DialOnce Privacy Policy
and GDPR Provisions
Version: 1.6.0
Date: 07/11/2023
Contents
1 Version history 3
2 Purpose of this document 4
4 General Data Protection Regulation 5
6 Data Processing Controllers 6
7 Data Collection by DialOnce 6
7.3 Objectives of data collection 7
7.5.0.1 When digitizing customer relations or contact requests 8
7.8 Collection and use of non-identifiable information 9
9 Processings Description 10
10 Retention period of personal data 11
10.1 Data processed for the digitization of calls and contacts 11
11 What are your rights and how can you exercise them? 11
12 What types of personal data are processed? 12
12.1 As a Data Controller 12
13 Transfer of Collected Data 13
13.1 Recipients of data collected by DialOnce 13
13.1.1 As a Data Controller 13
13.1.2 As a Data Processor 14
13.2 Protection during data transfers 14
14 Disclosure of personal data 14
14.1 Disclosure with explicit consent 14
14.2 Disclosure to Affiliates of DialOnce 14
14.3 Disclosure to authorized cooperation partners 15
15 How DialOnce protects the collected data 15
16 How the data collected by DialOnce is transferred internationally 16
17 How DialOnce uses cookies and similar technologies 16
19 Providers, third parties and their services 17
20 How this Policy is updated 18
21 How to contact DialOnce 18
Date (DD/MM/YYYY) | Version | Author | Status | Modifications |
12/05/2022 | 1.6.0 | DialOnce | Final | Taking into account processing based on artificial intelligence and chatbots, contextualisation and developments in DialOnce solutions |
12/05/2022 | 1.5.6 | DialOnce | Final | More details about data processing location |
14/03/2022 | 1.5.5 | DialOnce | Final | Update the graph from Dial Once or Dial-Once to DialOnce |
06/12/2021 | 1.5.4 | DialOnce | Final | Update to take into account the policy related to embedded services and links + Intellectual property section |
21/01/2021 | 1.5.3 | DialOnce | Final | Updates to take into account the policy related to subcontractors |
22/09/2020 | 1.5.2 | DialOnce | Final | Updates to take into account the invalidation of US-EU Privacy Shield, better explain data retention, location and transfers |
16/06/2020 | 1.5.1 | DialOnce | Final | Updates to better explain data location and transfers |
18/05/2020 | 1.5 | DialOnce | Final | Updates to cope with changes, withdrawal of Call-to-Hub, ICH Builder, etc. |
08/04/2019 | 1.4 | DialOnce | Final | English version |
22/05/2018 | 1.3 | DialOnce | Final | Adaptation of certain references to GDPR |
19/01//2018 | 1.2 | DialOnce | Final | Deletion of obsolete references (geolocation in particular) |
5/22/2017 | 1.1 | DialOnce | Final | Update of the references and provisions. |
Definitions and references to DialOnce's privacy policy applicable to end-users, regarding its technologies, solutions, applications, websites and publications.
If you have any questions, comments or suggestions, please contact us by email at privacy@dial-once.com or dpo@dial-once.com.
DialOnce and its affiliated companies ("DialOnce" or "We / Our / Ours") understand the importance of privacy of users, direct or indirect, who use our technologies and solutions. We are totally committed to protecting it. It is recommended that you do not use any of DialOnce’s solutions or technology, directly or indirectly, nor that you submit or provide any personal or private data to DialOnce or any entity that uses DialOnce’s technology or solutions without having fully read, understood and accepted this Privacy Policy ("the Policy").
We have prepared this Policy to help you understand the points described in the Table of Contents above
DialOnce respects the fundamental users’ rights with respect to the protection of privacy and data received from users. This privacy policy is established to clarify what data a user may share with DialOnce during the installation, operation or use of a technology or service developed by DialOnce (Services). This policy also describes how DialOnce receives, collects and uses the data shared with it.
