Privacy

Table 1. Privacy-related options

Option name in UI

Location in UI

Manage reports:

Endpoint usage

Conference usage

See the System Reports section in this guide.

Manage system and audit log files

See the System Maintenance and Troubleshooting section in this guide.

Manage user credentials

See the User Management and User Account Configuration Settings sections in this guide.

Manage endpoint information

See the Managing Endpoints and Peripherals and Phone Management sections in this guide.

Manage enterprise directory / address book

See the Managing Directories section in this guide.

Manage conferences

See the Managing Conferences and Participants, Managing the Guest Book and Favorites Lists, and Conference and Participant Details sections in this guide.

Manage data backups

See the System Backup and Recovery section in this guide.

Encryption

See the Encryption and Security Certificates sections in this guide.

Table 2. How Data Subject Rights are supported

Data Subject Right

Method of support

Right to be informed

Note: What customer personal data is collected?

See the Purposes for processing personal data table in this topic.

Note: How is customer personal data is used?

See the Purposes for processing personal data table in this topic.

Note: How long is customer personal data kept?
  • Personal data is retained as long as the data subject is using the product.
  • The local system and audit log files are kept based on log rolling (action to close and archive locally stored logs and restart new log files) frequency, file counts and rotation sizes.
  • The local endpoint and conference usage reports are kept for 30 days by default.
  • Any customer personal data made available when working with Polycom support, specific to a support incident, is only retained until the incident is resolved, and then it is purged. Customer contact information is retained by Polycom support until the support relationship ends or is requested to be removed by the customer.
Note: Is customer personal data shared with any third parties, and if so, who?
  • Personal data processed by this product is not shared with any third parties.
  • If personal data is made available when working with Polycom support, this data may be shared with Polycom's engineering team (which may include 3rd parties and contractors).
Note: How can a data subject be notified of a data breach?

Data Subjects have a right to be notified when their data has been processed without authorization. The product administrator is able to monitor and identify when security anomalies have occurred. See the How admin can be informed of any security anomalies (including data breach) table in this topic.

Right to access (view and/or obtain a copy of all personal data for a specific data subject)

  • Personal data related to users who are Administrators and Operators can be viewed or exported using RealPresence Resource Manager. See the User Management section in this guide.
  • Personal data about endpoint usage can be viewed or downloaded via the endpoint usage report. See the System Reports section in this guide.
  • Personal data about participant information in conferences can be viewed or downloaded via the conference monitor page or conference usage report. See the Managing Conferences and Participants and the System Reports sections in this guide.
  • Personal data about endpoint details can be viewed or exported on endpoint monitor view. See the Managing Conferences and Participants and Phone Management section in this guide.
  • A copy of any customer personal data made available to Polycom when working with Polycom support is available by requesting it from your Polycom support representative.

Right to rectification (make corrections to inaccurate or incomplete personal data)

For local users added manually to RealPresence Resource Manager, for details on how to edit any inaccurate or incomplete personal data, see the Edit a User section in this guide.

For users added via an enterprise directory integration, you can edit their roles and change their associated endpoint. Any other personal data cannot be edited because the information derives from the enterprise directory. For more information, see the Working with Users section in this guide.

Personal data about participant information in conferences can be edited via the conference monitor page. See the Managing Conferences and Participants section in this guide.

Personal data about endpoint details can be edited on endpoint monitor view, provisioning profiles, endpoint naming and E.164 numbering, and SIP URI settings. See the Managing Conferences and Participants and Phone Management sections in this guide.

Polycom does not manipulate data made available during the support process, so any rectification of inaccuracies of personal data must be performed by the customer directly.

Right to erasure (remove all personal data)

For details on how to erase customer personal data from the system, see the How customer personal data is deleted table in this topic.

Any customer personal data made available when working with Polycom support, specific to a support incident, is retained until the information is requested to be removed by the customer.

Right to data portability

(receive a copy of all personal data in a commonly used, machine-readable format)

Steps are outlined below for how an administrator can support the data portability right of personal data. For more information on REST API options, see the Polycom RealPresence Platform API Guide available on Polycom Support Center.

  • Personal data related to users' aliases can be exported as CSV files on the RealPresence Resource Manager UI or via the REST API of user. See the User Management section in this guide.
  • Personal data about endpoint usage can be downloaded via the endpoint usage report on the RealPresence Resource Manager UI or via the REST API of billing. See the System Reports section in this guide.
  • Personal data about participant information in conferences can be downloaded via the conference monitor page or conference usage report on the RealPresence Resource Manager or via the REST API of reservation or billing. See the Managing Conferences and Participants and the System Reports sections section in this guide.
  • Personal data about endpoint details can be exported on endpoint monitor view on RealPresence Resource Manager UI or via the REST API of device. See the Managing Conferences and Participants and Phone Management sections in this guide.
  • Personal data in system backup can be downloaded on the RealPresence Resource Manager UI or auto FTP transfer to remote server. The backup file is encrypted but can be restored on the other RealPresence Resource Managerservers. See the System Backup and Recovery section in this guide.
  • Personal data in system log or audit files can be downloaded on RealPresence Resource Manager UI or remote transfer to syslog servers. See the System Maintenance and Troubleshooting section in this guide.
Table 3. Purposes for processing personal data

