Last Updated: December 5th, 2024
(a) The nature and purpose of the Processing, including any transfer of Personal Data outside the EEA, is to facilitate conversations between Company’s customers/prospects and Company’s employees, agents, or contingent workers and to operate, maintain, tune, enhance, improve, and provide technical support for the Services. These conversations can include general Company information or requests and transactions specific to an individual Data Subject. This conversation could also include dialog with a virtual assistant or within an interactive voice response system (IVR);
(b) The categories of Data Subjects may include (1) employees, agents, or contingent workers of Company and (2) individuals authorized by Company to use the Services (for example customers and prospective customers of Company) and (3) other individuals whose Personal Data may be processed as part of fraud detection, prevention, or investigation, including but not limited to suspected or identified fraudsters;
(c) The subject matter of the Processing is the conversations and interactions involving the Data Subject, including those related to specific requests, answering questions, making updates to the Company services provided to the Data Subject, authenticating the Data Subject, and detecting, preventing, or responding to potential fraudulent activities.
(d) The types of Personal Data Processed include information necessary to enable communications between the Company and Data Subject and to fulfill requests, provide updates, authenticate users, and detect or prevent fraudulent activity, including but not limited to:
Device/Client Identifier – Identifier that enables communication between Company and user, such as telephone number, CLI, other telephony data, sockets IDs or IP addresses;
Biometric Data – VoicePrints, ConversationPrint™, behavioral biometrics and other biometric identifiers and biometric information;
Call Center Conversation – audio recording of the Data Subject/user speaking with a Company representative. Although not explicitly requested, unstructured conversation can contain personal information including, but not limited to: names, addresses, and payment details (e.g., credit card numbers);
Chat Message Content – Transcript of chat message between the Data Subject and Company, which may include personal information normally exchanged during a customer service conversation such as name, address, or email address;
Associated Data – Personal data associated with a specific Data Subject necessary to verify identity, complete a request, or manage the Data Subject’s account with the Company, such as account information, verification details, or transaction history.
(e) The categories of Personal Data involved and transferred include special categories of personal data, including but not limited to biometric data. TitanVox implements technical and organizational measures designed to ensure the secure and lawful handling, processing, and transfer of such sensitive personal data, with safeguards tailored to meet the requirements of Applicable Data Protection Laws. These measures include encryption, access controls, regular audits, and incident response procedures.
(f) The Processing will involve the collection of Personal Data from the Company’s call center, Interactive Voice Response (IVR) system, or digital channels such as mobile applications and websites (e.g., live chat). This data will be securely stored in a hosted database, with sensitive data masked or anonymized where applicable through predefined formats, automated pattern matching, or manual overrides. The stored data will be accessible only to authorized users via TitanVox’s data APIs or reporting web tools, in compliance with Applicable Data Protection Laws and TitanVox’s security policies.
(g) Processing of Personal Data will be conducted in the following locations:
For Companies in North America in the USA and Canada;
For Companies in APAC in Australia;
For Companies in Japan, in Japan;
(h) The retention period for Personal Data shall be 18 months for the provision of Services and 3 years for purposes such as maintaining, tuning, enhancing, improving, and providing technical support, unless otherwise specified in documented instructions by the Company. Notwithstanding the foregoing, Personal Data may be retained beyond these periods if required to comply with Applicable Data Protection Laws, resolve disputes, enforce agreements, or protect legal rights. In no event shall Personal Data be retained for longer than 90 days following the termination of the Main Agreement, unless retention is required by law or documented agreement.
(i) The frequency of the transfer depends on the frequency the Service is used by Company and will likely be recurrent.
