(Last updated on March 16, 2022)
UK and Europe Supplement Printable Version PDF
EU-1. Applicability; Service Provider Entity. The provisions of this United Kingdom and Europe Supplement to 8x8 UCaaS/CCaaS Regional Terms (this “EU Supplement”) (a) are a supplement to, and part of, the Regional Terms and (b) shall apply solely with respect to Ordered Products provided to a Customer Location in the United Kingdom (the “UK”) or Europe. The relevant 8x8 company that provides Ordered Products, if any, to Customer in the UK and/or Europe, and to which this EU Supplement relates, is: 8x8 UK Limited (trading as 8x8), registered in England with company number: 05083841 (Oxford House, Bell Business Park, Smeaton Close, Aylesbury, Buckinghamshire HP19 8JR), as per the relevant Order. References to 8x8 within this EU Supplement shall be references to 8x8 UK Limited. As among 8x8, Inc., 8x8 UK Limited, and 8x8, Inc.’s other Affiliates, 8x8 UK Limited shall be solely liable with respect to such Ordered Products and under the related Orders (to the extent that they relate to such Ordered Products).
EU-2. UK Europe Emergency Calling Notice. Customer acknowledges the notice related to emergency calling set forth at https://www.8x8.com/terms-and-conditions/europe-emergency-calling-notice, which notice shall apply to any 8x8 UCaaS/CCaaS Services within the scope of this EU Supplement.
EU-3. Numbers and Porting. All provisions of Section B (Numbers and Porting) of the Regional Terms other than those that expressly apply to the US and/or Canada shall apply with respect to Ordered SaaS Services within the scope of this EU Supplement. In addition, 8x8 shall take reasonable steps to ensure that the transfer of numbers and subsequent activation is completed as soon as reasonably practicable in accordance with applicable laws and regulations. Customer acknowledges that the timing of any such transfer can be impacted by certain technical and procedural requirements in relation to number transfers, including, but not limited to, where 8x8 needs to secure an agreement with another communications provider relating to number transfers. Customer may claim compensation in the form of credit against Customer’s next bill (calculated as follows) for the period from the second business day after the confirmed transfer date through the number transfer completion date, provided that Customer agrees that any compensation awarded shall be in full and final settlement of any claim that Customer may have against 8x8 or its Affiliates (now or in the future) in respect of the delay: [the monthly charges for the Ordered SaaS Services relevant to such number] multiplied by [12] divided by [365] multiplied by [the number of days delayed until porting is complete]. Notwithstanding the foregoing, unless provided otherwise under applicable law, any date change due to a delay in fulfilling the Porting Activation Requirements shall not constitute a delay or abuse in porting and shall not give rise to a claim for compensation.
EU-4. Country-Specific Contact Details/Information.
| Ombudsman Service Scheme in Belgium† | See www.ombudsmantelecom.be; also: The Office of the Ombudsman for telecommunications Boulevard Roi Albert II 8 boîte 3, 1000 Brussels, Belgium Telephone: 02 223 09 09; Fax: 02 219 86 59 plaintes@mediateurtelecom.be; klachten@ombudsmantelecom.be |
| Dispute Service Scheme in Germany | See https://www.bundesnetzagentur.de/DE/Beschlusskammern/BK11/BK11.html |
| National Regulatory Authority in Ireland* | Commission for Communications Regulation (CommReg) 1 Dockland Central, Guild Street, Dublin 1, D01 E4X0 |
| CommReg Dispute Service Scheme in Ireland | See https://www.comreg.ie/queries-complaints/ |
| National Regulatory Authority in Netherlands* | Authority for Consumers and Markets PO Box 16326 2500 BH The Hague, The Netherlands Telephone: +31 70 7222 000; Fax: +31 70 7222 355 |
| National Regulatory Authority in Poland* | The President of the Office of Electronic Communications (Urząd Komunikacji Elektronicznej) 18/20 Kasprzaka Street 01-211 Warsaw, Poland Telephone: +48 22 53 49 156; Fax: +48 22 53 49 155 E-mail: uke@uke.gov.pl; Online: https://www.uke.gov.pl/kontakt/ |
| National Regulatory Authority in Sweden* | The Swedish Post and Telecom Authority (PTS) Box 5398 SE-102 49 Stockholm, Sweden E-mail: pts@pts.se Telephone: +46 8 678 55 00; Telefax: +46 8 678 55 05 |
*For Ordered SaaS Services that are telecommunications services.
†To the extent that an ombudsman service scheme applies, the independent and impartial ombudsman will consider both sides of the complaint and resolve the dispute; in such cases, 8x8 will be bound by that decision, but Customer may reject it and pursue other avenues
EU-5. Customer Support. The Terms describe the support provided to Customer. Customer may contact customer support on uk-support@8x8.com (or by calling 8x8’s main line number +44 (0)02070966060 and stating clearly that Customer requires support), or such other address as may be notified by 8x8 from time to time, for further details.
