Dial-Once Privacy Policy and GDPR Provisions

Last update : 06/06/2020

1. Version history

 

 

 

 

 

 

​2​ Purpose of this document 

Definitions and references to Dial-Once's privacy policy applicable to end-users, regarding its technologies, solutions, applications, websites and publications.

 

If you have any questions, comments or suggestions, please contact us by email at privacy@dial-once.com or dpo@dial-once.com.

 

Dial-Once and its affiliated companies ("Dial-Once" or "We / Our / Ours") understand the importance of privacy of users, direct or indirect, who use our technologies and solutions. We are totally committed to protecting it. It is recommended that you do not use any of Dial-Once’s solutions or technology, directly or indirectly, nor that you submit or provide any personal or private data to Dial-Once or any entity that uses Dial-Once’s technology or solutions without having fully read, understood and accepted this Privacy Policy ("the Policy").

 

We have prepared this Policy to help you understand the points described in the Table of Contents above

​3​ Preamble

Dial-Once respects the fundamental users’ rights with respect to the protection of privacy and data received from users. This privacy policy is established to clarify what data a user may share with Dial-Once during the installation, operation or use of a technology or service developed by Dial-Once (Services). This policy also describes how Dial-Once receives, collects and uses the data shared with it.

 

This Policy describes how Dial-Once processes personal and private data and how the company is committed to protecting the privacy of users of its websites, services and applications. However, a policy can not be comprehensive enough to answer all data processing questions. Therefore, Dial-Once, its partners or its customers may provide additional information (Supplement) specific to a product or service in addition to this Policy to inform of any other purposes of data collection. It is recommended that you read the Policy and Supplements, as well as any policies governing the use of data by Dial-Once Customers and Partners to better understand what actually applies to a specific product, technology, or service.

 

By using the Services, users, customers and partners expressly agree to be bound by this Privacy Policy as well as any future modifications and additions published at https://dial-once.com/ privacy-policy.

​4​ General Data Protection Regulation

The General Data Protection Regulation of April 27, 2016, in effect since May 25, 2018, deals with the protection of natural persons with regard to the processing of personal data. Personal Data and the free circulation of these data, and repeal the directive 95/46 / CE. 

The GDPR defines the principles to be respected when collecting, processing and storing personal data. It strengthens the rights of natural persons on their data, provides for a removal of declarative paperwork and their replacement by responsibilities including internal documentation. The GDPR also specifies the powers of control and sanction of the regulation authority (in France, the National Commission of Computing and Liberties also known as CNIL).

The GDPR is applicable when there is an automated processing or a manual file, that is to say a computer file or a "paper" file containing personal information relating to natural persons who are citizens of a country of the European Union.

 

The GDPR does not generally apply to legal persons (e.g. a file containing company names). However, if a file contains the names of natural persons (e.g. the name of the sales manager), mobile phone numbers that may be personal, etc., the GDPR is applicable. The links below allow you to find out more about the applicable laws and organizations responsible for the protection of personal data.

https://publications.europa.eu/en/publication-detail/-/publication/3e485e15-11bd-11e6-ba9a-01aa75ed71a1/language-en  

​5​ Definitions

In this document, terms that start with a capital letter hold a precise definition that is explained hereunder:

 

"Customer" means a Dial-Once customer organization (a company, a public service, a local authority, etc.) that uses or implements a Dial-Once technology to digitize the customer relationship. Customer encompass the users of Dial-Once services that are made available to customers personnel.

"Partner" means a Dial-Once partner organization that implements Dial-Once Services in one of its mobile applications.

"User" means a natural person who comes in contact with or seeks to contact one of the Customer's services, usually its customer care service or call center.

The terms that are defined in the GDPR’s Article 4 have the meaning that is given to them is said article.

​6​ Data Processing Controllers
​6.1​ Dial-Once

This Policy applies primarily to data processed by Dial-Once’s websites, applications, services and software products and to Dial-Once’s infrastructure for which Dial-Once is the processing controller. For any information regarding the processing that Dial-Once is a controller, Dial-Once can be contacted at: Dial-Once, 58 avenue de Wagram, 75017 Paris, France, at one of the contact telephone numbers on the website www.dial-once.com or by email at dpo@dial-once.com.

