apply for employment at Sangoma.

c. Right to Request Access to Your Personal Information

California residents also have the right to request that we disclose what categories of your personal information we collect, use, or sell.  As a California resident, you may request access to the specific pieces of personal information that we have collected from you.

California residents may learn more how to exercise these rights of information access by sending an email to [email protected] or by mail sent to Sangoma US Inc., Attn: Legal, 445 Jan Davis Drive, Huntsville, Alabama 35806. We will only use the information you submit to respond to your request, and we may need to identify you and your state of residence before we can respond.

However, we may withhold some personal information where the risk to you or our business is too great to disclose the information, or where we cannot verify your identity in relation to such personal information. Thus, for security purposes (and as required under California law), we will verify your identity – partly by requesting certain information from you – when you request to exercise certain of your California privacy rights.

Once we have verified your identity, we will respond to your request as appropriate:

  • Where you have requested the categories of personal information that we have collected about you, we will provide a list of those categories.

  • Where you have requested specific pieces of personal information, we will provide the information you have requested, to the extent required under the CCPA and provided we do not believe there is an overriding privacy or security concern by doing so.

If we are unable to complete your requests fully for any of the reasons above, we will provide you with additional information about the reasons why we could not comply with your request.

d. Right to Nondiscrimination. We do not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.

e. Information About Persons Under 16 Years of Age

We do not knowingly collect personal information from minors under 16 years of age in California unless we have received legal consent to do so. If we learn that personal information from such California residents has been collected, we will take reasonable steps to remove their information from our database (or to obtain legally required consent).

f. Authorized Agents

You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf by providing us with a signed written authorization or a copy of a power of attorney.

g. Disclosure of Personal Information, No Sale

Over the preceding twelve (12) months, we disclosed certain categories of California residents’ personal information to the categories of third parties as shown in the table above. We do not and will not sell California residents’ personal information.

13. General

  1. Unsubscribing from and subscribing to email communications 

The information we collect as part of any entry/registration process also provides us a means to inform you of product updates or revisions, additional special offers, or to notify you of products and services that relate directly to your specific interests and needs. 

After you have authorized the initiation of transmission of commercial electronic e-mail from us, you may elect to cease further transmissions of commercial electronic e-mail sent to you from us by clicking on the "unsubscribe link" provided within the e-mail or by updating your email preferences at https://www.sangoma.com/subscribe/mailing-list/

 

If at any time you change your mind after opting out, you may opt in via the same links above. 

 

Some non-marketing communications are not subject to general opt-out, such as communications relating to product download, sales transactions, software updates and other support related information, patches and fixes, conferences or events for which you have registered, disclosures to comply with legal requirements, and (where permitted by law) quality assurance surveys. Some additional communications with partners are also not subject to general opt-out, including product alerts, updates, contractual marketing and sales materials, and other notices related to partner status. 

 

  1. Links to Third Party Sites
    The Website may contain links to third party sites. Access to any other Internet site linked to the Website is at the user's own risk and we are not responsible for the accuracy or reliability of any information, data, opinions, advice, statements, terms of use or privacy practices of such other sites unless it is also a Website owned or controlled by us. We provide these links merely as a convenience and the inclusion of such links does not imply an endorsement of the site or their entities, products or services. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every site that collects personally identifiable information. This Privacy Statement applies solely to information collected by a Website on the domains owned and controlled by us.

 

  1. Third-Party Software which collects Website Analytics

Use of Google Analytics to support Display Advertising
In order to market to anonymous visitors, we use Google Analytics to support Display Advertising using data collected from Website visitors as they anonymously browse the Websites. The Google Analytics Features implemented based on Display Advertising are Remarketing and Google Analytics Demographics and Interest Reporting. We use the data from Google Analytics Features to ensure that our marketing is targeting the appropriate Website visitors. Website visitors may use the Ads Settings to opt-out of Google Analytics for Display Advertising and customize Google Display Network ads by going to https://www.google.com/settings/ads. Google Analytics’ currently available opt outs are available at https://tools.google.com/dlpage/gaoptout/. We use Remarketing with Google Analytics to advertise online. Third party vendors, including Google, may show our ads on sites across the Internet. We and third-party vendors, including Google, use first-party cookies (such as the Google Analytics Cookie) and third-party cookies (such as the Double Click cookie) together to inform, optimize, and serve ads based on your past visits to the Websites.