This Policy describes how DialOnce processes personal and private data and how the company is committed to protecting the privacy of users of its websites, services and applications. However, a policy can not be comprehensive enough to answer all data processing questions. Therefore, DialOnce, its partners or its customers may provide additional information (Supplement) specific to a product or service in addition to this Policy to inform of any other purposes of data collection. It is recommended that you read the Policy and Supplements, as well as any policies governing the use of data by DialOnce Customers and Partners to better understand what actually applies to a specific product, technology, or service.
By using the Services, users, customers and partners expressly agree to be bound by this Privacy Policy as well as any future modifications and additions published at https://dial-once.com/privacy-policy
The General Data Protection Regulation of April 27, 2016, in effect since May 25, 2018, deals with the protection of natural persons with regard to the processing of personal data. Personal Data and the free circulation of these data, and repeal the directive 95/46 / CE.
The GDPR defines the principles to be respected when collecting, processing and storing personal data. It strengthens the rights of natural persons on their data, provides for a removal of declarative paperwork and their replacement by responsibilities including internal documentation. The GDPR also specifies the powers of control and sanction of the regulation authority (in France, the National Commission of Computing and Liberties also known as CNIL).
The GDPR is applicable when there is an automated processing or a manual file, that is to say a computer file or a "paper" file containing personal information relating to natural persons who are citizens of a country of the European Union.
The GDPR does not generally apply to legal persons (e.g. a file containing company names). However, if a file contains the names of natural persons (e.g. the name of the sales manager), mobile phone numbers that may be personal, etc., the GDPR is applicable. The links below allow you to find out more about the applicable laws and organizations responsible for the protection of personal data.
In this document, terms that start with a capital letter hold a precise definition that is explained hereunder:
"Customer" means a DialOnce customer organization (a company, a public service, a local authority, etc.) that uses or implements a DialOnce technology to digitize the customer relationship. Customer encompass the users of DialOnce services that are made available to customers personnel. Customer may also be referred to as “Client” in this document.
"User" means a natural person who comes in contact with or seeks to contact one of the Customer's services, usually its customer care service or call center.
"GDPR" means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
The terms that are defined in the GDPR’s Article 4 have the meaning that is given to them is said article
This Policy applies in particular to data processed by DialOnce websites, applications, services and software products, sales administration, human resources and recruitment management, DialOnce infrastructure, etc., in fact any processing for which DialOnce is responsible for processing. For any information regarding the processing that DialOnce is a controller, DialOnce can be contacted at: DialOnce, 20, rue Thérèse 75001 Paris, France, at one of the contact telephone numbers on the website www.dial-once.com or by email at dpo@dial-once.com.
Infrastructure and services can be implemented by DialOnce Customers. They may use said services and infrastructure to collect personal data on their own and under their own responsibility. When personal data is processed by DialOnce Customers using one of the DialOnce technologies, DialOnce acts as a Data Processor (a subcontractor) with respect to that data. With respect to this data, the Customer's Privacy Policy prevails or applies where applicable. Nonetheless, this Privacy Policy contains information relevant to the data that can be collected and processed by DialOnce to provide the services that DialOnce Customers subcontract to it.
DialOnce collects and processes only the personal data necessary for the provision of its services: contact details of contacts, customers, e-mail address enabling connection to DialOnce services, details of its commercial contacts, job applicants, employees, subcontractors, etc.
From a technical standpoint, the data collected by DialOnce generally does not allow it to link the collected data with a User identified or identifiable by DialOnce.
In order to provide the services offered by DialOnce, it is necessary to process data collected on a user's device (for example IP address, telephone number required to receive an SMS, type of device, etc.) and / or supplied by the user (e-mail address -mail, name, first name ...).
When the applicable legal provisions allow it, DialOnce reserves the right to use the information collected for the purpose of user support and statistics (in the case of use for statistical purposes, the data will be anonymized as soon as it is possible).