​6.2​ Dial-Once Customers

Infrastructure and services can be implemented by Dial-Once Customers. They may collect personal data on their own and under their own responsibility. When personal data is processed by Dial-Once Customers using one of the Dial-Once technologies, Dial-Once acts as a Data Processor (a subcontractor) with respect to that data. With respect to this data, the Customer's Privacy Policy prevails or applies where applicable. Nonetheless, this Privacy Policy contains information relevant to the data collected and processed by Dial-Once to provide the services that Dial-Once Customers subcontract to it.

 

​7​ Data Collection by Dial-Once
​7.1​ As a Data Controller

Dial-Once collects and processes only the personal data necessary for the provision of its services: contact details, email address for connecting to Dial-Once services, etc.

​7.2​ As a Data Processor

From a technical standpoint, the data collected by Dial-Once does not allow it to link the collected data with a User identified or identifiable by Dial-Once.

 
​7.3​ Objectives of data collection

In order to provide the services offered by Dial-Once, it is necessary to process data collected on a user's device (for example IP address, type of device, etc.) and / or supplied by the user (e-mail address -mail, name, first name ...).

 

When the applicable legal provisions allow it, Dial-Once reserves the right to use the information collected for the purpose of user support and statistics (in the case of use for statistical purposes, the data will be anonymized as soon as it is possible).

 

The processings in use within Dial-Once technologies have the following purposes:

 

​7.4​ As a Data Controller
  • Allowing the use of its services, in particular the creation of interfaces and scenarios, reporting, etc.

  • Offering optimized ergonomic and interesting content to visitors and users of its websites and services.

  • Gaining a better understanding of the visitors and users of its websites, the reasons for which they navigate there, the most visited pages or content, typical navigation routes, etc.


 

​7.5​ As a Data Processor
  • Providing Users with rich and ergonomic interactive interfaces when interacting with customer care services or user services of Dial-Once Customers.

  • Digitizing the "customer care relationship" and the interactions between the Users and the customer care services of Dial-Once Customers, in particular interactions intended to get in touch with the customer care services of said organizations (contact with an after-sales service, customer service, information center, etc.). To achieve that goal, data relating contact requests between Users and Clients are collected and aggregated. For example, the digitization process comprises the collection and recording of items such as the date and time of an interaction with a customer care service, its duration and the actions that resulted from it (redirection to a FAQ page or a specific page in the User's customer area, call to a specific number, etc.)

  • Providing services and solutions to improve the ergonomics and efficiency of the services rendered by the Customers of Dial-Once, customer care services, call centers, after-sales services, etc., including the provision of tools, methods and processes to analyze and increase the effectiveness of user interaction, user experience and quality of the services rendered by the Customer to its users or customers, and possibly make reconciliations between these interactions and data contained in its own files and databases;

  • Providing analyses, studies and statistical calculations concerning the interactions of the Users with the services of the Customer.

​7.5.0.1​ When digitizing customer relations or contact requests

The data collected by Dial Once as part of its customer care relationship digitization services are automatically collected. The User does not need to explicitly enter any of this data, except in cases where such data come from input fields explicitly embedded in the Customer's interfaces, built upon scenarios defined by the Customer. 

These interfaces are similar to web pages and are built under the responsibility of the Customer.

​7.6​ Pseudonymisation

According to the GDPR, the pseudonymisation of data is: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;.

 

This is the case of the processings operated by Dial-Once that do not collect for the implementation of its solutions enough data to enable it to identify a particular natural person. Actually, without one or more files allowing to link natural persons and the technical details of devices or connections (IP address, calling number, etc.), it is impossible to assign the data processed by Dial-Once to an identifiable natural person.