 

Use of Google reCAPTCHA, Google Trusted Stores, and Google Tag Manager

We have implemented the Google reCAPTCHA, Google Trusted Stores, and Google Tag Manager on our Websites.  Your use of these items are subject to the Google Privacy Policy and Terms of Use.

 

  1. Information Use and Disclosure
    We may use the information obtainable from a Website for editorial and feedback and legal purposes and for other purposes.

 

For example, we reserve the right to provide IP addresses, information provided during registration, and all of the above data obtained through the use of web server log files to third parties for legal purposes such as preventing or investigating any possible criminal activity or in response to any lawful request.

 

Additionally, we may provide aggregate information to its in-house and independent sales representatives, use the information for marketing and promotional purposes, for a statistical analysis of user behavior, for product development, to inform advertisers as to how many visitors have seen or clicked on their advertisements, to third parties to assist with the protection and registration of our trademarks, to target markets and to formulate our own proprietary and business strategies and plans. Any information that you actively provide to us, such as names, postal and email addresses, and phone numbers may be added to our databases and if you elect to allow such use, may be used by us to contact you regarding Website updates, new products and services and for other purposes specifically allowed by you when you supply such information.

 

We may retain the content of any customer service web form or email that we receive, the email from which it is sent, and our response, if any. Content and other information related to emails sent by user to us may be used as testimonials or for any other marketing purpose, except that no marketing communications unrelated to the subject matter of the submission will be sent to the email address from which such email or form is sent unless the user specifically elects to receive additional marketing materials or we obtain the email address through another avenue that permits such use. In all cases, email addresses may be compared to subscription or customer lists of ours and our business partners.

 

Where completion of a sale or shipment requires the use of information, such as credit card information, shipping addresses, or contact persons, we may use the information to the extent necessary.

 

We may use the information collected to analyze trends, administer Websites, track user movement, and gather broad demographic information for aggregate use, to monitor or to improve the use and satisfaction of a Website, and to customize, upgrade, or configure the layout or content of a Website.

 

We may share and disclose aggregated user statistics and demographic information in order to describe our services to prospective and existing partners, advertisers, or other third parties, and for other lawful purposes. This information is not linked to any personal information that can identify any individual person. Under confidentiality agreements, we may match user information with third-party data. We may disclose your personal information to business partners unless you directly inform us that you prefer we not do so.

 

  1. Resolution of Complaints/Questions/Concerns

We are committed to resolve any complaints about our collection or use of your personal data, CPNI, and other confidential information. 


We have done our best to make sure that this Privacy Statement explains the way in which we process your personal data, CPNI, and other confidential information, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date and we will notify you if we make any material updates. We may also notify you in other ways from time to time about the processing of your personal information, CPNI, or other confidential information.

Contact Information for GDPR or Privacy Statement questions or concerns
If you have a question or a complaint about this privacy policy as pertains to personal data  under the GDPR  or the way your personal data is processed by  the Sangoma United States Group under the GDPR or this Privacy Statement please contact us via the following https://www.sangoma.com/legal/web-requests/

Additionally, for GDPR questions or concerns, you may contact the Sangoma United States Group’s GDPR Representative pursuant to Article 27 of the GDPR via email or post to Attorney at Law, Ms. Dr. Anjte Johst, Kurfurstendamm 67, 10707 Berlin, Germany, [email protected] 


Contact Information for all other privacy questions or concerns

In case you have any questions in relation to this Privacy Statement or our practices in relation to your personal data, CPNI, or other confidential information you may open a Customer Service request at https://support.sangoma.com.  We hope to resolve any complaint brought to our attention, however if you feel that a complaint with regard to personal data has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  https://edpb.europa.eu/about-edpb/board/members_en

Human Resources Privacy Statement

Applicable to all Job Applicants/Employees

We are pleased that you are applying or have applied for a job at Sangoma Technologies Inc. or one of its wholly owned subsidiaries and we would like to provide you with information on the processing of your personal data in connection with your application. 