The processings in use within DialOnce technologies have in particular the following purposes:
As a subcontractor, DialOnce neither decides nor controls the purposes for which its Customers use its services and technologies. However, given the nature of said services and technologies, these purposes will often include the following:
The data collected by DialOnce as part of its customer care relationship digitization services are automatically collected. The User does not need to explicitly enter any of this data, except in cases where such data come from input fields explicitly embedded in the Customer's interfaces, implemented following the Customer’s instructions.
These interfaces are similar to web pages and are built under the responsibility of the Customer.
According to the GDPR, the pseudonymisation of data is: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;.
This is the case of the processings operated by DialOnce that do not collect for the implementation of its solutions enough data to enable it to identify a particular natural person. Actually, without one or more files allowing to link natural persons and the technical details of devices or connections (IP address, calling number, etc.), it is impossible to assign the data processed by DialOnce to an identifiable natural person.
When it is necessary to identify a user, for example with an email address and a password, the interfaces implemented by DialOnce for its Customers are generally built so that the users are, as soon as it is technically possible, systematically redirected to the services of the Customer. These services may include a web server allowing to connect to a user account or a mobile application, operated by the Customer. Thus, if during a contact request to your bank you are redirected to a DialOnce visual interface and in said interface you are offered access to one of the online services of your bank, you will then use the mobile application or the website of your bank, without any interference with DialOnce’s technology. DialOnce has in this case no access to data collected and processed when the User interacts with the Customer’s services. Thus, unless there is an explicit subcontracting agreement, DialOnce is not able to collect the personal data processed by the services of its Customer. On specific instruction from its client, DialOnce can "contextualize" its solutions: based on known data concerning a user, for example the reference of his/her bank branch, linked to the user via knowledge of the latter's telephone number, it becomes possible to display the contact details of this particular branch in a DialOnce interface. When the Customer instructs DialOnce to process this type of data, it is provided by the DialOnce Customer, is processed "on the fly" and is not stored permanently by DialOnce. Once the purpose has been fulfilled, said data is no longer processed by DialOnce (and therefore, in particular, is not stored by DialOnce). In the event that a subcontracting agreement between DialOnce and a Customer involves the processing of personal data subcontracted to DialOnce on behalf of that Customer, DialOnce and its Customer are committed to ensuring that the provisions relating to such personal data, in particular the provisions relating to collection, processing, access, storing as well as security and confidentiality measures are contractually in accordance with the law and with the best professional practices. All the partners, subcontractors and customers of DialOnce are committed to strict compliance with legal provisions and best practices in this area.
Additional information may be provided voluntarily by the User, including comments or free input fields in which the user can enter text as she/he wishes particularly in "conversational agent" type interfaces (chatbot, generative artificial intelligence, etc.). When a user has provided personal data, this is due to the fact that the Client has decided not to restrict or even include such data collection in its contact interfaces implemented via DialOnce technology. This personal data may be collected and stored by DialOnce, its partners or its clients until this information is modified or deleted by the user or until the retention period expires.
A Customer which implements one of the Services, when it processes a data collected by DialOnce in such a way that this data may be linked to at least one personal data collected by or for that Customer, is contractually committed to being in accordance with the law and best practices relating to the collection, processing, security, access and rights of modification and deletion of personal data collected or stored by said Customer. Certain provisions of this Policy may be taken back or adapted by said Customer in its own privacy policies, general terms and conditions of sale, use or service, its end-user license agreements, etc. Such a Customer does not need to mention DialOnce in its contractual documents for its own customers or users, when the data collected by DialOnce are not personal data per se or when existing provisions are covering the use that this Customer may make of the data collected by DialOnce and provided to it.
“Non-identifiable information” refers to information that cannot be used to identify a specific natural person, even after cross-checking. DialOnce can collect a set of statistical information, such as the number of users of a mobile application or the attendance rate of a website. DialOnce collects this information to understand how its products or services are used. DialOnce can thus improve and streamline its services and better meet the needs of users and its customers and partners. DialOnce may, at its discretion, collect, use, process, transfer or disclose non-identifiable information for other purposes.
