Standard Support Model for EMEA / GDPR

Genesys has implemented security controls and a world class compliance program for all customers.

Customer data is stored exclusively within the AWS region that the customer selects when the organization is created. Genesys typically utilizes global product support resources to maintain Genesys Cloud platform service levels. While Genesys development teams do not need access to customer’s personal information, access to customer’s personal information may be required as part of a product support engagement.

To further strengthen our compliance approach for GDPR and Schrems II, Genesys developed the following additional controls.

  • US Transfers. For support cases that originate from an AWS region in the European Economic Area (EEA), Genesys uses a tagging system to mark these cases as EEA tickets. EEA tickets cannot be handled by Genesys support staff located in the US. Genesys has implemented a customer-consent-based access control for cases where US personnel would provide expertise for a specific ticket or issue. Genesys has provided training to support staff, and this training covers the limitation of accessing EEA cases from the US as an additional layer of administrative control.
  • Virtual Access. Genesys has deployed a virtual access solution within AWS for our global product support and operations teams that enacts restrictions on how Genesys personnel are able to access, copy, or share personal information this ensures that no one within our global product support and operations teams can copy log files or other personal data from Genesys Cloud customers outside the region.
  • PI Reduction. To reduce known personal information (PI) within our troubleshooting logs, Genesys has implemented measures to exclude PI (e.g. raw phone numbers, names, etc.) within logs. Instead, we log hashed (pseudonymized) phone numbers. Only Source IP addresses and unique user IDs (UUIDs) are written within our troubleshooting logs. 
  • Reducing International Transfers. In addition to restricting US personnel from accessing support tickets, Genesys further restricted access to EEA tickets to only Genesys personnel in the EEA, adequate countries, India, and Philippines.
  • Transfer Impact Assessment. A detailed “Transfer Impact Assessment” is also available to Genesys customers and partners upon request. 

EEA-Only Support Details

In addition to our standard GDPR and Schrems II controls, Genesys also offers an additional control layer in the form of an EEA-Only Support. The Genesys EEA-Only Support offer provides an additional level of transfer restrictions for personal information (PI) and is intended for customers that require support staff to be located entirely within the EEA.

Subject to the exclusions listed below, provisions of Genesys Cloud CX EEA-only support include:

  • All product support tickets will be assigned to EEA-based personnel.
  • Severity level 1 (Critical) Tickets support is available 24 hours a day using personnel based in the EEA-only.
  • Severity level 2-4 (High, Medium, Low) issue support is available from 9:00 to 18:00 CET Monday through Friday using personnel based in the EEA only. After 18:00 CET, you can submit non-emergency issues through the MySupport portal to be addressed the next business day. Note: this supersedes the standard service levels.
  • Storage of Customer PI processed within Genesys Cloud CX will occur only in the EEA.

EEA-Only support excludes:

  • Optional Custom Application Support (CAS) purchased separately and governed separately by the CAS support contract.
  • Additional Genesys Professional Services engagements as part of a relevant Statement of Work (SOW).
  • Use of any third-party products or services (For example: Genesys AppFoundry Applications).
  • Use of any optional Sub-Processors (e.g. social media sub processors).
  • Processing of source IP Addresses & Genesys Cloud generated UUIDs (e.g. OrgID, userID, externalContactID, and JourneyCustomerID)