Privacy Policy

Privacy and security of your personal data are of utmost importance to SnapCall. Therefore, we are taking all the necessary measures to ensure the data of our customers and their users are always protected and processed in accordance with the applicable data protection laws.

This Privacy Policy describes how SnapCall processes and stores personal data submitted in the context of providing our services.

1. Introduction

During the use of the SnapCall services (the “Services”) subscribed via the website https://snapcall.io (hereinafter referred to as the “Site”), Seampl SA, located at 20 rue Saint Ferdinand 75017 Paris France, a French société anonyme (SA) whose registered office is at 5, Parvis Alan Turing, 75013 Paris (France), registered with the Paris Registre du commerce et des sociétés under No. 814 387 817 and referred to as “the Provider” may require from Your organization (referred to as “the Client”) which subscribed to the Services to give access to Personal Data in order to be able to benefit from the Services provided by the Provider.

2. Definition of Personal Data

According to European General Data Protection Regulation 2016/679 (GDPR), which came into effect on May 25, 2018, “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. Personal Data processed by SnapCall

In the context of the Services of the Provider (SnapCall), “Personal Data” means any data or information that enables the identification of an individual (whether directly or indirectly), such as their first and/or family name, email address, telephone number, postal address, location, data relating to their interaction with the Client (details of their orders and subscriptions placed with the Client, voice), as well as any other information about individual users that the Client gives to the Provider. It also relates to any personal information of the employees, agents or representatives of the Client given to the Provider for the purpose of using the Services.

Only data that the Client processes and gives access to is accessible to the Provider. If the data of customer has been processed by the Client and the Client allows the Provider to access this data for the purpose of provision of the Services, it will be accessible to the Provider who will use it in order to ensure the provision of the subscribed Services and will securely store it in the host servers on which the Provider stores its databases that are located exclusively within the European Union.

4. How do we process Personal data concerning an identified or identifiable natural person?

Once the Client installs the Services of the Provider, the Client provides personal data in order to create an account and use the Services. While creating the button, the Client indicates personal data (such as email address, telephone number or agent ID) of their employees in order to be able to use the Services. Once the Client creates a button and fills in all the required information needed to use the Services via personal Dashboard on the Site of the Provider, a digital call button appears on a website of the Client. Once a customer (natural person or a business subject) of the Client uses the digital call button displayed on the website of the Client, the personal data processed by the Client is submitted to the Provider, who presents the data in the personal account of the Client on the Site and securely stores it in the backup servers as long as the Client has subscribed to the Services. The Provider only processes data collected and provided to them by the Client.

The client can decide not to give the Provider any data. In this case, the Provider will not have any access to personal data of the customers of the Client and it may have an effect on the Services.

5. Legal basis of processing your Personal data

The Provider has legal basis for collecting and processing Personal data described in a section no. 2 because the Provider needs Personal data to perform a contract with the Client(e.g. to provide the Client with the Services), where the processing is in the legitimate interests of the Provider and not overridden by Personal data protection interests or fundamental rights and freedoms, or where we have the consent of the Client.

If the Provider asks the Client to provide personal information to perform a contract with the Client, the Provider will make this clear at the relevant time. If the Provider processes Personal data processed by the Client in reliance on the consent of the Client, the latter may withdraw their consent at any time.

6. Purposes of processing Personal Data

A table provided below indicates the different purposes Personal Data may be processed for, as well as categorizes these purposes and provide the legal basis the processing is based on.

Purpose

Personal Data processed

Legal basis

Account creation and management

Email address

Encrypted password

Performance of an agreement (To provide the Client with the service they requested).

Legitimate interest (To ensure the Site remains secure, to protect it against fraud).

Management and processing of calls

To be able to perform inbound and outbound calls

Phone number and/or Agent ID

Call metadata (duration, phone number(s) of the Client’s correspondent(s))

Performance of an agreement (To provide the Client with the service they requested).

Storage of recordings

To be able to access Client’s call recordings in a secure way

Call recording

Call metadata (duration, origin, and destination phone numbers)

Performance of an agreement (To provide the Client with the service they requested).

Legitimate interest (To ensure the Site remains secure, to protect it against fraud).