DialOnce is committed to making its best efforts so that personal data and non-identifiable data are separated and used independently. If the personal data is combined with non-identifiable data, the whole will be treated as personal data.
The processing that DialOnce may perform on personal data is carried out in data centers located in Europe. The list of subcontractors, data centers and processing location is available on demand.
On a general standpoint, DialOnce undertakes that the processing that DialOnce may carry out on personal data, as a data controller or as a processor, is carried out in
data centers located in the territory of the European Union, or
The processings that DialOnce may perform on the data collected are as follows:
This period is fixed by contract between DialOnce and its Customers and is never greater than the period during which a contractual relationship is in place between DialOnce and its Customer. This duration is usually mentioned in the documents (privacy policy, terms and conditions, etc.) made available to you by DialOnce’s Customer whose services you have interacted with.
This period is governed by the contractual relationship that binds you with DialOnce, or which links DialOnce and your employer, your customer or any entity responsible for creating your access to the service.
As a customer, prospect or user of our websites, our applications and websites or applications that use our technology, you have the right:
These rights can be exercised by sending an email to the address dpo@dial-once.com or by contacting us by land mail at the above address or using the contact details available on our website https://www.dial-once.com/en/.
If you are not a registered user of one of our services, your requests should not be addressed to us, but to the Customer whose interface you have implemented using DialOnce technology.
You will certainly have to provide certain details in order to be able to identify the data that concerns you because, as stated above, the data processed by DialOnce to customer care relationship do not allow us to identify you directly. Some of the details we may need to ask you are: the IP address(es) assigned to your device at the time of your interactions, as well as the time-stamped ranges for assigning these addresses, the MSISDN (your telephone number) assigned to your phone subscription and the period of that subscription, or other information about your connections or your device.
In order to allow the execution of the requests made to it, DialOnce reserves the right to carry out or to have a third party carrying out any necessary verification intended to establish the correspondence between a particular person asking to exercise its rights and the data which concerns it, including identity checks.
You also have the right to lodge a complaint with a supervisory authority and to lodge a judicial appeal, in particular if your requests for claiming your rights have not been processed within the legal time limits after they have been filed. In France, the supervisor authority is the CNIL who can be contacted via the suitable forms on its website cnil.fr.
DialOnce may process the following categories of data:
To implement its solutions, DialOnce processes data among the following types:
DialOnce processes on behalf of its clients who have implemented one of DialOnce's conversational agent technologies (Chatbot, Artificial Intelligence, etc.) the data entered in the interfaces and those provided by the conversational agent, in particular knowledge base data, file data, logging data, chat analysis data, responses data provided by the conversational agent, etc. and DialOnce may provide tools that can be used to manage this data.
DialOnce reminds users of "conversational agent" type tools that the provision of data to these agents is done under the exclusive control of the user of the interface and that it is not useful to provide more data than necessary or data that is not very relevant or even personal. In particular, we advise against providing any health or payment data in conversational agent interfaces.
By default, DialOnce does not collect, retrieve, use or process any geolocation data, neither precise nor fuzzy. For example, if an application, a website, or a service that ships or implements a DialOnce solution processes certain location data, that data is not processed by any of the DialOnce solutions or technologies.
DialOnce subcontractors and suppliers may be required to process on their behalf any type of data, including personal data. This is for instance the case with the hosting companies. DialOnce and its partners, suppliers and subcontractors are mutually committed to compliance with regulations and industry standards with regard to the protection of data, especially personal data.
Dial Once can transfer personal data to its subcontractors and partners, in particular accounting services, technical support services, suppliers of office automation solutions, cloud computing or after-sales service, etc.
The pseudonymised data processed by DialOnce are transmitted exclusively to the Client with whose services the User has interacted and to the sub-contractors or recipients who need to process them in order to provide DialOnce services.
The Customer is contractually the owner of this data.
