At Dexem, security and personal data privacy stand among our highest priorities. Since May 25th, 2018, we are also up to date regarding European Union’s legislation about data protection, as it is stated in the General Data Protection Regulation (GDPR).
We are committed to help our clients to work in compliance with the requirements of current legislation. Implementing GDPR-friendly procedures unlocks opportunities to build a collaboration based on trust and proximity with our clients and, more generally, users of our platform that processes and analyzes business inbound phone calls.
Before we start, here is some useful vocabulary for a clear and precise reading throughout this page:
- Client(s) : a moral person who subscribed to a Dexem service ;
- User(s) : a person under the Client’s responsibility, who is entitled to log into Dexem’s platform and use its services ;
- Contact(s) : a person whose inbound or outbound calls with Dexem’s Clients are processed by our platform.
General Questions about GDPR
What is GDPR about?
The General Data Protection Regulation (GDPR) is a European policy that defines an equal frame to process data in all the EU countries. This regulation went into effect on May 25th, 2018.
This text (which you can find in complete version online) stands as the new European reference about all the aspects related to personal data protection. The consumers are entitled to new rights, especially right of rectification, right to oblivion, right of portability and right of access. GDPR is applicable to all the companies and public organizations collecting personal data that belong to European citizens, whatever country the company is based in.
Who is responsible of data processing?
GDPR splits responsibilities between the person in charge of data processing and the subcontractor. Their roles and responsibilities complete each other to ensure that personal data protection in an organization meets legislative requirements.
The person in charge of data processing is the physic or moral person defining, alone or with others, the purpose and means of personal data processing in an organization. The subcontractor is the physic or moral person who proceeds such data on behalf of the person in charge.
While collecting and processing personal data, Dexem works under a contract established with our Clients and on their behalf. As a consequence, any kind of personal data processing is operated under a Client’s responsibility, and Dexem works on his behalf as a subcontractor, in terms defined by GDPR.
GDPR compliance measures at Dexem
Who is in charge of personal data protection at Dexem?
Dexem has appointed a DPO (Data Protection Officer), whose responsibility is to ensure the compliance with current legislation of personal data processing on Dexem’s platform. The DPO is namely in charge of security and respect of personal data integrity when being collected and processed on our platform.
One of the main missions of the DPO is to do what is necessary to make all the measures implemented by Dexem compliant with GDPR, and also to answer our clients about this topic. For any additional information, please contact our DPO at the following email: firstname.lastname@example.org.
How do we help our clients to be compliant with GDPR?
GDPR gives your Users and Contacts new rights. Thanks to Dexem’s platform compliance with GDPR, you can proceed any demand from Users of Contacts in order to exercise these rights upon the personal data under your responsibility.
Right of rectification : you can contact us directly to edit or delete all or part of your data.
Right to portability : you can export your calls data at any time in CSV or Excel formats.
Right to oblivion : if your Users want to exercise their right to oblivion, you can delete them on your own from the Users tab in your account, or ask us directly to do so. Then, to delete their call data, please send us a direct demand.
If your Contacts want to exercise their right to oblivion, please send us a direct demand. If we directly receive a valid request from one of your Contacts, we will notify you and delete this Contact’s data from your account (or from all the accounts the data can be found in).
How can you ask for personal data deletion?
To ask us to delete your personal data, you can make an email request to your account manager, send us a message in our contact form on our website, or send an email to the following address: email@example.com.
Which additional security measures do we implement?
Generally speaking, at Dexem we highly invest in the security of our platform to maximize personal data protection. We namely developed specific features to increase security level, such as data encryption (AES-256), exclusive usage of secured HTTPS protocol, password policies or user roles management. We also provide an infrastructure in accordance with legal certifications like ISO 9001 or ISO 27001. Last but not least, our teams are engaged in adopting development and testing best practices.
Information about data processing
Which data is processed by Dexem on our platform?
Personal data belonging to Users and processed by Dexem’s platform are the following : user login, first name, last name, initials, professional email, phone numbers, organization (optional), profile picture (optional).
Personal data belonging to Contacts and processed by Dexem’s platform are the following : phone numbers, recorded conversations (optional), voice messages left by callers (optional).
What is the purpose of personal data processing?
As the party in charge of (data) processing, the Client defines the purpose to process personal data belonging to Users and Contacts.
Where is your data stored?
Your data is stored within European Union, in accordance with the data processing contract established with the service provider.
How long is your data retained?
The default retention period for call data in statistic reports is 24 months. Beyond this period, data is automatically erased.
Call and voice message recordings are retained 6 months, in compliance with CNIL legislation.
Users’ personal data retention period is the number of days of contract plus 90 days. Beyond this period, data is automatically erased.