Last update : 06/06/2020
1. Version history
2 Purpose of this document
We have prepared this Policy to help you understand the points described in the Table of Contents above
This Policy describes how Dial-Once processes personal and private data and how the company is committed to protecting the privacy of users of its websites, services and applications. However, a policy can not be comprehensive enough to answer all data processing questions. Therefore, Dial-Once, its partners or its customers may provide additional information (Supplement) specific to a product or service in addition to this Policy to inform of any other purposes of data collection. It is recommended that you read the Policy and Supplements, as well as any policies governing the use of data by Dial-Once Customers and Partners to better understand what actually applies to a specific product, technology, or service.
4 General Data Protection Regulation
The General Data Protection Regulation of April 27, 2016, in effect since May 25, 2018, deals with the protection of natural persons with regard to the processing of personal data. Personal Data and the free circulation of these data, and repeal the directive 95/46 / CE.
The GDPR defines the principles to be respected when collecting, processing and storing personal data. It strengthens the rights of natural persons on their data, provides for a removal of declarative paperwork and their replacement by responsibilities including internal documentation. The GDPR also specifies the powers of control and sanction of the regulation authority (in France, the National Commission of Computing and Liberties also known as CNIL).
The GDPR is applicable when there is an automated processing or a manual file, that is to say a computer file or a "paper" file containing personal information relating to natural persons who are citizens of a country of the European Union.
The GDPR does not generally apply to legal persons (e.g. a file containing company names). However, if a file contains the names of natural persons (e.g. the name of the sales manager), mobile phone numbers that may be personal, etc., the GDPR is applicable. The links below allow you to find out more about the applicable laws and organizations responsible for the protection of personal data.
The GDPR on the CNIL website
The CNIL website http://www.cnil.fr/
The official text of the GDPR on the EU website:
In this document, terms that start with a capital letter hold a precise definition that is explained hereunder:
"Customer" means a Dial-Once customer organization (a company, a public service, a local authority, etc.) that uses or implements a Dial-Once technology to digitize the customer relationship. Customer encompass the users of Dial-Once services that are made available to customers personnel.
"Partner" means a Dial-Once partner organization that implements Dial-Once Services in one of its mobile applications.
"User" means a natural person who comes in contact with or seeks to contact one of the Customer's services, usually its customer care service or call center.
The terms that are defined in the GDPR’s Article 4 have the meaning that is given to them is said article.
6 Data Processing Controllers
This Policy applies primarily to data processed by Dial-Once’s websites, applications, services and software products and to Dial-Once’s infrastructure for which Dial-Once is the processing controller. For any information regarding the processing that Dial-Once is a controller, Dial-Once can be contacted at: Dial-Once, 58 avenue de Wagram, 75017 Paris, France, at one of the contact telephone numbers on the website or by email at firstname.lastname@example.org.
6.2 Dial-Once Customers
7 Data Collection by Dial-Once
7.1 As a Data Controller
Dial-Once collects and processes only the personal data necessary for the provision of its services: contact details, email address for connecting to Dial-Once services, etc.
7.2 As a Data Processor
From a technical standpoint, the data collected by Dial-Once does not allow it to link the collected data with a User identified or identifiable by Dial-Once.
7.3 Objectives of data collection
In order to provide the services offered by Dial-Once, it is necessary to process data collected on a user's device (for example IP address, type of device, etc.) and / or supplied by the user (e-mail address -mail, name, first name ...).
When the applicable legal provisions allow it, Dial-Once reserves the right to use the information collected for the purpose of user support and statistics (in the case of use for statistical purposes, the data will be anonymized as soon as it is possible).
The processings in use within Dial-Once technologies have the following purposes:
7.4 As a Data Controller
Allowing the use of its services, in particular the creation of interfaces and scenarios, reporting, etc.
Offering optimized ergonomic and interesting content to visitors and users of its websites and services.
