Who we are
Hello there and welcome to our Privacy Notice! This Notice applies to Bandwidth, its affiliates and subsidiaries (including Voxbone, which joined Bandwidth as of November 2nd, 2020). We are a cloud-based communications provider for enterprises. Our solutions include a broad range of software APIs for voice and text functionality, as well as our own IP voice network. A reference to “Bandwidth,” “we,” “us,” or “our” is a reference to Bandwidth Inc. and its affiliates and subsidiaries. As used in this Privacy Notice, “personal data” means any information that relates to, describes, could be used to identify an individual, directly or indirectly. This does not include anonymous or de-identified data, which does not relate to an identified or identifiable natural person or cannot be linked to or identify an individual.
This Privacy Notice applies to personal data collected by Bandwidth through the bandwidth.com website, voxbone.com website, and other websites which we operate and where we post a direct link to this Privacy Notice, including digital, paper, and in-person communications. This Privacy Notice does not cover handling of your personal data as an employee, intern, consultant, contractor or applicant of Bandwidth and does not cover any information collected by third-party sites or content or applications that may link to or be accessible from or on our websites. This Privacy Notice is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you can download a pdf version of the policy here: https://www.bandwidth.com/wp-content/uploads/privacy-notice.pdf
Please read this Privacy Notice carefully to understand how we collect and process personal data.
Personal data that we collect
- Identifiers, your full name, address, email, company name, company website, telephone number, caller ID information, unique personal identifier, online identifier, Internet Protocol (“IP”) address, proof of address and ID of end users (where there is a regulatory requirement).
- Account Payment Information, your credit/debit card number, signature, bank wire transfer information.
- Commercial Information, records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or Similar Network Activity, your browsing and search history, information on your interaction with our websites and advertisements, information about the communications delivered via our platform.
- Metadata, information about the communications delivered via our platform such as source and destination information, IP address, completion status, time and duration of use.
- Geolocation Data, when you use our products or services, such as source and destination information about the communications delivered, real-time location information for emergency service via the Bandwidth products or services.
- Cookies and Other Technologies, website cookies and similar technologies to distinguish you from other visitors and compile information about the usage of our websites. For further information, please see “Cookies and other tracking technologies.”
- Sensory Data, your interactions with our sales and customer support teams may be recorded for quality assurance, training, and analysis purposes (consent will be recorded if required by applicable law). When you use our products or services, it may include text-to-speech transcriptions, DTMF tones, media in your voice calls and text messages (only applicable to US).
How we collect your personal data
We use different methods to collect personal data from and about you including through:
- Direct interactions. You may give us information about you by filling in forms, engaging in chat on our website, accessing or utilizing any of our websites, opening an account with us, requesting support, subscribing to our newsletters, requesting information or materials (e.g. whitepapers), registering for events or webinars, visiting our booth at a trade show or other event, participating in surveys or evaluations, accessing or utilizing any of our websites, submitting questions or comments, or by corresponding with us by phone, email, video, or otherwise.
- Automated technologies or interactions As you interact with our websites, we may automatically collect technical data about your equipment, browsing actions, and patterns as specified above. See “Cookies and other tracking technologies.”
- Third parties or publicly available sources. We may receive information about you if you visit other websites employing our cookies or from third parties including, for example, advertising networks, analytics providers, through publicly available data, such as social media (like LinkedIn, Facebook, and others) and websites.
- Indirectly. As a service provider in the course of providing voice and messaging communications services.
How we use your personal data
We may use the personal data we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information and to provide our products and services.
- To respond to your inquiry about our products and services, including to investigate and address your concerns and monitor and improve our responses.
- To enable our customers and end users to send and receive communications via our platform and to bill for those services.
- To inform you of additional features, expanded coverage or other products or services offered by us.
- To allow you to interact with our systems, including our websites.
- To create, maintain, customize and secure your account with us.
- To process your requests, purchases, transactions and payments.
- To bill, collect, and remit taxes, fees and surcharges to the appropriate jurisdictions.
- To personalize your website experience and to deliver content and service information relevant to your interests, including targeted offers, marketing communications and ads through our websites, third-party sites and via email.
- To maintain the safety, security and integrity of our website, services, databases and other technology assets and business.
- For testing, research, development, and analysis; mitigation of fraud and spam (as applicable per specific product offering), unlawful or abusive activity, or violations of our Acceptable Use Policies; perform quality control; gauge routing effectiveness and deliverability and product development, including developing and improving our websites and products and services. Specifically, with respect to MMS and SMS messaging, we utilize industry-standard content-analysis software which utilizes electronic, algorithmic inspection of the originating telephone number and/or content of MMS and SMS messages for purposes of spam blocking (only applicable to US).
- If you have elected to have your name, address, and telephone number published in directories, we may share such information with directory publishers (who publish white pages, yellow pages, and other similar directories) and directory assistance providers.
- As described to you when collecting your personal data.