​7.7​ Compartmentalization

When it is necessary to identify a user, for example with an email address and a password, the interfaces implemented by Dial-Once for its Customers are built so that the users are, as soon as it is technically possible, systematically redirected to the services of the Customer. These services may include a web server or a mobile application, operated by the Customer. Thus, if during a contact request to your bank you are redirected to a Dial-Once visual interface and in said interface you are offered access to one of the online services of your bank, you will then use the mobile application or the website of your bank, without any interference with Dial-Once’s technology. Dial-Once has no access to data collected and processed when the User interacts with the Customer’s services. Thus, unless there is an explicit subcontracting agreement, Dial-Once is not able to collect the personal data processed by the services of its Customer. In the event that a subcontracting agreement between Dial-Once and a Customer involves the processing of personal data subcontracted to Dial-Once on behalf of that Customer, Dial-Once and its Customer are committed to ensuring that the provisions relating to such personal data, in particular the provisions relating to collection, processing, access, security and confidentiality measures are contractually in accordance with the law as well as with the best professional practices. All the partners, subcontractors and customers of Dial-Once are committed to strict compliance with legal provisions and best practices in this area. 

 

Additional information may be provided voluntarily by the User, including comments or free input fields in which the user can enter text as she/he wishes. When a User has provided personal data, that personal data may be collected and stored by Dial-Once, its partners or Customers until such information is modified or deleted by the user or the retention period reaches its end. 

 

 

A Customer which implements one of the Services, when it processes a data collected by Dial-Once in such a way that this data may be linked to at least one personal data collected by or for that Customer, is contractually committed to being in accordance with the law and best practices relating to the collection, processing, security, access and rights of modification and deletion of personal data collected or stored by said Customer. Certain provisions of this Policy may be taken back or adapted by said Customer in its own privacy policies, general terms and conditions of sale, use or service, its end-user license agreements, etc. Such a Customer does not need to mention Dial-Once in its contractual documents for its own customers or users, when the data collected by Dial-Once are not personal data per se or when existing provisions are covering the use that this Customer may make of the data collected by Dial Once and provided to it.

​7.8​ Collection and use of non-identifiable information 

“Non-identifiable information” refers to information that cannot be used to identify a specific natural person, even after cross-checking. Dial-Once can collect a set of statistical information, such as the number of users of a mobile application or the attendance rate of a website. Dial-Once collects this information to understand how its products or services are used. Dial-Once can thus improve and streamline its services and better meet the needs of users and its customers and partners. Dial-Once may, at its discretion, collect, use, process, transfer or disclose non-identifiable information for other purposes.

 

Dial-Once is committed to making its best efforts so that personal data and non-identifiable data are separated and used independently. If the personal data is combined with non-identifiable data, the whole will be treated as personal data.

​8​ Processing Location

The processing that Dial-Once may perform on personal data is carried out in data centers located in Europe (Google Cloud Platform, Frankfurt, Germany, and/or any other Google data center located on the territory of the European Union and, in particular with regards to backups, Amazon S3, Frankfurt, Germany).

On a general standpoint, Dial-Once undertakes that the processing that Dial-Once may carry out on personal data, as a data controller or as a processor, is carried out in 

data centers located in the territory of the European Union, or 

​9​ Processings Description

The processings that Dial-Once may perform on the data collected are as follows:

​9.1​ As a Data Controller
  • Collection, recording and use of data from prospects, contacts and users of Dial-Once services

  • Collection and recording of connections and actions of users of Dial-Once services

​9.2​ As a Data Processor
  • Collection and recording of user journeys and certain data from the terminal during an interaction, 

  • Display Web pages via the terminal browser (during or at the end of the interaction),

  • Launching a mobile application (generally a mobile application offered by the Customer),

  • Analysis and Statistics to provide the Customer with reports concerning the interactions with end-users, for example:

    • Percentage of Interactions that did not require an effective telephone call

    • Most and least frequently used user journeys, most frequently used user journeys resulting in an actual phone call being placed...