Gaining a better understanding of the visitors and users of its websites, the reasons for which they navigate there, the most visited pages or content, typical navigation routes, etc.
7.5 As a Data Processor
Providing Users with rich and ergonomic interactive interfaces when interacting with customer care services or user services of Dial-Once Customers.
Digitizing the "customer care relationship" and the interactions between the Users and the customer care services of Dial-Once Customers, in particular interactions intended to get in touch with the customer care services of said organizations (contact with an after-sales service, customer service, information center, etc.). To achieve that goal, data relating contact requests between Users and Clients are collected and aggregated. For example, the digitization process comprises the collection and recording of items such as the date and time of an interaction with a customer care service, its duration and the actions that resulted from it (redirection to a FAQ page or a specific page in the User's customer area, call to a specific number, etc.)
Providing services and solutions to improve the ergonomics and efficiency of the services rendered by the Customers of Dial-Once, customer care services, call centers, after-sales services, etc., including the provision of tools, methods and processes to analyze and increase the effectiveness of user interaction, user experience and quality of the services rendered by the Customer to its users or customers, and possibly make reconciliations between these interactions and data contained in its own files and databases;
Providing analyses, studies and statistical calculations concerning the interactions of the Users with the services of the Customer.
22.214.171.124 When digitizing customer relations or contact requests
The data collected by Dial Once as part of its customer care relationship digitization services are automatically collected. The User does not need to explicitly enter any of this data, except in cases where such data come from input fields explicitly embedded in the Customer's interfaces, built upon scenarios defined by the Customer.
These interfaces are similar to web pages and are built under the responsibility of the Customer.
According to the GDPR, the pseudonymisation of data is: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;.
This is the case of the processings operated by Dial-Once that do not collect for the implementation of its solutions enough data to enable it to identify a particular natural person. Actually, without one or more files allowing to link natural persons and the technical details of devices or connections (IP address, calling number, etc.), it is impossible to assign the data processed by Dial-Once to an identifiable natural person.
When it is necessary to identify a user, for example with an email address and a password, the interfaces implemented by Dial-Once for its Customers are built so that the users are, as soon as it is technically possible, systematically redirected to the services of the Customer. These services may include a web server or a mobile application, operated by the Customer. Thus, if during a contact request to your bank you are redirected to a Dial-Once visual interface and in said interface you are offered access to one of the online services of your bank, you will then use the mobile application or the website of your bank, without any interference with Dial-Once’s technology. Dial-Once has no access to data collected and processed when the User interacts with the Customer’s services. Thus, unless there is an explicit subcontracting agreement, Dial-Once is not able to collect the personal data processed by the services of its Customer. In the event that a subcontracting agreement between Dial-Once and a Customer involves the processing of personal data subcontracted to Dial-Once on behalf of that Customer, Dial-Once and its Customer are committed to ensuring that the provisions relating to such personal data, in particular the provisions relating to collection, processing, access, security and confidentiality measures are contractually in accordance with the law as well as with the best professional practices. All the partners, subcontractors and customers of Dial-Once are committed to strict compliance with legal provisions and best practices in this area.
Additional information may be provided voluntarily by the User, including comments or free input fields in which the user can enter text as she/he wishes. When a User has provided personal data, that personal data may be collected and stored by Dial-Once, its partners or Customers until such information is modified or deleted by the user or the retention period reaches its end.
A Customer which implements one of the Services, when it processes a data collected by Dial-Once in such a way that this data may be linked to at least one personal data collected by or for that Customer, is contractually committed to being in accordance with the law and best practices relating to the collection, processing, security, access and rights of modification and deletion of personal data collected or stored by said Customer. Certain provisions of this Policy may be taken back or adapted by said Customer in its own privacy policies, general terms and conditions of sale, use or service, its end-user license agreements, etc. Such a Customer does not need to mention Dial-Once in its contractual documents for its own customers or users, when the data collected by Dial-Once are not personal data per se or when existing provisions are covering the use that this Customer may make of the data collected by Dial Once and provided to it.