EU-6. B2B Contract; List Pricing. Customer confirms it receives Ordered Products as a business user, and the Agreement represents a business-to-business contract. All relevant current list pricing is available at www.8x8.com/uk.
EU-7. Payment and Dispute Resolution for Spanish Customers. Spanish Customers with Ordered SaaS Services provided to a Customer Location in Spain are entitled to request that payments are made by means other than direct debit, if such other means are generally market-accepted. Spanish Customers may address any claim regarding the Services provided under this Agreement to the Spanish Secretaría De Estado De Las Telecomunicaciones Y Para La Sociedad De La Información (SETSI).
EU-8. Data Protection and Security.
EU-8.1. Data Protection Appendix. The Data Protection Appendix attached to this EU Supplement (the “DPA”) contains the following information about the Ordered SaaS Services: (a) subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, and the categories of data subjects and (b) the obligations and rights of the controller. The DPA also includes the security measures that 8x8 has in place to protect Customer Personal Data. To the extent that Customer has purchased particular SaaS Services, the relevant terms for such particular SaaS Services set out in the DPA shall apply, and such terms shall be made a part of this EU Supplement and incorporated herein by reference. 8x8 may update the DPA from time to time in its discretion to reflect the addition, removal, or discontinuation of Services and/or changes to the security measures set forth in Part B (Security Measures) of the DPA that do not have a material adverse effect on the use of the SaaS Services.
EU-8.2. Relationship of the Parties. Customer is the controller of Customer Controller Personal Data. 8x8 acts as a processor of Customer Controller Personal Data under the Agreement and a subprocessor of Customer Processor Personal Data. The Parties shall not act as joint controllers for the purposes of Article 26 of the GDPR in relation to any processing of Personal Data under the Agreement.
EU-8.3. Customer Obligations.
EU-8.3.1. Customer as a Controller. For Customer Controller Personal Data, Customer warrants that it has obtained all necessary consents, notifications and permissions required under Applicable Data Protection Law to: (a) permit sharing of such Customer Controller Personal Data with 8x8; and (b) allow 8x8 to otherwise collect, use or process such Customer Controller Personal Data in accordance with the Agreement (including but not limited to such Personal Data that 8x8 may collect directly from Agents and any other end users via cookies or other means). Customer agrees to notify 8x8 of: (i) any limitations in its privacy notice to data subjects; (ii) any changes in, or revocation of, consent by a data subject to use or disclose Customer Controller Personal Data; and (iii) any restrictions on the use of Customer Controller Personal Data to which Customer has agreed in accordance with its agreements with data subjects; in each case, to the extent that such limitations, changes or restrictions may affect 8x8’s uses or disclosures of Customer Controller Personal Data.
EU-8.3.2. Customer as a Processor. For Customer Processor Personal Data, Customer warrants that it is authorized by the controller to appoint 8x8 as a subprocessor. Customer agrees to notify 8x8 when the controller notifies Customer of: (a) any limitations in the controller’s privacy notice to data subjects; (b) any changes in, or revocation of, consent by a data subject to use or disclose Customer Processor Personal Data; and (c) any restrictions on the use of Customer Processor Personal Data to which controller has agreed in accordance with its agreements with data subjects; in each case, to the extent that such limitations, changes or restrictions may affect 8x8’s uses or disclosures of Customer Processor Personal Data.
EU-8.4. 8x8 Obligations. Customer appoints 8x8 as a processor to process the Customer Personal Data for the purposes described in the Agreement in order to provide the Services as further set out in the Data Protection Appendix (or as otherwise agreed between the Parties in writing (the, “Permitted Purposes”).
EU-8.4.1. 8x8 as a Processor. 8x8 shall process Customer Personal Data in accordance with Customer’s instructions, which Customer acknowledges and agrees are set out in the Agreement.
EU-8.4.2. International Transfers. 8x8 shall not process or transfer Customer Personal Data originating from the United Kingdom or European Economic Area (“EEA”) outside of the EEA unless 8x8 has taken such measures as are necessary to ensure such processing or transfer is in compliance with Applicable Data Protection Law. Such measures may include without limitation transferring Customer Personal Data to a recipient in a country that the United Kingdom or European Commission has decided provides adequate protection for Personal Data, to a recipient that has achieved binding corporate rules authorisation in accordance with Applicable Data Protection Law, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
EU-8.4.3. Confidentiality of Processing. Subject to any exclusion or limitation of liability provided for in the Agreement, 8x8 shall ensure that any person it authorises to process Customer Personal Data (an “Authorised Person”) shall disclose Customer Personal Data only (a) to 8x8, (b) to those of 8x8’s personnel, advisors, Affiliates, or Partners to which such disclosure is reasonably necessary to accomplish a Permitted Purpose or other purpose for it was disclosed to 8x8 and which are bound to reasonable confidentiality obligations with respect to such Customer Personal Data, (c) in response to a judicial order or other lawful process, or (d) as approved or instructed by Customer.
