Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Webex Contact Center Service Privacy Data Sheet

Data Sheet

Available Languages

Download Options

  • PDF
    (358.2 KB)
    View with Adobe Reader on a variety of devices
Updated:August 29, 2021

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.



Available Languages

Download Options

  • PDF
    (358.2 KB)
    View with Adobe Reader on a variety of devices
Updated:August 29, 2021
 

 

This Privacy Data Sheet describes the processing of personal data (or personally identifiable information) by Webex Contact Center.

1. Overview of Webex Contact Center Capabilities

Webex Contact Center (the “Service”) is a cloud-based contact center service made available by Cisco or its resale partners (“Partners”) to companies (“Customer”, “you”, “your”) who purchase it for use by their authorized users (“Administrators”), their contact center agents (“Agents”) and people who access contact centers enabled by the Service (“Users”). The Service is a subscription-based service hosted in Cisco’s cloud that provides a unified contact center experience across all major communication channels. For a detailed description of the Service, please see the Webex Contact Center Offer Description.

The following describes Cisco’s processing of personal data in connection with the Service, the location and transfers of that data, and how it is secured in accordance with privacy principles, law, and regulations. Cisco will use personal data consistent with this Privacy Data Sheet. Not that this Privacy Data Sheet is a supplement to the Cisco Privacy Statement.

2. Personal data processing

The information described in this Privacy Data Sheet is accessible by the Customer, Cisco, and the Partner as described below. Administrators, Agents and Users’ information is also subject to Customer’s policies regarding access, use, monitoring, deletion preservation, and export of information associated with the Service. Cisco has no control over, and is not responsible or liable for, the privacy of an information that Administrators, Agents and Users have shared with others. Even after information has been removed from the Service, copies of that information may remain viewable elsewhere to the extent it has been shared with others by Administrators, Agents, Users or Customer.

The table below lists the personal data used by the Service and describes why we process that data.

Personal data category

Types of personal data

Purpose of processing

Registration information

Authentication Token

Name and aliases

Email Address

Phone Number

User ID

Password

Designation Cookies

Company Name

Company Contact Name

Company Physical Address

Company Time-Zone

SIP IP Address

Organization ID

We use Registration Information to:

Provision the Service

Provide operational support

Communicate with you on the status and availability of Service

Enroll you in the Service

Authenticate and authorize access to the Service

Understand how the Service is used

Make improvement to the Service

Route calls and multimedia services

Host and usage information

Log/Billing Files

Agent Identifier

Login URL

Cookies

Automatic Number Identification Information

End User Phone Numbers and associated Call Detail Records (“CDRs”)

Multimedia traffic data with associated identifiers (including sender, recipients, date, time and duration)

Alert Message Data

Time Zone

Geolocation

Domain Name

We use Host and Usage Information to:

Understand how the Service is used

Billing

Diagnose technical issues

Conduct analytics and statistical analysis in aggregate form to improve the technical performance of the Service

Respond to Customer support requests

Enforcing compliance with our terms of use and other policies in connection with legal claims, compliance, regulatory and investigatory purposes.

Marketing communication (with consent)

Agent and user generated data

Voice Communication Recordings

Non-voice communications data (email, instant messages and chat histories)

Uploaded Media Files

Agent Call Associated Data (CAD)

We use Agent and User-Generated Information to:

Provide the Service, enabling training and quality control

Provide customized prompts

Provide data processing services for voice recordings and/or transcription

Agent CAD information based on business requirements

3. Cross-border transfers

The Service leverages third-party hosting providers and business partners to deliver the Service globally. The Service’s data centers are currently located in the following countries (data center locations may change from time to time and this Privacy Data Sheet will be updated to reflect those changes):

Cloud-hosted application processing locations:

Virtual Point Of Presence (vPOP) locations

AWS US

Amsterdam, Netherlands

AWS United Kingdom

Calgary, Canada

AWS Germany

London, UK

AWS Australia

Los Angeles, USA

AWS Canada

New York, USA

 

