You need to have an agreement with us
One important thing that GDPR states is that an organisation is responsible for the entire value chain of processed personal data. So if you, as a company (the Data Controller) uses a supplier (the Data Processor) to process your employees and/or customers personal data you will have to have an agreement with that supplier and make sure that they follow GDPR. Telavox is such a Data Processor since we process e.g your employees personal data in order to deliver our communication service.
To make it a bit easier for you, we have developed a Data Processing Agreement (DPA) that describes that Telavox will follow the law and how we can use the personal data provided by you. The DPA is easily signed with an e-signature and thereafter you will get PDF with the agreement and we will store the DPA together with your Service Agreement.
These are, according to us, the key takeaways from the DPA:
- The Customer must make sure that they have the right to provide us with their users Personal Data It’s up to you as a customer to make sure that you have the right to give us certain personal data, such as name and contact details of your employees.
- Telavox can only process the provided personal data in order to fulfill our agreement or other laws Meaning that we can only process the customers data to fulfill our obligations as your communication provider, support our services and make sure that you can use the service as we promised. We will not use your information in any other way without your explicit consent.
- Telavox must have the right competence and ability to process your data We will make sure that our staff is properly trained, that we have necessary systems and resources etc to process your data in a safe and fair way.
- Telavox will take necessary security actions to keep your personal data safe We will make sure that we take appropriate actions to keep your personal data safe, which can include using encryption and pseudonymization methods, continuously reviewing our systems and processes, monitor and supervise our systems.
- Telavox will support you in your request regarding the Personal data We will support you in your request to modify, export, alter and in other ways access the Personal Data you provided us, so you can fulfil your obligations according to GDPR
- Type of Personal Data processed Telavox process the following type of personal data:
- User ID
- Phone number
- Photo (if provided by the user)
- User-generated content, e.g call lists
- User behaviour, crash reports for troubleshooting
- Invoice information
In addition, the Customer’s users can upload Personal Data in the Service such as, for example, profile pictures, position, address, further contact details, etc.