EU-8.4.4. Security. 8x8 shall implement technical and organisational measures as set out in the DPA to protect Customer Personal Data from: (a) accidental or unlawful destruction, and (b) loss, alteration, unauthorised disclosure of, or access to the Customer Personal Data (each a “Security Incident”).
EU-8.4.5. Subcontracting. Customer consents to 8x8’s engagement of third-party subprocessors to process Customer Personal Data for the Permitted Purposes, provided that: (a) 8x8 maintains an up- to-date list of its subprocessors at the 8x8.com website, which it shall update with details of any change in subprocessors at least 10 days' prior to any such change, (b) 8x8 impose on such subprocessors data protection terms with respect to Customer Personal Data that are no less onerous than those set out in this Section EU-8 (Data Protection and Security), and (c) 8x8 remain liable for any breach of this Section EU-8 (Data Protection and Security) that is caused by an act, error, or omission of such a subprocessor in connection with performing its obligations as such a processor. The 8x8 subprocessor list (the “Subprocessor List”) is available at https://support.8x8.com/support-services/billing-account-management/who-are-8x8s-sub-processors. Customer may also sign up to receive email notice of updates to the Subprocessor List by emailing this request to 8x8_subprocessor_notification@8x8.com. The Customer may object to 8x8's appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, 8x8 will either not appoint or replace the subprocessor or, if this is not possible, 8x8 will be considered to have materially breached the Agreement for purposes of Customer’s right thereunder to terminate such Agreement.
EU-8.4.6. Cooperation and Data Subjects’ Rights. 8x8 shall provide reasonable and timely assistance to Customer to enable Customer to respond to: (a) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure, and data portability, as applicable) or (b) any other correspondence, enquiry, or complaint received from a data subject, regulator, or other third party in connection with the processing of Customer Personal Data. In the event that any such request, correspondence, enquiry, or complaint is made directly to 8x8, 8x8 shall promptly inform Customer of, and provide reasonable details as to, the same.
EU-8.4.7. Data Protection Impact Assessment. If 8x8 believes or becomes aware that its processing of Customer Personal Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, 8x8 shall inform Customer and provide reasonable cooperation in connection with any data protection impact assessment that may be required under Applicable Data Protection Law.
EU-8.4.8. Security Incidents. If 8x8 becomes aware of a confirmed Security Incident, it shall inform Customer without undue delay and shall provide reasonable information and cooperation to Customer so that Customer can timely fulfil any data breach reporting obligations that Customer might have under Applicable Data Protection Law. 8x8 shall further take measures and actions reasonably necessary to remedy or mitigate the effects of the Security Incident and shall keep Customer informed of all material developments in connection therewith.
EU-8.4.9. Deletion or Return of Data. Prior to the termination or expiration of the Agreement, and without prejudice to the other provisions of the Agreement that contemplate data storage, Customer may (at the Customer's own cost), request the return of any Customer Personal Data which is in 8x8’s possession or control that Customer wishes to retain. Otherwise, within sixty (60) days of termination or expiry of this Agreement, 8x8 shall destroy all Customer Personal Data which is in 8x8’s possession or control. The foregoing requirement shall not apply to the extent that 8x8 is required by applicable law to retain some or all of the Customer Personal Data, or to retain Customer Personal Data that 8x8 has archived on back-up systems, which Customer Personal Data 8x8 shall securely isolate and protect from any further processing not required or permitted by such law.
EU-8.4.10. Audit. Customer acknowledges that 8x8 is regularly audited against ISO 27001, ISO 9001, and Cyber Essentials (or substantially equivalent) standards by independent third-party auditors. Upon Customer’s reasonable request, 8x8 shall supply a summary copy of its audit report(s) to Customer, provided that Customer shall (a) keep such reports confidential and not disclose them to any party other than those of its own personnel and advisors to whom such disclosure is necessary in connection with Customer’s reasonable compliance and data security efforts and whom are bound to reasonable confidentiality obligations with respect to such report(s), (b) not use such report(s) except in connection with such efforts, and (c) protect their confidentiality with the same degree of care as Customer uses to protect its own confidential information of like kind, but in no event less than reasonable care.