Toronto, Canada

 

Sydney, Australia

 

Melbourne, Australia

Cisco has invested in a number of transfer mechanisms to enable the lawful use of data across jurisdictions. In particular:

      Binding Corporate Rules

      Swiss-US Privacy Shield Framework

      APEC Cross Border Privacy Rules

      EU Standard Contractual Clauses

4. Access control

Administrators, managers, supervisors, and agents who have been granted authorized Roles Based Access Controls (RBAC) can monitor real-time and historical information transacted on their specific tenant only through the Management Portal of Webex Contact Center, as described in the table below.

Personal data category

Who has access

Purpose of the access

Registration information

Administrators and Agents through the Tenant Management Portal

Modify, control, and delete information.

Customer through the Tenant Management Portal

Modify, control, and delete in accordance with Customer’s personal data policy.

Partner through the Partner and Tenant Management Portal. Partners do not have access to Authentication Tokens or Passwords

Modify, control, and delete in accordance with Partner’s personal data policy.

Cisco

Support the Service in accordance with Cisco’s data access and security controls process.

Host and usage information

Administrators and Agents through the Tenant Management Portal and Agent Desktop

View Interaction Information and History.

Customer through the Tenant Management Portal

Analysis to improve user performance and customer satisfaction

Partner through the Partner and Tenant Management Portal

Analysis to improve user performance and customer satisfaction

Cisco

Support and improvement of the Service

Agent and user generated information

Agents through the Tenant Management Portal

Access and view historical data.

Customer and Administrators through the Tenant Management Portal

Modify, control, and delete in accordance with Customer’s personal data policy

Partner through the Partner and Tenant Management Portal

Modify, control, and delete in accordance with Partner’s personal data policy

Cisco

While Cisco operates the Service, Cisco will not access this data unless it is shared with Cisco by the Customer and will only access in accordance with Cisco’s data access and security controls process.

5. Data portability

Data Records such as Call Detail Records and/or personal data collected about Customers, Administrators, and Users (as described in Section 2 above) are available to Cisco’s Partners and Customers in machine readable format upon Partner request. Data must be requested within 60 days post contract termination and is subject to data retention policies (as described in section 7 below). Users of the Service that wish to access their personal data must request it from the Customer.

6. Data deletion and retention

Partner may request deletion of personal data retained on the Service on behalf of Customer, Agents, Administrators or Users by sending a request to privacy@cisco.com or open a TAC support request. When Partner makes a request for deletion, Cisco endeavors to delete the requested data from its systems within 30 days, unless the data is required to be retained for Cisco’s legitimate business purposes. If we are required to retain certain categories of data, the reason why we retain it and the retention period are described in the table below.

Personal data category

Retention period

Reason for retention

Registration information

  7 years from when the Service is terminated.

Data collected as part of registration, including information provided by Customers as part of Cisco’s financial due diligence, constitute Cisco business records and are kept to comply with Cisco financial and audit policies, as well as tax requirements.

Host and usage information

7 years

Information generated by instrumentation and logging systems created through the use and operation of the Service is kept as part of Cisco’s record of Service delivery and to comply with Cisco financial and audit policies, as well as tax requirements

Agent and user generated data

Active Subscriptions:

  Voice Communication Recordings at Customers’ contractual requirements
  Chat and instant message history: 30 days.
  Email content: 3 years.

Inactive Subscriptions:

  Deleted within 60 days.
  Communication recordings and histories are retained in order to provide the service and enable training.
  Customers have the ability to set organization-wide retention periods for voice communication recordings.
  Uploaded media files are not retained on the Service when Customer or an Administrator deletes this data.

7. Personal data security

Cisco has implemented appropriate technical and organizational measures designed to secure personal data from accidental loss and from unauthorized access, use, alteration or disclosure. The Service’s technical and organizational security measures are certified annually in accordance with SOC 2, Type II, PCI-DSS standards, and HIPAA.