Integration with CRM

To be able to synchronize data about the Client’s calls in their CRM

Call recording

Call metadata (duration, origin, and destination phone numbers)

Performance of an agreement (To provide the Client with the service they requested).

Legitimate interest (To ensure the Site remains secure, to

To generate statistics on the Client’s experience of the Services

First and last name

Email address

Call metadata (origin and destination phone numbers, duration)

User notes

Performance of an agreement (To provide the Client with the Services they requested, only for the integration that the Client has activated).

Storage of the Client’s end users’ Personal Data

During the Client’s use of the Services, they may have to keep a record of their end-users’ Personal Data on our servers. Conversely, the Provider may have to keep such records for the purpose of providing the Services to You.

Any relevant Personal Data (like first and last name, email address, telephone number, location, call metadata) the Client may need to store for the purpose of providing their services to the end-user

Performance of an agreement (To provide the Client with the Services they requested, only for the integration that the Client has activated).

7. How do we use processed Personal Data?

The Provider may use the data they collect about the Client in order to perform other obligations under the two-party agreement and on the basis of the legitimate interest of the Provider including to provide, operate, maintain, improve, and promote the Site and the Services:

8. How do we ensure information security in transit between the Client and SnapCall?

All the data sent between the Client and the Provider is encrypted. Any data in audio or video format is encrypted via WebRTC technology. Session initiation singling is encrypted by secure protocols such as TLS and SRTP, HTTPS/WSS. Therefore, the encryption of the identity of both the calling customer as well as the Client is encrypted.

9. How long do we keep processed Personal Data of the Client?

All the data received and processed by the Provider is retained in a personal account of the Client and saved in backup servers as long as the Client has subscribed to the Services. If the Client wants to terminate the usage of the Services, they need to inform the Provider according to the conditions agreed by both parties and specify the wish to delete all the data regarding processed during the period of the usage of the Services. The Provider is committed to permanently delete all the processed data from the account as well as from the backup servers provided, associated with the account of the Client and inform the Client once all the data is permanently deleted.

10. How do we ensure secure processing Personal data of the Client?

The Provider ensures that all employees that have access and are processing any Personal Data of the Clients are subject to a duty of confidence, ensured via confidentiality agreement. DPO appointed by the Provider holds a responsibility to review and update this Privacy Policy as well as introduce the Provider’s employees with any updates and/or changes in law and/or Privacy Policy.

This Privacy Policy is being reviewed annually.

11. Is the Provider able to provide the Client with whatever information is needed to ensure meeting GDPR Article 28 obligations?

Following the Client’s request, the Provider is available for audit/inspection with 30 days prior notice. The Provider will provide the Client with the information related to processed Personal Data according to the obligations of GDPR article 28.

12. Integrated Services on the Site

The Site and Services of the Provider may include links to and from the websites of third parties. If the Client follows a link to any of these websites, SnapCall is not responsible or liable for any use of Personal Data by such third parties, as these websites have their own privacy policies. We, therefore, recommend the Client to check their policies before visiting these websites.

13. Personal Data protection responsibilities of the Provider (this part is copied from the T&C)

As the Provider of the Services, SnapCall is committed to ensuring the fulfillment of these responsibilities:

14. Notice to the end-users

The  Services of the Provider are intended for use by the enterprises (referred to as the Clients in this Privacy Policy) mostly. Where the Services of the Provider are made available to the end-user through the Client of the Provider, the latter is the Data Controller of end-user’s Personal Data. Data privacy questions and request of the end-user should be submitted to the Provider and their Data Controller. The Provider is not responsible for its Clients privacy or security practices which may be different than the one of the Provider.

15. Your data protection rights

When the Client chooses to give access to the data they have processed, they consent to the processing and use thereof, in accordance with the French Data Protection Laws and the European General Data Protection Regulation 2016/679 (GDPR) and the provisions of this Privacy Policy and applicable laws and regulations.

Any data subject has the following rights:

Contact us

In case you have any questions regarding data processing and protection or security measures we implement in order to ensure the implementation of our Privacy Policy, please contact us by email at privacy@snapcall.io.