Personal Data Category

Type of Personal Data

Purpose of Processing

Interface type

Endpoint usage report

  • Endpoint Name
  • Serial Number
  • Account Number
  • Remote System Name
  • Call Number 1
  • Call Number 2
  • Far Site Endpoint Alias
  • Far Site Endpoint Additional Alias
  • Far Site Endpoint Transport Address
  • Maintaining call history
  • Troubleshooting call and billing issues

See View Endpoint Usage Report section in this guide.

  • UI
  • API
  • File Exported

Conference usage report

  • Conference Name
  • Conference Scheduler
  • Conference Scheduler ID
  • Conference Owner
  • Conference Owner ID
  • Conference Alias
  • Maintaining conference history
  • Troubleshooting conference and billing issues

See Create Conference Usage Report section in this guide.

  • UI
  • REST API
  • File Exported

Directory / address book

  • Endpoint Name
  • Global Address Book Display name
  • IP Address
  • Endpoint Alias
  • Primary ISDN
  • Secondary ISDN
  • Endpoint Owner
  • Endpoint Type

See the View the Global Address Book section in this guide.

  • ObjectCategory
  • memberOf
  • DisplayName
  • GivenName
  • Sn
  • Cn
  • Samaccountname
  • groupType
  • distinguishedName
  • objectGuid
  • Mail
  • Objectguid
  • Ou
  • Telephonenumber
  • Title
  • localityName
  • department

See LDAP Searches section in this guide

  • Directory service for devices
  • Address book management

See the Setting Up the Global Address Book, Managing Directories, and Managing the Guest Book sections in this guide.

  • UI
  • GDS
  • LDAP

User information

  • First Name
  • Last Name
  • User ID
  • Email address
  • Password
  • Title
  • Department
  • City
  • Phone Number
  • Associated Endpoints
  • Groups
  • Roles

User authentication, authorization, directory service, endpoint provisioning, conference scheduling

See the User Management section in this guide.

  • UI
  • LDAP
  • REST API
  • File Exported

Device information

  • Name
  • MAC Address
  • IP Address
  • Owner
  • Serial Number
  • Device ID

See the Endpoint Information section in this guide.

Endpoint management and provisioning

See the Endpoint Management and Phone Management sections in this guide.

  • UI
  • REST API
  • H.350
  • File Exported

Conference and participant Information

Conference details:
  • Creator
  • Owner
  • Start Date/Time
  • Duration
  • End Date/Time
  • Type
  • Status
  • Recurring
  • Connection
  • Bit Rate
  • And etcetera
Participant details:
  • Name
  • Endpoint Name
  • Address
  • Number
  • Area

Conference management

See the Managing Conferences and Participants section in this guide.

  • UI
  • REST API
  • File Exported

Audit and system log files

  • Admin and user actions
  • Endpoint provisioning message exchange details
  • Conference management messages with MCU and endpoints
  • Endpoint call status and usage data
  • System troubleshooting details
  • Admin and user activity logging
  • Troubleshooting system issues

See the System Maintenance and Troubleshootingsection in this guide.

  • UI
  • REST API
  • File Downloaded
  • Syslog
Table 4. How admin can be informed of any security anomalies (including data breach)

Security anomaly type

Where to check

Recommended frequency to check

All active alerts and security anomalies

An administrator can configure alerts and then monitor on the UI, SNMP client or via email.

See the Configuring Alert Settings section in this guide.

Active alerts and audit log files.

Audit logs provide a way to monitor the system for security and system access activity for details regarding audit log names, descriptions on what they capture.

See the Managing Audit Log Files section in this guide.

Once daily

Table 5. How customer personal data is deleted

Data type

Steps to delete

Deletion method

Endpoint usage report

By default, these reports are auto purged after 30 days. The retention setting can be modified, see the Call Detail Record Report Administration section in this guide.

Auto purged from database

User

See the Delete a Local User section in this guide.

Simple delete from database

Device information

See the Delete an Endpoint and Delete a Phone sections in this guide.

Simple delete from database

Conference information

See the Delete a Conference section in this guide.

Simple delete from database

Audit and system log files

For locally stored log files, the administrator can use the Roll Log action to close and archive locally stored log files and start new log files (restart log files).

See the Backup and Delete Audit Files and Roll Locally Stored Log Files sections in this guide.

For logs that are stored remotely or downloaded, they aren't automatically restarted as part of the log rolling process and must be deleted separately using a secure deletion method.

See the Managing System Logs using a Syslog Server section in this guide.

Simple delete and restart logs (roll log) from file system

Backups

System backups are never stored locally on RealPresence Resource Manager and therefore must be deleted separately using a secure deletion method.