At Dexem, security and personal data privacy stand among our highest priorities. Since May 25th, 2018, we are also up to date regarding European Union’s legislation about data protection, as it is stated in the General Data Protection Regulation (GDPR).
We are committed to help our clients to work in compliance with the requirements of current legislation. Implementing GDPR-friendly procedures unlocks opportunities to build a collaboration based on trust and proximity with our clients and, more generally, users of our platform that processes and analyzes business inbound phone calls.
Before we start, here is some useful vocabulary for a clear and precise reading throughout this page:
The General Data Protection Regulation (GDPR) is a European policy that defines an equal frame to process data in all the EU countries. This regulation went into effect on May 25th, 2018.
This text (which you can find in complete version online) stands as the new European reference about all the aspects related to personal data protection. The consumers are entitled to new rights, especially right of rectification, right to oblivion, right of portability and right of access. GDPR is applicable to all the companies and public organizations collecting personal data that belong to European citizens, whatever country the company is based in.
GDPR splits responsibilities between the person in charge of data processing and the subcontractor. Their roles and responsibilities complete each other to ensure that personal data protection in an organization meets legislative requirements.
The person in charge of data processing is the physic or moral person defining, alone or with others, the purpose and means of personal data processing in an organization. The subcontractor is the physic or moral person who proceeds such data on behalf of the person in charge.
While collecting and processing personal data, Dexem works under a contract established with our Clients and on their behalf. As a consequence, any kind of personal data processing is operated under a Client’s responsibility, and Dexem works on his behalf as a subcontractor, in terms defined by GDPR.
Dexem has appointed a DPO (Data Protection Officer), whose responsibility is to ensure the compliance with current legislation of personal data processing on Dexem’s platform. The DPO is namely in charge of security and respect of personal data integrity when being collected and processed on our platform.
One of the main missions of the DPO is to do what is necessary to make all the measures implemented by Dexem compliant with GDPR, and also to answer our clients about this topic. For any additional information, please contact our DPO at the following email: email@example.com.
GDPR gives your Users and Contacts new rights. Thanks to Dexem’s platform compliance with GDPR, you can proceed any demand from Users of Contacts in order to exercise these rights upon the personal data under your responsibility.
Right of rectification: you can contact us directly to edit or delete all or part of your data.
Right to portability: you can export your calls data at any time in CSV or Excel formats.
Right to oblivion: if your Users want to exercise their right to oblivion, you can delete them on your own from the Users tab in your account, or ask us directly to do so. Then, to delete their call data, please send us a direct demand.
If your Contacts want to exercise their right to oblivion, please send us a direct demand. If we directly receive a valid request from one of your Contacts, we will notify you and delete this Contact’s data from your account (or from all the accounts the data can be found in).
To ask us to delete your personal data, you can make an email request to your account manager, send us a message in our contact form on our website, or send an email to the following address: firstname.lastname@example.org.
Generally speaking, at Dexem we highly invest in the security of our platform to maximize personal data protection. We namely developed specific features to increase security level, such as data encryption (AES-256), exclusive usage of secured HTTPS protocol, password policies or user roles management. We also provide an infrastructure in accordance with legal certifications like ISO 9001 or ISO 27001. Last but not least, our teams are engaged in adopting development and testing best practices.
Personal data belonging to Users and processed by Dexem’s platform are the following : user login, first name, last name, initials, professional email, phone numbers, organization (optional), profile picture (optional).
Personal data belonging to Contacts and processed by Dexem’s platform are the following : phone numbers, recorded conversations (optional), voice messages left by callers (optional).
As the party in charge of (data) processing, the Client defines the purpose to process personal data belonging to Users and Contacts.
Your data is stored within European Union, in accordance with the data processing contract established with the service provider.
The default retention period for call data in statistic reports is 24 months. Beyond this period, data is automatically erased.
Call and voice message recordings are retained 6 months, in compliance with CNIL legislation.
Users’ personal data retention period is the number of days of contract plus 90 days. Beyond this period, data is automatically erased.
Call us now directly at +1 (646) 553-6446.