DialOnce teams that need to access these data in the course of their missions, especially the technical teams, have of course the possibility to access this pseudonymised data, when this is necessary for the fulfillment of their mission.
No collected data is transmitted automatically when a User performs an action that has the effect of causing the opening of an external page such as those of the client area accessible to Users of the Customer's services. The opening of such an external page and the interactions that the User can then make with it are not processed by DialOnce but by the browser or mobile application in charge of processing these pages.
Whether inside Europe or with a country or an organization outside Europe, DialOnce is committed to the protection of personal data: each recipient is scrupulously chosen or identified according to the guarantees it offers to protect the personal data transmitted to it. In particular, in the event that data is accessed from a third-party location located outside the European Union, in particular for technical support or maintenance purposes, DialOnce undertakes that all such transfers will be compliant with provisions guaranteeing protection of personal data in accordance with Articles 45 (adequacy), 46 (Transfer with appropriate guarantees, in particular contractual commitments and standard contractual clauses for the EC) or 47 (Binding Company Rules) of the GDPR.
DialOnce may disclose collected data in the following cases:
After obtaining the consent of the user, DialOnce may share certain data collected with the parties, in a manner that has been decided by the user.
The collected data may be shared between Affiliates of DialOnce. No more than the minimum information necessary to our affiliates will be disclosed to them.
DialOnce can provide services through its partners, including suppliers and subcontractors. As a result, DialOnce may share some of the information it collects with its partners to provide better customer service and improve the overall user experience, as well as the delivery of DialOnce Services to its customers, partners or implemented with its suppliers and subcontractors. The collected data are processed only for specified, explicit and legitimate purposes, and the amount of data is limited to the minimum necessary for the fulfillment of the intended purposes. Unless expressly authorized, Affiliates or Partners of DialOnce are not allowed to use collected data shared for any other purpose.
The list of such recipients of personal data is available on demand.
DialOnce may disclose certain data previously collected if it is required by law, judicial procedures or bodies, administrative or public authorities. Certain information collected may also be disclosed to parties to a transaction if DialOnce is being restructured, merged or liquidated for insolvency. DialOnce may also disclose certain information in reasonably necessary situations, including to enforce its terms and conditions, and to protect its customers and partners.
DialOnce takes seriously the security of data collected related to the users of its services and solutions. We follow industry practices and standards to protect any personal data to prevent unauthorized access, disclosure, use, modification, alteration, or loss. We take all reasonable steps to protect personal data, for example we can:
We take all reasonable steps to limit the collection of data, especially personal data, to sufficient and relevant data. We retain the collected data only during the period necessary for the purposes set out in this Policy or during the term of the contractual commitment justifying the retention of such data, and do not store any personal data for longer unless a period of longer retention is required or permitted by law.
In practice, DialOnce uses state-of-the-art technologies in its infrastructure for storage, redundancy, backup, replication and, in a general way, everything concerning the data stored or transmitted within the elements of the network infrastructure.
DialOnce infrastructure is hosted in at least two separate data centers located in Europe. As of this document, these data centers are mainly located in Belgium, Bruxelles region. The data centers used by DialOnce are among the safest and most secure. They are certified by one or more labels, standards and standards of the data center industry: PCI-DSS, Tier-III, SOC-2, ISO27001 ... Storage is replicated between several data centers. Thus, if the storage in a particular data center is completely failing, another data center can take over automatically, ensuring the resiliency of the data.
Automatic data backups are implemented.
Although we strive to protect the personal data collected, no security measure is perfect or 100% inviolable.
The servers that host the DialOnce infrastructure are located in Germany, in France and/or in a country member of the EU.
DialOnce only transfers the data it has collected and / or processes to its Customers and partners (subcontractors and suppliers) with whom it has a contractual relationship or when it is required to do so by a legal, judicial or regulatory provision. If one of our clients or partner is located outside the European Union, specific agreements are put in place to guarantee the provisions of this privacy policy and a level of protection and security equivalent to that which exists in France.