​10​ Retention period of personal data
​10.1​ Data processed for the digitization of calls and contacts

This period is fixed by contract between Dial-Once and its Customers and is never greater than 12 months. This duration is usually mentioned in the documents (privacy policy, terms and conditions, etc.) made available to you by Dial-Once’s Customer whose services you have interacted with.

​10.2​ Data processed for accessing Dial-Once services (dashboard, Interface Builder,  technical support, etc.)

This period is governed by the contractual relationship that binds you with Dial-Once, or which links Dial-Once and your employer, your customer or any entity responsible for creating your access to the service.

​11​ What are your rights and how can you exercise them?

As a customer, prospect or user of our websites, our applications and websites or applications that use our technology, you have the right:

  • To request that your data, especially used to communicate with you (email address , phone, etc.), be erased from our files. 

  • To request that your data processed to render one of our services be erased from our files. This is called the right to oblivion. If you exercise your right to oblivion, and you have access to one of our services that requires identification, this access will become impossible since your identifier will be deleted from our files.

  • To oppose the collection and processing of data concerning you when they are not strictly necessary. In certain cases, your email address may be necessary to access our services (including your access to the dashboard) because it is your username, and we need it to send you information, confirmation or activation emails, etc.;

  • Access the data collected about you and retrieve it in a standard electronic format;

  • To obtain rectification of the data that concern you; 

  • To request a limitation of their processing - for example by refusing any use for prospecting purposes.

 

These rights can be exercised by sending an email to the address dpo@dial-once.com or by contacting us by land mail at the above address or using the contact details available on our website https://www.dial-once.com/en/

 

If you are not a registered user of one of our services, your requests should not be addressed to us, but to the Customer whose interface you have implemented using Dial Once technology.

You will certainly have to provide certain details in order to be able to identify the data that concerns you because, as stated above, the data processed by Dial-Once to customer care relationship do not allow us to identify you directly. Some of the details we may need to ask you are: the IP address(es) assigned to your device at the time of your interactions, as well as the time-stamped ranges for assigning these addresses, the MSISDN (your telephone number) assigned to your phone subscription and the period of that subscription, or other information about your connections or your device.

 

In order to allow the execution of the requests made to it, Dial-Once reserves the right to carry out or to have a third party carrying out any necessary verification intended to establish the correspondence between a particular person asking to exercise its rights and the data which concerns it, including identity checks.

You also have the right to lodge a complaint with a supervisory authority and to lodge a judicial appeal, in particular if your requests for claiming your rights have not been processed within one month after they have been filed. In France, the supervisor authority is the CNIL who can be contacted via the suitable forms on its website cnil.fr

​12​ What types of personal data are processed?
​12.1​ As a Data Controller
  • Last name, first name, email address, professional contact details, professional position

  • Connection data: IP address, time stamp of connections (logging).

  • Cookie and tracker data

​12.2​ As a Data Processor

To implement its solutions, Dial-Once processes data among the following types:

  • Connection data: IP address, connection timestamp (logging).

  • Terminal data (data provided by web browsers, MSISDN number, etc.)

  • Interface usage data: these are the data relating to the use of the interface by a User, for example: opening of the home page, navigation to the help page, activation of an element allowing to make a call explicitly, etc.

  • Data directly provided by the users: some of the interfaces can indeed propose to the User to enter text or to enter other data in the fields provided for this purpose. The Customer decides if such fields are to be used and is responsible for it (Dial-Once is then a subcontractor who acts on behalf of his customer). Some data from satisfaction surveys may be parts of this type of data.

​12.3​ Geolocated Services

By default, Dial-Once does not collect, retrieve, use or process any geolocation data, neither precise nor fuzzy. For example, if an application, a website, or a service that ships or implements a Dial-Once solution processes certain location data, that data is not collected by any of the Dial-Once solutions or technologies.

​13​ Transfer of Collected Data
​13.1​ Recipients of data collected by Dial-Once

Dial-Once subcontractors and suppliers may be required to process on their behalf any type of data, including personal data. This is for instance the case with the hosting companies. Dial-Once and its partners, suppliers and subcontractors are mutually committed to compliance with regulations and industry standards with regard to the protection of data, especially personal data.