7.8 Collection and use of non-identifiable information
“Non-identifiable information” refers to information that cannot be used to identify a specific natural person, even after cross-checking. Dial-Once can collect a set of statistical information, such as the number of users of a mobile application or the attendance rate of a website. Dial-Once collects this information to understand how its products or services are used. Dial-Once can thus improve and streamline its services and better meet the needs of users and its customers and partners. Dial-Once may, at its discretion, collect, use, process, transfer or disclose non-identifiable information for other purposes.
Dial-Once is committed to making its best efforts so that personal data and non-identifiable data are separated and used independently. If the personal data is combined with non-identifiable data, the whole will be treated as personal data.
8 Processing Location
The processing that Dial-Once may perform on personal data is carried out in data centers located in Europe (Google Cloud Platform, Frankfurt, Germany, and/or any other Google data center located on the territory of the European Union and, in particular with regards to backups, Amazon S3, Frankfurt, Germany).
On a general standpoint, Dial-Once undertakes that the processing that Dial-Once may carry out on personal data, as a data controller or as a processor, is carried out in
data centers located in the territory of the European Union, or
in a country whose regulations regarding the protection of personal data have been deemed adequate by the competent European bodies (see here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), or
with a partner offering adequate and sufficient guarantees with regard to the protection of personal data, in particular via data protection agreements, binding corporate rules and certification mechanisms.
9 Processings Description
The processings that Dial-Once may perform on the data collected are as follows:
9.1 As a Data Controller
Collection, recording and use of data from prospects, contacts and users of Dial-Once services
Collection and recording of connections and actions of users of Dial-Once services
9.2 As a Data Processor
Collection and recording of user journeys and certain data from the terminal during an interaction,
Display Web pages via the terminal browser (during or at the end of the interaction),
Launching a mobile application (generally a mobile application offered by the Customer),
Analysis and Statistics to provide the Customer with reports concerning the interactions with end-users, for example:
Percentage of Interactions that did not require an effective telephone call
Most and least frequently used user journeys, most frequently used user journeys resulting in an actual phone call being placed...
10 Retention period of personal data
10.1 Data processed for the digitization of calls and contacts
10.2 Data processed for accessing Dial-Once services (dashboard, Interface Builder, technical support, etc.)
This period is governed by the contractual relationship that binds you with Dial-Once, or which links Dial-Once and your employer, your customer or any entity responsible for creating your access to the service.
11 What are your rights and how can you exercise them?
As a customer, prospect or user of our websites, our applications and websites or applications that use our technology, you have the right:
To request that your data, especially used to communicate with you (email address , phone, etc.), be erased from our files.
To request that your data processed to render one of our services be erased from our files. This is called the right to oblivion. If you exercise your right to oblivion, and you have access to one of our services that requires identification, this access will become impossible since your identifier will be deleted from our files.
To oppose the collection and processing of data concerning you when they are not strictly necessary. In certain cases, your email address may be necessary to access our services (including your access to the dashboard) because it is your username, and we need it to send you information, confirmation or activation emails, etc.;
Access the data collected about you and retrieve it in a standard electronic format;
To obtain rectification of the data that concern you;
To request a limitation of their processing - for example by refusing any use for prospecting purposes.
These rights can be exercised by sending an email to the address email@example.com or by contacting us by land mail at the above address or using the contact details available on our website https://www.dial-once.com/en/.
If you are not a registered user of one of our services, your requests should not be addressed to us, but to the Customer whose interface you have implemented using Dial Once technology.
You will certainly have to provide certain details in order to be able to identify the data that concerns you because, as stated above, the data processed by Dial-Once to customer care relationship do not allow us to identify you directly. Some of the details we may need to ask you are: the IP address(es) assigned to your device at the time of your interactions, as well as the time-stamped ranges for assigning these addresses, the MSISDN (your telephone number) assigned to your phone subscription and the period of that subscription, or other information about your connections or your device.