Please note that this Privacy Statement applies in addition to our general Privacy Policy and Cookie Policy for this website.

Additional privacy statements applicable to job applicants and employees who reside in California or the European Union can be found further below. 

You, as an applicant or employee, are responsible for ensuring that the data you submit to us is correct and true. You are under no statutory or contractual obligation to provide personal data to Sangoma during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all. Your personal data will be treated as strictly confidential.

This Privacy Statement may be subject to modification from time to time, notably in the event of changes to legislation or the introduction of new laws. Any changes will be published on our website. We therefore recommend that you check this Privacy Statement regularly.

  1. How Sangoma Collects, Shares, and Retains Your Data


We have set out below the categories of personal information we may have collected about you and, for each category of personal information that may have been collected, the categories of sources from which that information may have been collected, and the categories of third parties with whom we may have shared the personal information.

Category of Personal Information

We have collected such personal information from the following categories of sources:

We shared such personal information with the following categories of third parties:

Identifiers: e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, passport number, or other similar identifiers.

  • Directly from you, e.g., from forms you completed.

  • Indirectly from you, e.g., information you authorized a third-party or service provider to provide to us.

  • From service providers that interacted with us in connection with the services performed (e.g., background screening and verification including education, past employment, criminal background, references).

  • From a public source (i.e., the internet or public records).

  • Outplacement firms/career transition

  • Public entities and institutions (e.g., regulatory, quasi-regulatory, tax or other authorities, law enforcement agencies, courts, arbitrational bodies, fraud prevention agencies)

  • Professional advisors including law firms, accountants, auditors, insurers, and tax advisors.

Personal information categories: e.g., name, contact information, insurance policy number, education, employment, employment history, financial information, medical information, and health insurance information.

Some personal information included in this category may overlap with other categories.

Characteristics of protected classifications under state or federal law: e.g., sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), age, race, religion, national origin, disability, medical conditions and information, citizenship, immigration status and marital status; veteran or military status.

Professional or employment-related information: e.g.,

Employee pre-hire documents, such as job applications, resumes, background check forms and results, job interview notes, and candidate evaluation records; work history and prior employer, human resources data like performance evaluations and data necessary for benefits and related administrative services;

Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99): e.g., student records.

 

 

  1. We Also May Share Any of the Personal Information We Collect as Follows:

Sharing for Legal Purposes: We may share personal information with third parties in order to: (a) comply with a legal process or a regulatory investigation (e.g., a subpoena or court order); (b) our Terms of Service, this Privacy Statement, or other contracts with our business partners, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our business partners, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes.

Sharing In the Event of a Corporate Transaction:  We may also share personal information in the event of a corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, for purposes of due diligence connected with any such transaction or transition of service to another provider. In such cases, your personal information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

Sharing with Sangoma Entities: Sangoma may share personal information with Sangoma entities in order to perform the business purposes detailed below. 

The Sangoma entities are: 

North America

Sangoma Technologies Corporation, an Ontario, Canada business corporation which is a holding company only with no employees.

Sangoma Technologies Inc. an Ontario, Canada business corporation which is a wholly owned subsidiary of Sangoma Technologies Corporation and which is the operating arm of Sangoma Technologies Corporation

Sangoma US Inc., a Delaware corporation in the United States and a wholly owned subsidiary of Sangoma Technologies Inc.

Digium Inc. a Delaware corporation in the United States and a wholly owned subsidiary of Sangoma US Inc. 

Digium Cloud Services LLC, a Delaware corporation in the United States and a wholly owned subsidiary of Digium Inc. 

E4 Technologies, LLC, a Michigan Limited Liability company in the United States and a wholly owned subsidiary of Sangoma US Inc.