​13.1.1​ As a Data Controller

Dial-once can transfer personal data to its subcontractors and partners, in particular accounting services, technical support services, suppliers of office automation solutions, cloud computing or after-sales service, etc.

​13.1.2​ As a Data Processor

Pseudonymized data processed by Dial-Once is transmitted exclusively to the Customer whose services you have interacted with. This Customer is contractually the owner of this data.

 

Dial-Once teams that need to access these data in the course of their missions, especially the technical teams, have of course the possibility to access this pseudonymised data, when this is necessary for the fulfillment of their mission.

 

No collected data is transmitted automatically when a User performs an action that has the effect of causing the opening of an external page such as those of the client area accessible to Users of the Customer's services. The opening of such an external page and the interactions that the User can then make with it are not processed by Dial-Once but by the browser or mobile application in charge of processing these pages.

 

​13.2​ Protection during data transfers

Whether inside Europe or with a country or an organization outside Europe, Dial-Once is committed to the protection of personal data: each recipient is scrupulously chosen or identified according to the guarantees it offers to protect the personal data transmitted to it. In particular, in the event that data is accessed from a third-party location located outside the European Union, in particular for technical support or maintenance purposes, Dial-Once undertakes that all such transfers will be compliant with provisions guaranteeing protection of personal data in accordance with Articles 45 (adequacy, in particular with regard to the EU-US Privacy Shield), 46 (Transfer with appropriate guarantees, in particular contractual commitments) or 47 (Binding Company Rules) of the GDPR.

​14​ Disclosure of personal data

Dial-Once may disclose collected data in the following cases:

​14.1​ Disclosure with explicit consent

After obtaining the consent of the user, Dial-Once may share certain data collected with the parties, in a manner that has been decided by the user.

 
​14.2​ Disclosure to Affiliates of Dial-Once

The collected data may be shared between Affiliates of Dial-Once. No more than the minimum information necessary to our affiliates will be disclosed to them.

 
​14.3​ Disclosure to authorized cooperation partners

Dial-Once can provide services through its partners, including suppliers and subcontractors. As a result, Dial-Once may share some of the information it collects with its partners to provide better customer service and improve the overall user experience, as well as the delivery of Dial-Once Services to its customers, partners or implemented with its suppliers and subcontractors. The collected data are processed only for specified, explicit and legitimate purposes, and the amount of data is limited to the minimum necessary for the fulfillment of the intended purposes. Unless expressly authorized, Affiliates or Partners of Dial-Once are not allowed to use collected data shared for any other purpose.

 

The list of such recipients of personal data is available on demand.

 
​14.4​ Disclosure of data collected according to compelling or reasonably necessary legal requirements

Dial-Once may disclose certain data previously collected if it is required by law, judicial procedures or bodies, administrative or public authorities. Certain information collected may also be disclosed to parties to a transaction if Dial-Once is being restructured, merged or liquidated for insolvency. Dial-Once may also disclose certain information in reasonably necessary situations, including to enforce its terms and conditions, and to protect its customers and partners.

 

​15​ How Dial-Once protects the collected data

Dial-Once takes seriously the security of data collected related to the users of its services and solutions. We follow industry practices and standards to protect any personal data to prevent unauthorized access, disclosure, use, modification, alteration, or loss. We take all reasonable steps to protect personal data, for example we can:

  • use encryption algorithms to ensure data confidentiality;

  • use reliable protection mechanisms to protect data from malicious attacks;

  • set up access control mechanisms, allowing only authorized personnel to access personal data;

  • ensure that employees understand the importance of personal data protection through training sessions on security awareness and privacy protection;

  • engage in contractual arrangements with our customers and partners so that the collected data shared with them is processed in a manner similar to that described in this Policy.

We take all reasonable steps to limit the collection of data, especially personal data, to sufficient and relevant data. We retain the collected data only during the period necessary for the purposes set out in this Policy or during the term of the contractual commitment justifying the retention of such data, and do not store any personal data for longer unless a period of longer retention is required or permitted by law.