EU-8.5. Processing – Third-Party Services. Where Customer uses third-party services, or has otherwise requested that third-party services be made available, as part of the Ordered Products, Customer agrees that any processing of Personal Data that relates to such third-party services shall be carried out by the third party directly and that 8x8 shall have no liability or responsibilities in relation to such processing. Any and all terms governing such processing shall be as set out in a separate agreement between Customer and the third party.
EU-8.6. Definitions. For purposes of this Section EU-8 (Data Protection and Security), the following terms will have the following meanings:
“Applicable Data Protection Law” means all applicable binding laws and regulations which apply to the Parties in relation to the processing of Personal Data and an individual's privacy rights under the Agreement including: (a) in member states of the European Union: the EU General Data Protection Regulation (EU) 2016/679 (“GDPR” and (b) specifically for the United Kingdom: the Data Protection Act 2018.
“controller”, “processor”, “data subject”, “Personal Data Breach”, and “processing” (and “process”) have the meanings given to them in Applicable Data Protection Law.
“Customer Personal Data” means Customer Controller Personal Data and Customer Processor Personal Data.
“Customer Controller Personal Data” means only that proportion of the Personal Data for which Customer decides the purposes and means of processing and which is processed by 8x8 to provide the Ordered SaaS Services or other Services ordered under the Agreement (the “Ordered Services”) in accordance with Customer’s instructions.
“Customer Processor Personal Data” means Personal Data that the Customer processes on behalf of a controller and which is processed by 8x8 to provide Services in accordance with the Customer’s instructions.
“Personal Data” has the meaning given in GDPR.
Data Protection Appendix
Part A – Processing Details – Customer Personal Data
The following terms shall apply to the processing activities that 8x8 carries out as a processor, in each case to the extent that Customer has ordered the applicable SaaS Services under the Agreement.
| 8x8 UCaaS* | 8x8 CCaaS* | |
| Subject-matter | 8x8 provides voice over IP cloud services, enabling its customers (and its customers’ agents and other end users) to (a) communicate across a range of digital devices, and (b) make phone calls, join video conferences, send text messages, manage voicemails, and access their corporate directory. | 8x8 provides a cloud-based contact centre service, enabling its customers (and its customers’ agents and other end users) to (a) set up and operate their contact centres from a range of digital devices, (b) manage call routing and campaigns, and (c) run analytics reports to monitor the customer’s traffic and agent performance. |
| Duration of processing | Effective Period of the Agreement | |
| Nature/purpose of processing | Provision of such Ordered SaaS Services, as set out in the Agreement. Agents and other end users may transmit, receive, and/or store through such Ordered SaaS Services audio, textual, visual, and video content in the form of voice calls, video calls, voicemails, voice recording, internet facsimiles, text and other messages, video meetings, and device screen shares or captures. They may also record and/or store (and, in the case of 8x8 CCaaS Services, upload) within such Ordered SaaS Services information (such as profiles for individual contacts or notes regarding a call or support case or ticket) regarding the third parties with or about whom they communicate through such Ordered SaaS Services. Customer can also decide whether to integrate additional third-party tools into such Ordered SaaS Services (such as CRM or email tools) to provide an integrated user experience. | |
| Type of Personal Data | Name, contact details, and job-related Personal Data (such as work title and email address); Personal Data regarding calling and other communications activity and preferences and usages of such Ordered SaaS Services; IP addresses; (in the case of 8x8 CCaaS Services, web browsing and online searching activity and accessing of the Services); or accessing and/or consumption of content such as videos, emails, written materials, and product demonstrations; any Personal Data voluntarily disclosed by the user or third party with whom Agents and other end users communicate. | |
| Categories of data subjects | Agents and other end users of such Ordered SaaS Services; those with whom such Agents and other end users communicate, record, or store information through such Ordered SaaS Services. | |
| Obligations/rights of controller | As set out in the Agreement | |
*Includes the relevant service whether ordered/provided as a stand-alone service or as included in a product bundle that includes other services (such as in 8x8 Editions or 8x8 X Series).
Part B – Security Measures
The following terms shall apply to any Customer Personal Data that 8x8 processes to provide Ordered Services.
Administrative, physical, and technical safeguards implemented in accordance with 8x8’s existing data security program, which includes:
- (i) limiting access to information on 8x8’s information system media to authorized users;
- (ii) limiting physical access to 8x8’s information systems and related equipment to authorized individuals;
- (iii) regular assessments of information security risks to 8x8’s information systems and associated information processing activities and of the effectiveness of information security controls in 8x8’s information systems;
- (iv) training of 8x8’s managers and users of 8x8’s information systems regarding the information security risks associated with their activities and applicable laws and policies; and
- (v) imposition of formal sanctions for 8x8 personnel failing to comply with 8x8’s information security policies and procedures.