VoIP Supply LLC, a New York corporation in the United States and a wholly owned subsidiary of Sangoma US Inc.

VoIP Innovations LLC, a Delaware corporation in the United States and a wholly owned subsidiary of Sangoma US Inc.

Europe

Sangoma Technologies Limited, an Irish company in Ireland and a wholly owned subsidiary of Sangoma Technologies Inc.

Asia Pacific

Sangoma HK Limited, a Hong Kong company and a wholly owned subsidiary of Sangoma Technologies Inc.

India

Sangoma Technologies Private Limited, a wholly owned subsidiary of Sangoma Technologies Inc. located in India.

Sharing With Service Providers:  We share any personal information we collect with our service providers, which may include (for instance) providers involved in technical or customer support, operations including payroll, benefits and/or pension, insurance, travel, background screening, search firms who submit candidate information to us, recruiting, web or data hosting, billing, accounting, auditing, legal consultancy, security, marketing, or otherwise assisting us to provide, develop, maintain, and improve our company and our services. 

Sharing of Aggregate Information: We may aggregate and/or de-identify any information collected so that such information can no longer be linked to a single person (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.

For Which Business Purposes Sangoma Collects, Uses, Discloses, and Retains Your Data

We may collect, use, disclose and retain your personal information for one or more of the following business or commercial purposes (each, a “Business Purpose”):

  • To evaluate applications for employment or internal promotion.

  • To attract, maintain, motivate, and administer the employment relationship of Sangoma employees, including, but not limited to the following: recruitment and staffing, creating and maintaining an employee contact directory, compensation and payroll, succession planning and management, reorganization, performance assessment, promotion and career management, administering bonus, award and recognition programs, administering employee enrollment and participation in activities and programs offered to eligible employees, training and development, employee benefits administration, pension plan administration, 401k and/or retirement plans, health insurance benefits, business travel and expenses, relocating and transferring employees, compliance with applicable legal and regulatory requirements, and communication with applicants and employees.

  • To comply with regulatory and legal obligations such as (i) fulfilling control and reporting obligations under applicable financial regulations, including securities regulations; (ii) complying with investor protection or conduct of business regulation (such as carrying out suitability or appropriateness assessments; (iii) comply with state and federal law requiring employers to maintain certain records.

  • Other internal purposes, for example authorizing, granting, administering, monitoring, and terminating access to or use of company systems, software, facilities, records, property, and infrastructure.

  • To protect the company, its employees, and the public against injury, theft, legal liability, fraud or abuse, internal research, internal operations, auditing, detecting security incidents, debugging, short-term and transient use, quality control, and legal compliance.

  • To provide you with information, products, or services that you request from us.

  • As necessary or appropriate to protect the rights, property, or safety of us, our clients, or others

  1. Retention of Personal Information

Personal information will not be kept for longer than is necessary for the Business Purpose for which it is collected and processed and will be retained in accordance with our internal document retention policies. In certain cases, laws or regulations require us to keep records for specific periods of time, including following termination of the employment relationship. In other cases, records are retained in order to administer the employment relationship or to resolve queries or disputes which arise from time to time.

  1. Protection and Storage of Personal Data

We have used and will continue to use reasonable endeavors to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored by means of state-of-the-art protection measures. A strictly limited amount of people has access to your personal data.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We take precautions to protect your information. We use standard industry mechanisms to protect data from unauthorized access, for example, by using password protection and standard encryption methods. Transactions, access to transactional records, or access to account information occurs over a server that has safeguards such as secure server software (SSL) which encrypts information before transmission. You can confirm that pages are encrypted, and we urge you to do so before submitting or transmitting sensitive information, by viewing the lock icon on the bottom of most browsers. We also take measures off-line to protect your information that is known to us to be financial and business sensitive information to the same extent that we take measures to protect our own such information. 