Personal data category

Type of encryption

Registration information

Encrypted in transit, and disk encrypted at rest

Passwords

Encrypted in transit and hashed at rest

Host and usage information

Encrypted in transit, and disk encrypted at rest

Agent and user generated data

Encrypted in transit, and disk encrypted at rest

Voice communication recordings

Encrypted in transit and at rest

Additional controls include:

      Encryption of all voice recordings and payment card details.

      Session encryption and secure file transmission.

      Authenticating Cisco employee, vendor and contractor access to information systems.

      All call recordings are access controlled.

      Regular audits to address the ongoing confidentiality, integrity, availability and resilience of Cisco processing systems and services.

8. Third party service providers (sub-processors)

We may data with other Cisco entities and/or service providers, contractors or other third parties to assist in providing and improving the Service. The data shared may include aggregate statistics or individualized data. All sharing of information is carried out consistent with the Cisco Privacy Statement and we contract with third-party service providers that can provide the same level of data protection and information security that you can expect from Cisco. We do not rent or sell your information.

If a Customer purchases the Service through a Partner, we may share any or all of the information described in this Data Sheet with the Partner. Unencrypted messages may be shared with third-party services and applications that you choose to integrate with the Service, but not with any other third parties without your permission or unless required by law. The below table lists the Service’s current subprocessors.

 

Sub-processor

Personal data

Service type

Calibrio (Optional)

Voice Communication Recordings

Cloud Infrastructure Storage. Customers can elect to use Calibrio for long term storage of recordings. This service is provided in the region where Customer is provisioned.

Aqueon

Telephone Numbers

Aqueon is utilized to make outbound calling campaign management. This service is provided in the region where Customer is provisioned.

Google

User Generated Data

Google CCAI provides transcription services . This service is provided in the region where Customer is provisioned.

9. Information security incident management

Breach and incident notification processes

The Data Protection and Privacy team within Cisco’s Security and Trust Organization coordinates the Data Incident Response Process and manages the enterprise-wide response to data-centric incidents. The Incident Commander directs and coordinates Cisco’s response, leveraging diverse teams including the Cisco Product Security Incident Response Team (PSIRT), the Cisco Security Incident Response Team (CSIRT), and the Advanced Security Initiatives Group (ASIG).

PSIRT manages the receipt, investigation, and public reporting of security vulnerabilities related to Cisco products and networks. The team works with Customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks. The Cisco Security Center details the process for reporting security incidents.

The Cisco Notification Service allows Customers to subscribe and receive important Cisco product and technology information, including Cisco security advisories for critical and high severity security vulnerabilities. This service allows Customers to choose the timing of notifications, and the notification delivery method (email message or RSS feed). The level of access is determined by the subscriber's relationship with Cisco. If you have questions or concerns about any product or security notifications, contact your Cisco sales representative.

10. Certifications and compliance with privacy laws

The Security and Trust Organization and Cisco Legal provide risk and compliance management and consultation services to help drive security and regulatory compliance into the design of Cisco products and services. Cisco and its underlying processes are designed to meet Cisco’s obligations under the EU General Data Protection Regulation and other privacy laws around the world.

See Section 3 above, for information about how Cisco leverages the personal data transfer mechanisms related to the lawful use of data across jurisdictions.

In addition to complying with our stringent internal standards, Cisco also continually maintains third-party validations to demonstrate our commitment to information security. The Service has received the following certifications:

      SOC 2 Type II

      PCI-DSS v 3.2 Certification

      HIPAA Self-Attestation

11. General information and GDPR FAQ

For more general information and FAQs related to Cisco’s Security Compliance Program and Cisco’s GDPR readiness please visit The Cisco Trust Center.

Cisco Privacy Data Sheets are reviewed and updated on an annual, or as needed, basis. For the most current version, go to the Personal Data Privacy section of the Cisco Trust Center.

 

 

 

 

Learn more