- Law enforcement, security, and safety.
- To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or other legal process where we believe in good faith that disclosure protects your safety or the safety of others, or where we need to protect a legitimate business interest such as fighting against fraud that harms our rights.
- For security purposes to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.
- Asset transfer and/or M&A Activity.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Bandwidth’s assets, whether at Bandwidth’s discretion or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by Bandwidth about you is among the assets transferred.
Bandwidth will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you notice. We may use non-personal data for any business purpose. To improve our products and services, we commonly will de-identify/anonymize or aggregate your personal data (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you. The legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it, including but not limited to: (a) performance of a contract; (b) legitimate interest; (c) necessary for compliance with a legal obligation; or (d) consent to collect and process your Personal Data.
How we share your personal data
We may disclose your personal data to a third party for a business purpose. Bandwidth may share your personal data in the following ways:
- To companies that perform services on our behalf only as needed for them to perform those services, including other communications providers in order to route communications over the Bandwidth network.
- To any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
- To advertising and marketing companies and networks.
- To data analytic providers.
- To other companies and entities, to:
- Respond to emergencies or exigencies;
- Comply with court orders, law, and other legal process, including responding to any government or regulatory request;
- Assist with identity verification, preventing fraud, and identity theft;
- Provide directory assistance services, with your consent.
- To fulfill the purpose for which you provide it.
- For any other purpose that we disclose in writing when you provide the personal data.
- With your consent.
- To sell, transfer, merge, divest, restructure, reorganize, or dissolve all or a portion of our business or assets.
- To enforce our Terms and Conditions and other agreements.
- To protect the rights, property, or safety of our business, our employees, our customers, or others.
Data subject rights
Under certain circumstances, you as a data subject have the below rights under data protection laws in relation to your personal data.
- Right to access. You have the right to request a copy of your personal data and supplementary information.
- Right to rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.
- Right to erasure. You have the right to request that we erase your personal data, under certain circumstances.
- Right to restriction of processing. You have the right to restrict the processing of your personal data, under certain circumstances.
- Right to data portability. You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to request that we transmit this data directly to another controller.
- Right to withdrawal consent. In the event our processing is based on your consent, you may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to object to processing. You have the right to object to the processing of your personal data at any time, under certain circumstances.
Data controller of our websites: Bandwidth Inc., 900 Main Campus Drive, Suite #100, Raleigh, North Carolina, 27606, USA, except for Voxbone.com, which is Voxbone S.A, Avenue Louise 489, 1050 Brussels, Belgium. Data controller for our products and services is the entity that you contracted with. To exercise any of the above rights or if you have any questions about this Privacy Notice, please enter them in the DATA SUBJECT RIGHT REQUEST FORM. You may also make a complaint to a relevant data protection supervisory authority in the EU and UK. We would, however, appreciate the opportunity to address your concerns before you do so.
- Fees. You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
- Information we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to assist with our response.
- Timing. We try to respond to all legitimate requests within one month of receipt of the request. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
International data transfers and Privacy Shield
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) declared the EU-US Privacy Shield invalid and may no longer be utilized to transfer personal data from the EEA. We will continue to comply with our obligations under the EU-US Privacy Shield Framework (see FAQs from the U.S. Department of Commerce).
Bandwidth is a global organization, with legal entities, business practices, and technical systems that operate across borders. Your personal data may be collected, transferred to, and stored by us in the United States and by our subsidiaries and/or third-party service providers that are in other countries. Therefore, your personal data may be transferred and processed outside your jurisdiction and in countries that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (“EEA”). Where applicable law requires us to utilize a data transfer mechanism, we rely on adequacy decisions as adopted by the European Commission; standard contractual clauses issued by the European Commission; or pursuant to established derogations for specific situations. You may obtain a redacted copy (from which commercial information and information that is not relevant has been removed) of such EU Standard Contractual Clauses by sending a request to firstname.lastname@example.org.
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Bandwidth is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. Bandwidth may use third-party service providers to assist us in providing services to our customers. We are liable for ensuring that the third-parties we engage support our Privacy Shield commitments. In certain situations, Bandwidth may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, we commit to resolving complaints about our collection or use of your personal data. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at email@example.com. If we are unable to resolve any complaint related to the Privacy Shield or if we fail to acknowledge your complaint in a timely manner, you may refer a complaint to your local data authority. Bandwidth has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Under certain conditions, described more fully on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted. Some international users, including those whose information we collect under the Privacy Shield, have rights to access certain information we hold about them and to obtain its deletion. To exercise those rights, please contact us at firstname.lastname@example.org.
Cookies and other tracking technologies
We also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. To unsubscribe from our marketing emails, click the link at the bottom of the email marked “Unsubscribe” or manage your Bandwidth (not including Voxbone) email subscriptions at https://go.bandwidth.com/UnsubscribePage.html and https://mkt.voxbone.com/preference-center.html for Voxbone. Please note that you cannot opt out of receiving transactional emails related to our products and services.