In addition to the security measures detailed above, Sangoma takes the following steps to protect personal data: (i) takes measures to ensure the ongoing confidentiality, integrity, availability, and resilience of Sangoma processing systems and services; (ii) takes measures to ensure Sangoma’s ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident; and (iii) has a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures. 

VI.  Contact Information for Complaints/Questions/Concerns

We are committed to resolve any complaints about our collection or use of your personal data and other confidential information.  We have done our best to make sure this Privacy Statement explains the way in which we process your personal data and other confidential information and your rights thereto. If you have a question, concern, or complaint please contact us by emailing [email protected] or by mail sent to Sangoma US Inc., Attn: Human Resources, 445 Jan Davis Drive, Huntsville, Alabama 35806. If you contact us, we will use the personal data that you voluntarily provide to us for the sole purpose of contacting you and processing your enquiry. In order to answer your request, it may be necessary to forward it together with your personal data to one of our affiliated companies (which are listed above).

California Privacy Statement

Applicable to all Job Applicants/Employees who are California Residents


For applicants and employees who reside in the state of California, in addition to following the above procedures detailed under “General” above, Sangoma also protects your personal information in accordance with section 1798.100 (b) of the California Consumer Privacy Act (CCPA). The CCPA defines “personal information” as, “categories of information that identifies, relates to, describes or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly to a particular individual or household.” 


Your California Rights and Choices

Without being discriminated against for exercising these rights, California residents have the right to request that we disclose what personal information we collect from you, to delete that information, and to opt-out of the sale of your personal information, subject to certain restrictions. You also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, to the extent Sangoma acts as a “business” (as opposed to a “service provider”) for purposes of handling personal information.  (To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.)

a. Right to Opt-Out of the Sale of Your Personal Information.

California residents may opt-out of the “sale” of their personal information. California law broadly defines what constitutes a “sale” – including in the definition making available a wide variety of information in exchange for “valuable consideration”. We do not, and will not, sell your personal information.

b. Right to Request Deletion of Your Personal Information

You may also request that we delete any personal information that we have collected directly from you (note that this is different from your right to “opt-out” of us selling your personal information, which is described above). However, we may retain personal information for certain important purposes, such as (a) to protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality (such as de-bugging purposes), (c) as necessary for us, or others, to exercise their free speech or other rights, (d) to comply with law enforcement requests pursuant to lawful process, (e) for scientific or historical research, (f) for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations.  If you ask us to delete it, you may no longer be able to apply for employment at Sangoma.

c. Right to Request Access to Your Personal Information

California residents also have the right to request that we disclose what categories of your personal information we collect, use, or sell.  As a California resident, you may request access to the specific pieces of personal information that we have collected from you.

California residents may learn more how to exercise these rights of information access by sending an email to [email protected] or by mail sent to Sangoma US Inc., Attn: Human Resources, 445 Jan Davis Drive, Huntsville, Alabama 35806. We will only use the information you submit to respond to your request, and we may need to identify you and your state of residence before we can respond.

However, we may withhold some personal information where the risk to you or our business is too great to disclose the information, or where we cannot verify your identity in relation to such personal information. Thus, for security purposes (and as required under California law), we will verify your identity – partly by requesting certain information from you – when you request to exercise certain of your California privacy rights.

Once we have verified your identity, we will respond to your request as appropriate:

  • Where you have requested the categories of personal information that we have collected about you, we will provide a list of those categories.

  • Where you have requested specific pieces of personal information, we will provide the information you have requested, to the extent required under the CCPA and provided we do not believe there is an overriding privacy or security concern by doing so.

If we are unable to complete your requests fully for any of the reasons above, we will provide you with additional information about the reasons why we could not comply with your request.

d. Right to Nondiscrimination. We do not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.

e. Information About Persons Under 16 Years of Age

We do not knowingly collect personal information from minors under 16 years of age in California unless we have received legal consent to do so. If we learn that personal information from such California residents has been collected, we will take reasonable steps to remove their information from our database (or to obtain legally required consent).

f. Authorized Agents

You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf by providing us with a signed written authorization or a copy of a power of attorney.

g. Disclosure of Personal Information, No Sale

Over the preceding twelve (12) months, we disclosed certain categories of California residents’ personal information to the categories of third parties as shown in the table above. We do not and will not sell California residents’ personal information.


