Last Updated: September 1, 2020
In this Policy, “Personal Information” means any information relating to an identified or identifiable individual. Ooma may collect Personal Information about you directly from you and from third parties, as well as automatically through your use of our websites and Equipment and Services.
When you purchase Equipment and Services we collect your Personal Information, including, but not limited to, name, physical address, email address, telephone number, certain billing information, and other information you provide. If you make a purchase through our Services, your payment information, such as credit card information and billing details, will be collected by a third party payment processor, and not by us.
If you complete our surveys, contact us directly, or provide information on our website, we may collect your name, email address, phone, company, job title, physical address, Equipment and Services of your interest, date and time of your communication and any attachments thereto, and other content or information you may directly provide to us.
You should be aware that any Personal Information which you voluntarily include and transmit through publicly accessible forums may be viewed and used by anyone with access to such forums. We are not responsible for other users’ use of available information, so you should carefully consider whether and what to post or how you identify yourself on such forums.
Where required by applicable law, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.
We may collect Personal Information from Customers when Customers use our websites or mobile applications. Such Personal Information may include website pages viewed, time spent using certain services, demographic data, and data collected via cookies (as described below). We collect information related to the types of Equipment and Services you purchase and how and when you use such Equipment and Services. If you use our Managed Wi-Fi® Service, we may also automatically collect data regarding the devices that connect to your network and how your network is being used. Such information may include an end user’s unique personal identifier, online identifier, Internet Protocol address, operating system, browser type, username, location-based data, and interactions with an Internet website, application, or advertisement.
In addition to cookies, Ooma (and our third party advertisers) may also use clear gifs, web beacons, and third party cookies to improve the performance of our websites, provide certain features, such as advertising, or to anonymously track usage of our websites and track the online activity of users. In addition, we may use such devices in our HTML-based emails to track the usage of such emails in much the same manner as we track usage of our websites.
We may obtain information, including Personal Information, from sources other than the Equipment and Services, such as our partners and advertisers. If we receive, combine or associate information from other sources with Personal Information that we collect from you or through the Equipment and Services, we will treat the combined information as Personal Information in accordance with this Policy.
We may process Personal Information for the following purposes:
We and third parties may use the following types of cookies to collect Personal Information:
If you are located in the European Economic Area, we only process your Personal Information when we have a valid “legal basis,” a list of which can be found here.
We may disclose your Personal Information to third parties in the following circumstances:
Customer Specific Network Information
In the course of providing Equipment and Services to you, Ooma will collect and maintain certain customer-specific network information. Customer Specific Network Information refers to the types of products and services you currently purchase, related usage, and billing information for those products and services. Your telephone number, name, and address are not Customer Specific Network Information. Likewise, Customer usage and call patterns of multiple Customers which are aggregated together in a summary form and other information which cannot identify any one individual is not considered Customer Specific Network Information.
We value our relationships with our Customers and are committed to respecting and protecting your Customer Specific Network Information. Accordingly, we will not sell, trade, or share your Customer Specific Network Information, including your calling records outside of Ooma or with anyone not authorized to offer our Equipment and Services, or to perform functions on our behalf except as authorized by you or required by law. Generally, we can use your Customer Specific Network Information to offer additional services to you, and for billing and collections purposes. We can also disclose your Customer Specific Information for legal or regulatory reasons, including in response to subpoenas and court orders. We can also use Customer Specific Network Information to investigate fraud and to prevent violation of our agreements or Terms and Conditions and monitor potentially unlawful use of our network, Equipment and Services, and abuse of other Customers.
You may decline to share certain Personal Information with us, in which case we may not be able to provide to you some or all of the features and functionalities of our Equipment and Services. You also have the right to access your Personal Information you have provided to us.
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial email from us by contacting us using the contact details at the end of this Policy.
Please be aware that if you opt out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request and you may receive promotional communications from us during that period. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Services.
If you are located in the European Economic Area (“EEA“), you have additional rights as described here.
Ooma, Inc. and its wholly-owned subsidiary Talkatone, LLC (the “Certified Parties“) comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union to the United States. The Certified Parties have certified to the Department of Commerce that they adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view the Certified Parties’ certification, please visit https://www.privacyshield.gov/.
The Certified Parties comply with the Privacy Shield’s Principle regarding accountability for onward transfers. The Certified Parties remain liable under the Privacy Shield Principles if their onward transfer recipients process Personal Information in a manner inconsistent with the Privacy Shield Principles, unless they prove that they were not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, the Certified Parties commit to resolve complaints about their collection or use of your Personal Information. The Certified Parties have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
We are aware of the July 16, 2020 decision from the European Union Court of Justice which invalidated the EU-U.E. Privacy Shield. Nonetheless, we will continue to abide by the Privacy Shield Principles with respect to the protection of personal information. We are closely monitoring developments and guidance from both European and US regulatory authorities and will update this Policy as needed.
EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the Certified Parties at: email@example.com. Under certain circumstances, you may be able to invoke binding arbitration to address complaints about their compliance with the Privacy Shield Principles. In addition, the U.S. Federal Trade Commission has Privacy Shield investigatory and enforcement powers over the Certified Parties.
If you are located in Canada, you have additional rights as described here.
If you are located in California, you have additional rights as described here.
Our Services are currently hosted in the United States, Canada, United Kingdom, Japan, Singapore and Australia, and we may host our Services in other countries and territories in the future. If you choose to use our Equipment and Services from regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the U.S. for storage and processing. We take steps to comply with applicable data protection law, in particular legal requirements regarding adequate protection for data transfers. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and providing our Equipment and Services. By providing any information, including Personal Information, you consent to such transfer, storage, and processing.
We may transfer your Personal Information to countries which have been found to provide adequate protection by the EU Commission, to recipients bound by the EU Standard Contractual Clauses, or to recipients who have certified to the Privacy Shield or adopted Binding Corporate Rules.
When determining the retention period of your Personal Information, we take into account various criteria, including but not limited to the type of Equipment and Services provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law.
Ooma makes reasonable efforts to protect your information by using physical and electronic safeguards designed to improve the security of the information we maintain. However, no system or service can offer a 100% guaranty of security, especially a service that relies upon the public Internet and public phone system.
Our Services may contain links to other websites and services not maintained by Ooma, which are outside our control. We are not responsible for the privacy practices or the content of these third party websites and services. We encourage you to read their privacy policies before providing any information to them.
We do not knowingly collect, maintain, or use Personal Information from children under 16 years of age, and no part of our Equipment and Services is directed to children. If you learn that a child has provided us with Personal Information, then you may alert us at firstname.lastname@example.org.
Unless otherwise indicated, Ooma, Inc. is the entity responsible or “data controller” for the processing of your Personal Information as described in this Policy. Please contact us with any questions or comments about this Policy, your Personal Information, our use and disclosure practices, or your consent choices by email at email@example.com or by postal mail at:
525 Almanor Avenue, Suite 200
Sunnyvale, CA 94085