The following describes how we use different categories of cookies and your options:
- Strictly Necessary Cookies. Strictly necessary cookies are necessary for our websites to function and cannot be switched off in our systems. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies. If you have chosen to identify yourself to us, we may place a cookie on your device that allows us to uniquely identify you when you are logged into our websites and to process your online transactions and requests. If you are in the EEA (based on IP address), our websites will only serve you strictly necessary cookies.
- Functional Cookies. Functional cookies enhance function, performance, and services on our websites. If you do not allow these cookies then some or all services may not function properly.
- Targeting Cookies. Targeting cookies may be set through our websites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They do not store directly personal data, but are based on uniquely identifying your browser and internet device. Some examples include: cookies used for remarketing or interest-based marketing. Our website uses Google Analytics, a web analysis service provided by Google Inc., which utilizes cookies to find out how visitors use our website. You can opt out of Google Analytics by downloading, installing, and enabling the Google Analytics’ Opt-out Browser Add-on, which can be found at https://tools.google.com/dlpage/gaoptout/.
- Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our websites. They help us to know which pages are the most and least popular.
California consumer legal rights
The California Consumer Privacy Act (“CCPA”) provides California residents with specific rights regarding their personal data. This section describes your CCPA rights and explains how to exercise those rights.
- Right to know (personal data collected or disclosed, including categories of third parties who received the data; data portability right)
- Right to opt out of the sale of personal data
- Right to data deletion of consumer’s personal data
- Right to not be discriminated against for exercising any consumer rights under the CCPA
To exercise the rights described above, please submit a request to us by either:
- Calling us toll free at 866-824-2792
- Completing our DATA SUBJECT RIGHTS REQUEST FORM
- Emailing us at email@example.com
Only you, or someone legally authorized to act on your behalf (this includes an authorized agent), may make a verifiable consumer request (“request”) related to your personal data. You may only make a request to know twice within a 12-month period. Your request must provide sufficient information that allows us to reasonably verify you are the data subject or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Any personal data provided to us for verification and fraud-prevention purposes will only be used for that purpose and such information will be deleted as soon as practical after processing of your request. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will cover the 12-month period preceding receipt of the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We will not discriminate against you for exercising any of your CCPA rights. We do not sell (as defined under the CCPA) California resident personal data we collect.
Do not track disclosure
Do not track is a privacy preference that you can set in your web browser. When you turn on the do not track signal, the browser sends a message to websites requesting them not to track you. For information about do not track, visit http://www.allaboutdnt.org. At this time, we do not respond to do not track browser settings or signals.
How long we retain your personal data
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal, regulatory, tax, accounting or other requirements. After expiration of the applicable retention periods, your personal data will be deleted or anonymized. If there is any personal data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such personal data. To improve our products and services, we commonly will aggregate your personal data (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.
How we protect your personal data
Bandwidth takes precautions including administrative, technical, and physical measures to help safeguard against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the personal data we process or use. Please note, though, that no provider can guarantee security, especially when providing services that rely on the public internet or during transmission through the interconnected landscape of telecommunications. You are solely responsible for protecting your account password(s), limiting access to your devices, and signing out of websites after your sessions. You are responsible for any activity conducted using your credentials or passwords. If you believe your password to any of our websites or systems have been compromised, please notify us immediately at firstname.lastname@example.org.
For your convenience, hyperlinks may be posted on our websites that links to other websites (“third-party sites”). We are not responsible for the privacy practices of any third-party sites or of any companies that we do not own or control. This Privacy Notice does not apply to third-party sites. Third-party sites may collect information in addition to that which we collect on our websites. We do not endorse any of these third-party sites, the services or products described or offered on such third-party sites, or any of the content contained on the third-party sites. We encourage you to read the privacy notice of each third-party site that you visit to understand how the information that is collected about you is used and protected.
Our websites, products, and services are not directed to children (under the age of 13 in the United States or under the age of 16 in the EEA) and we do not knowingly collect online personal data directly from children. If you are a parent or guardian of a minor child and believe that the child has disclosed online personal data to us, please contact us at email@example.com.
Changes to this Privacy Notice
We reserve the right to make corrections or updates to this Privacy Notice at our discretion from time to time. When we do so, we will post the updated Privacy Notice on our website and update the Privacy Notice’s Effective Date. We will notify you of material changes to this Privacy Notice, by sending a notice to the customer email address you have provided us and by placing a prominent notice at the top of the Privacy Notice for thirty (30) days. We encourage you to periodically review this Privacy Notice.
How to contact us
If you have questions about this Privacy Notice, concerns, or questions, please contact firstname.lastname@example.org.
To contact us in writing, please use:
Attn: Legal – Privacy
900 Main Campus Drive, Suite 100, Raleigh, North Carolina 27606, USA
Attn: Legal – Privacy
Avenue Louise 489, 1050 Brussels, Belgium