For EU, United Kingdom,Swiss Individuals: Privacy Notice for Personal Data Transfers to the United States

For applicants and employees who reside in the European Economic Area (“EEA”), the United Kingdom, and Switzerland, it is necessary to transfer your personal information (meaning, “any information relating to an identified or identifiable natural person” as defined by applicable data protection legislation) overseas to Sangoma US Inc. and it’s wholly owned United States subsidiaries, Sangoma Technologies US Inc., VoIP Innovations LLC, VOIP Supply LLC,  Digium Cloud Services LLC, and Digium Inc. (collectively, the “Sangoma United States Group”)  as most of our centralized data processing is in the United States of America.  Any transfers will be made in full compliance with all aspects of the applicable regulations.

If you have applied for a specific job offer, your application documents will only be considered for the filling of this position. 

When we transfer personal data to a country outside of the EEA, United Kingdom, or Switzerland that does not offer an adequate level of data protection, we will ensure compliance with applicable law.   

Sangoma relies on EU Standard Contractual Clauses as the cross-border transfer mechanism from the EEA, United Kingdom, and Switzerland. It has put in place the EU Standard Contractual Clauses among the applicable Sangoma group entities, as well as with its applicable partners and vendors. 

 

For more information on how to exercise your rights please see our Privacy Statement.

The Sangoma United States Group commits to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and comply with the advice given by the panel or the commissioner, as applicable, with regard to human resources data transferred from the EU and/or Switzerland, as applicable, in the context of the employment relationship. 

General information relevant for all requests and queries

Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law.

We will use reasonable endeavours to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires. If your request is manifestly unfounded or excessive, we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies. If we decide not to honour your request or answer your query, we will explain our reasons for doing so in our reply.

Protection and Storage of Data

We have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored by means of state-of-the-art protection measures. A strictly limited amount of people have access to your personal data.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Our Sangoma United States Group Websites take precautions to protect our users' personal data. We use standard industry mechanisms to protect customer data from unauthorized access, for example, by using password protection and standard encryption methods. Transactions, access to transactional records, or access to account information occurs over a server that has safeguards such as secure server software (SSL) which encrypts information before transmission. You can confirm that pages are encrypted, and we urge you to do so before submitting or transmitting sensitive information, by viewing the lock icon on the bottom of most browsers. We also take measures off-line to protect your personal data that is known to us to be financial and business sensitive information to the same extent that we take measures to protect our own such information.

You may edit your account information and account profile at any time using your email address and password. Do not divulge your password to anyone. We will never ask you for your password in an unsolicited telephone call or in an unsolicited e-mail. Remember to sign out of your account and close your browser window when you have finished your work. This may help to protect against access by others to your personal and business information if you share a computer or are using a computer in a public place.

Retention of Information

We will only retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Statement and your continued business relationship with the Sangoma United States Group or to the extent permitted by law. 

Should you choose to unsubscribe from our mailing list, please note that your personal data may still be retained on our database to the extent permitted by law.

  1. For EU Individuals: Your Rights under the General Data Protection Regulation (GDPR)

In addition to the above, the Sangoma United States Group also processes personal information in compliance with the GDPR.

For the purpose of applicable data protection legislation, the data controller of your personal data is the Sangoma United States Group company that is providing the individual website or other services.  All members of the Sangoma United States Group may be contacted at the following address: Sangoma Technologies Inc., the operating subsidiary of Sangoma Technologies Corporation, with its main address at 100 Renfrew Drive, Suite 100, Markham, Ontario, L3R 9R6.

  1. Legal Basis for the Processing of your Information 

If you are located in the European Economic Area (“EEA”), the Sangoma United States Group’s processing of your personal information will also be based on the following: To the extent that the Sangoma United States Group obtains your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). If the processing of your personal information is necessary for the performance of a contract between you and the Sangoma United States Group or for taking pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b). Where the processing is necessary for the Sangoma United States  Group to comply with a legal obligation, the Sangoma United States Group will process your personal information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).