In order to allow the execution of the requests made to it, Dial-Once reserves the right to carry out or to have a third party carrying out any necessary verification intended to establish the correspondence between a particular person asking to exercise its rights and the data which concerns it, including identity checks.
You also have the right to lodge a complaint with a supervisory authority and to lodge a judicial appeal, in particular if your requests for claiming your rights have not been processed within one month after they have been filed. In France, the supervisor authority is the CNIL who can be contacted via the suitable forms on its website cnil.fr.
12 What types of personal data are processed?
12.1 As a Data Controller
Last name, first name, email address, professional contact details, professional position
Connection data: IP address, time stamp of connections (logging).
Cookie and tracker data
12.2 As a Data Processor
To implement its solutions, Dial-Once processes data among the following types:
Connection data: IP address, connection timestamp (logging).
Terminal data (data provided by web browsers, MSISDN number, etc.)
Interface usage data: these are the data relating to the use of the interface by a User, for example: opening of the home page, navigation to the help page, activation of an element allowing to make a call explicitly, etc.
Data directly provided by the users: some of the interfaces can indeed propose to the User to enter text or to enter other data in the fields provided for this purpose. The Customer decides if such fields are to be used and is responsible for it (Dial-Once is then a subcontractor who acts on behalf of his customer). Some data from satisfaction surveys may be parts of this type of data.
12.3 Geolocated Services
By default, Dial-Once does not collect, retrieve, use or process any geolocation data, neither precise nor fuzzy. For example, if an application, a website, or a service that ships or implements a Dial-Once solution processes certain location data, that data is not collected by any of the Dial-Once solutions or technologies.
13 Transfer of Collected Data
13.1 Recipients of data collected by Dial-Once
Dial-Once subcontractors and suppliers may be required to process on their behalf any type of data, including personal data. This is for instance the case with the hosting companies. Dial-Once and its partners, suppliers and subcontractors are mutually committed to compliance with regulations and industry standards with regard to the protection of data, especially personal data.
13.1.1 As a Data Controller
Dial-once can transfer personal data to its subcontractors and partners, in particular accounting services, technical support services, suppliers of office automation solutions, cloud computing or after-sales service, etc.
13.1.2 As a Data Processor
Pseudonymized data processed by Dial-Once is transmitted exclusively to the Customer whose services you have interacted with. This Customer is contractually the owner of this data.
Dial-Once teams that need to access these data in the course of their missions, especially the technical teams, have of course the possibility to access this pseudonymised data, when this is necessary for the fulfillment of their mission.
No collected data is transmitted automatically when a User performs an action that has the effect of causing the opening of an external page such as those of the client area accessible to Users of the Customer's services. The opening of such an external page and the interactions that the User can then make with it are not processed by Dial-Once but by the browser or mobile application in charge of processing these pages.
13.2 Protection during data transfers
Whether inside Europe or with a country or an organization outside Europe, Dial-Once is committed to the protection of personal data: each recipient is scrupulously chosen or identified according to the guarantees it offers to protect the personal data transmitted to it. In particular, in the event that data is accessed from a third-party location located outside the European Union, in particular for technical support or maintenance purposes, Dial-Once undertakes that all such transfers will be compliant with provisions guaranteeing protection of personal data in accordance with Articles 45 (adequacy, in particular with regard to the EU-US Privacy Shield), 46 (Transfer with appropriate guarantees, in particular contractual commitments) or 47 (Binding Company Rules) of the GDPR.
14 Disclosure of personal data
Dial-Once may disclose collected data in the following cases:
14.1 Disclosure with explicit consent
After obtaining the consent of the user, Dial-Once may share certain data collected with the parties, in a manner that has been decided by the user.
14.2 Disclosure to Affiliates of Dial-Once
The collected data may be shared between Affiliates of Dial-Once. No more than the minimum information necessary to our affiliates will be disclosed to them.