To find out more about the cookies and trackers that we use, please refer to our dedicated document for the implementation of cookies and trackers.
The website published by DialOnce holds all the intellectual property rights relating thereto. It is forbidden to copy or download all or part of its content, except with prior and express authorization from the owners or assigns of said parts and said content.
This website and all of its content (including documents, photos, logos, trademarks and information of any kind contained therein) as well as all documents produced by or for DialOnce are protected by various rights, including copyright. DialOnce grants users of its website an authorization to view, excluding in particular the reuse of all or part of the content of this site for any reason whatsoever. The reuse of all or part of the site, including this document, is totally prohibited. This document has been drafted based on information provided by SysStreaming SAS, which has granted DialOnce the rights necessary for their use. Any unauthorized re-use of all or part of the content of this document would thus violate the rights of DialOnce and SysStreaming, which reserve the right to seek compensation for damages thus suffered.
All reproduction rights are reserved, including for downloadable documents (pdf documents but also logos, photos, information of any kind, etc.). Downloadable documents are also protected by copyright. We may ask you for your e-mail address to allow you to access some content, in particular for the purpose of tracking access and any unauthorized re-use of our downloadable content, which is our legitimate interest.
Any total or partial representation of the Site, any reuse of any content of the Site, by any organization whatsoever, without the express authorization of DialOnce, is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the French Intellectual Property Code. The databases used by DialOnce are protected by the provisions of the law of July 1, 1998 transposing into the Intellectual Property Code the European directive of March 11, 1996 relating to the legal protection of databases.
Similarly, any recording, broadcasting, translation and adaptation, total or partial, of any element of the Site, is prohibited without the express prior authorization of DialOnce.
To simplify and improve the user experience, it is possible to navigate to the contents or hypertext links of third parties ("Third Parties") external to DialOnce, its Partners and Customers. DialOnce has no control over said Third Parties and a User may decide whether to access their hyperlinks or content, or use their services or products.
DialOnce does not control the data protection and privacy measures put in place by third parties, and such measures will not be governed by this Policy. If a User decides to voluntarily provide information to third parties, it will be necessary to refer to their own privacy policies.
The DialOnce Sites may integrate third-party services (for example to manage recruitment, appointment scheduling, contact or information requests), provide access to other pages or websites, in particular those of partners likely to have their own legal notices, which should be consulted and respected. DialOnce can in no way be held liable in lieu of third-party service providers integrated into its sites or information disseminated on the sites with which hypertext links have been installed as well as for any damages of any kind whatsoever, in particular resulting from their access.
In addition, when a third party uses the services or solutions developed by DialOnce, it is this third party's privacy policy that applies and DialOnce can not be held liable for the personal data collected by said third party for its own use and without involving any DialOnce solution.
DialOnce reserves the right to update or modify this Policy when deemed necessary. DialOnce will notify users of changes through various channels. In the event of a change in our privacy policy, we will post the updated Privacy Policy on our website. DialOnce also reserves the right to provide separate notifications (e.g. an electronic notification) informing of any changes to our privacy policy.
If you have any questions, comments or suggestions regarding the protection of personal data that can be processed by DialOnce on its own behalf (as a data controller), please contact us by email at dpo@dial-once.com.
Important Notice: the local language version of the DialOnce Privacy Policy may differ due to local laws and language habits. With regards to potential differences, the French version takes precedence.
This privacy policy is governed by and built in accordance with French law without regard to any conflict of legal provisions. In the event that any provision of this Privacy Policy is found to be ineffective, invalid or unenforceable, it does not affect the effectiveness, validity and enforceability of the remaining provisions. In the case of the ineffectiveness, invalidity or unenforceability of any of these provisions, all parties agree to replace such provisions with an effective, valid and enforceable provision that is, in its economic result, as close as possible to the ineffective, invalid or unenforceable provision.
Copyright © DialOnce. 2016-2023. All rights reserved.