 

In practice, Dial Once uses state-of-the-art technologies in its infrastructure for storage, redundancy, backup, replication and, in a general way, everything concerning the data stored or transmitted within the elements of the network infrastructure.

 

Dial Once infrastructure is hosted in at least two separate data centers located in Europe. As of this document, these data centers are mainly located in Germany, Frankfurt region. The data centers used by Dial-Once are among the safest and most secure. They are certified by one or more labels, standards and standards of the data center industry: PCI-DSS, Tier-III, ISO27001 ... Storage is replicated between several data centers. Thus, if the storage in a particular data center is completely failing, another data center can take over automatically, ensuring the resiliency of the data.

 

Automatic data backup in Frankfurt, Germany is implemented.

 

Although we strive to protect the personal data collected, no security measure is perfect or 100% inviolable.

​16​ How the data collected by Dial-Once is transferred internationally 

The servers that host the Dial-Once infrastructure are located in Germany, in France and/or in a country member of the EU. A backup server is located in Germany.

Dial-Once only transfers the data it has collected and / or processes to its Customers and partners (subcontractors and suppliers) with whom it has a contractual relationship. If one of our Clients or Partner is located outside the European Union, specific agreements are put in place to guarantee the provisions of this privacy policy and a level of protection and security equivalent to that which exists in France.

​17​ How Dial-Once uses cookies and similar technologies

To find out more about the cookies and trackers that we use, please refer to our dedicated document for the implementation of cookies and trackers.

 

​18​ Providers, third parties and their services

To simplify and improve the user experience, it is possible to navigate to the contents or hypertext links of third parties ("Third Parties") external to Dial-Once, its Partners and Customers. Dial-Once has no control over said Third Parties and a User may decide whether to access their hyperlinks or content, or use their services or products.

Dial-Once can not control the data protection and privacy measures put in place by third parties, and such measures will not be governed by this Policy. If a User decides to voluntarily provide information to third parties, it will be necessary to refer to their own privacy policies.

In addition, when a third party uses the services or solutions developed by Dial-Once, it is this third party's privacy policy that applies and Dial-Once can not be held liable for the personal data collected by said third party for its own use and without involving any Dial-Once solution.

 

​19​ How this Policy is updated

Dial-Once reserves the right to update or modify this Policy when deemed necessary. Dial-Once will notify users of changes through various channels. In the event of a change in our privacy policy, we will post the updated Privacy Policy on our website. Dial-Once also reserves the right to provide separate notifications (e.g. an electronic notification) informing of any changes to our privacy policy.

 

​20​ How to contact Dial-Once

If you have any questions, comments or suggestions regarding the protection of personal data that can be processed by Dial-Once on its own behalf (as a data controller), please contact us by email at dpo@dial-once.com.

​21​ Applicable Language

Important Notice: the local language version of the Dial-Once Privacy Policy may differ due to local laws and language habits. With regards to potential differences, the French version takes precedence.

​22​ Applicable Law

This privacy policy is governed by and built in accordance with French law without regard to any conflict of legal provisions. In the event that any provision of this Privacy Policy is found to be ineffective, invalid or unenforceable, it does not affect the effectiveness, validity and enforceability of the remaining provisions. In the case of the ineffectiveness, invalidity or unenforceability of any of these provisions, all parties agree to replace such provisions with an effective, valid and enforceable provision that is, in its economic result, as close as possible to the ineffective, invalid or unenforceable provision.

 

Copyright © Dial-Once Holdings. 2016-2020. All rights reserved.

Téléchargez notre livre blanc !

Pratique
Aide
Suivez-nous : 
  • LinkedIn - White Circle
  • Twitter - Cercle blanc
  • Instagram - Cercle blanc
  • Vimeo - Cercle blanc
  • YouTube - Cercle blanc

dialonce est une marque déposée depuis 2015, certifiée par Gartner comme "solution de SVI Visuel". 

© 2015 - 2020 dialonce - Tous droits réservés.