 

Please note that where you have given your consent to the processing of your personal information you may withdraw your consent at any time, for example by contacting the Sangoma  United States Group as detailed below which withdrawal will not affect the lawfulness of any processing previously made on basis of your consent. 

 

  1. Your Rights
    We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. You have the right to access, correct, or delete the personal information that the Sangoma United States Group collects. You are also entitled to restrict or object, at any time, to the further processing of your personal information. You may have the right to receive your personal information that you provided to the Sangoma United States Group in a structured and standard format and, where technically feasible, the right to have your personal information transmitted directly to a third party.  You may lodge a complaint regarding the processing of your personal information with the competent EU Data Protection Authorities (DPAs). 

 

You may contact the Sangoma United States Group as detailed below to exercise your rights. We will respond to your request in a reasonable timeframe. To protect the privacy and the security of your personal information, the Sangoma United States Group may request information from you to enable the Sangoma Group to confirm your identity and right to access such information, as well as to search for and provide you with the personal information we maintain. There are instances where applicable laws or regulatory requirements allow or require the Sangoma United States Group to refuse to provide or delete some or all of the personal information that the Sangoma United States Group maintains.

We provide the following rights to all EU and Swiss individuals:

  1. Right to revoke consent

If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward (which may include discontinuation of services and/or processing future orders).

  1. Right of access to your information 

If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by contacting us as defined below.  We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.

  1. Right to rectification and erasure of data, and restriction of processing

If you believe that our processing of your personal data is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by contacting us as defined herein. 

  1. Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with Article 20 of the General Data Protection Regulation, by contacting us as defined below.

  1. Right to object 

You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data.  Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes or to profiling. You can do this by either updating your preferences for your account on our Sangoma United States Group Websites.


For the sake of clarity: without prejudice to the foregoing we are at all times entitled to send you messages that do not constitute direct marketing, i.e. service messages as it relates to your business relationship with the Sangoma United States Group.

 

  1. Additional Data Security
    In addition to the security measures detailed above, the Sangoma United States Group takes the following steps to protect personal data: (i) takes measures to ensure the ongoing confidentiality, integrity, availability, and resilience of the Sangoma United States Group’s processing systems and services; (ii) takes measures to ensure the Sangoma United States Group’s ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident; and (iii) has a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures. 

General information relevant for all EU and Swiss Individuals

Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law. We will use reasonable endeavors to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires. If your request is manifestly unfounded or excessive, we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies. If we decide not to honor your request or answer your query, we will explain our reasons for doing so in our reply.

Right to withdraw consent

Insofar as we process data on the basis of a consent given by you, you have the right to revoke the consent given at any time by filling out the form on https://www.sangoma.com/legal/web-requests/ . The revocation of your consent does not mean that the data processing carried out based on your consent up to the time of revocation becomes invalid.

Contact Information for GDPR or Privacy Statement questions or concerns

If you contact us, we will use the personal data that you voluntarily provide to us for the sole purpose of contacting you and processing your enquiry. In order to answer your request, it may be necessary to forward it together with your personal data to one of our affiliated companies. The legal basis for this data processing is Art. 6 para. 1 lit. b), Art. 6 para. 1 lit. c) GDPR and Art. 6 para. 1 lit. f) GDPR.

If you have a question or a complaint about this privacy policy as pertains to personal data under the GDPR or our Privacy Statement or the way your personal data is processed by the Sangoma United States Group under the GDPR or our Privacy Statement please contact us via the following https://www.sangoma.com/legal/web-requests/

Additionally, you may contact the Sangoma United States Group’s GDPR Representative pursuant to Article 27 of the GDPR via email or post to Attorney at Law, Ms. Dr. Anjte Johst, Kurfurstendamm 67, 10707 Berlin, Germany, [email protected]