14.3 Disclosure to authorized cooperation partners
Dial-Once can provide services through its partners, including suppliers and subcontractors. As a result, Dial-Once may share some of the information it collects with its partners to provide better customer service and improve the overall user experience, as well as the delivery of Dial-Once Services to its customers, partners or implemented with its suppliers and subcontractors. The collected data are processed only for specified, explicit and legitimate purposes, and the amount of data is limited to the minimum necessary for the fulfillment of the intended purposes. Unless expressly authorized, Affiliates or Partners of Dial-Once are not allowed to use collected data shared for any other purpose.
The list of such recipients of personal data is available on demand.
14.4 Disclosure of data collected according to compelling or reasonably necessary legal requirements
Dial-Once may disclose certain data previously collected if it is required by law, judicial procedures or bodies, administrative or public authorities. Certain information collected may also be disclosed to parties to a transaction if Dial-Once is being restructured, merged or liquidated for insolvency. Dial-Once may also disclose certain information in reasonably necessary situations, including to enforce its terms and conditions, and to protect its customers and partners.
15 How Dial-Once protects the collected data
Dial-Once takes seriously the security of data collected related to the users of its services and solutions. We follow industry practices and standards to protect any personal data to prevent unauthorized access, disclosure, use, modification, alteration, or loss. We take all reasonable steps to protect personal data, for example we can:
use encryption algorithms to ensure data confidentiality;
use reliable protection mechanisms to protect data from malicious attacks;
set up access control mechanisms, allowing only authorized personnel to access personal data;
ensure that employees understand the importance of personal data protection through training sessions on security awareness and privacy protection;
engage in contractual arrangements with our customers and partners so that the collected data shared with them is processed in a manner similar to that described in this Policy.
We take all reasonable steps to limit the collection of data, especially personal data, to sufficient and relevant data. We retain the collected data only during the period necessary for the purposes set out in this Policy or during the term of the contractual commitment justifying the retention of such data, and do not store any personal data for longer unless a period of longer retention is required or permitted by law.
In practice, Dial Once uses state-of-the-art technologies in its infrastructure for storage, redundancy, backup, replication and, in a general way, everything concerning the data stored or transmitted within the elements of the network infrastructure.
Dial Once infrastructure is hosted in at least two separate data centers located in Europe. As of this document, these data centers are mainly located in Germany, Frankfurt region. The data centers used by Dial-Once are among the safest and most secure. They are certified by one or more labels, standards and standards of the data center industry: PCI-DSS, Tier-III, ISO27001 ... Storage is replicated between several data centers. Thus, if the storage in a particular data center is completely failing, another data center can take over automatically, ensuring the resiliency of the data.
Automatic data backup in Frankfurt, Germany is implemented.
Although we strive to protect the personal data collected, no security measure is perfect or 100% inviolable.
16 How the data collected by Dial-Once is transferred internationally
The servers that host the Dial-Once infrastructure are located in Germany, in France and/or in a country member of the EU. A backup server is located in Germany.
To find out more about the cookies and trackers that we use, please refer to our dedicated document for the implementation of cookies and trackers.
18 Providers, third parties and their services
To simplify and improve the user experience, it is possible to navigate to the contents or hypertext links of third parties ("Third Parties") external to Dial-Once, its Partners and Customers. Dial-Once has no control over said Third Parties and a User may decide whether to access their hyperlinks or content, or use their services or products.
Dial-Once can not control the data protection and privacy measures put in place by third parties, and such measures will not be governed by this Policy. If a User decides to voluntarily provide information to third parties, it will be necessary to refer to their own privacy policies.
19 How this Policy is updated
20 How to contact Dial-Once
If you have any questions, comments or suggestions regarding the protection of personal data that can be processed by Dial-Once on its own behalf (as a data controller), please contact us by email at firstname.lastname@example.org.
21 Applicable Language
22 Applicable Law