1 Version history
Last updated: 5 March 2019
2. Purpose of this document
This Policy describes how Dial-Once processes personal and private data and how the company is committed to protecting the privacy of users of its websites and applications. However, a policy can not be comprehensive enough to answer all data processing questions. Therefore, Dial-Once, its partners or its customers may provide additional information (Supplement) specific to a product or service in addition to this Policy to inform of any other purposes of data collection. It is recommended that you read the Policy and Supplements, as well as any policies governing the use of data by Dial-Once Customers and Partners to better understand what actually applies to a specific product, technology, or service.
4 General Data Protection Regulation
The General Data Protection Regulation of April 27, 2016, in effect since May 25, 2018, deals with the protection of natural persons with regard to the processing of personal data. Personal Data and the free circulation of these data, and repeal the directive 95/46 / CE.
The GDPR defines the principles to be respected when collecting, processing and storing personal data. It strengthens the rights of natural persons on their data, provides for a removal of declarative paperwork and their replacement by responsibilities including internal documentation. The GDPR also specifies the powers of control and sanction of the regulation authority (in France, the National Commission of Computing and Liberties also known as CNIL). The GDPR is applicable when there is an automated processing or a manual file, that is to say a computer file or a "paper" file containing personal information relating to natural persons who are citizens of a country of the European Union.
The GDPR does not generally apply to legal persons (e.g. a file containing company names). However, if a file contains the names of natural persons (e.g. the name of the sales manager), mobile phone numbers that may be personal, etc., the GDPR is applicable. The links below allow you to find out more about the applicable laws and organizations responsible for the protection of personal data.
● The GDPR on the CNIL website
● The CNIL website http://www.cnil.fr/
● The official text of the GDPR on the EU website: https://publications.europa.eu/en/publication-detail/-/publication/3e485e15-11bd-11e6-ba 9a-01aa75ed71a1/language-en
In this document, terms that start with a capital letter hold a precise definition that is explained hereunder:
"Customer" means a Dial-Once customer organization (a company, a public service, a local authority, etc.) that uses or implements a Dial-Once technology to digitize the customer relationship.
"Partner" means a Dial-Once partner organization that implements Dial-Once call digitization technology in one of its mobile applications. "User" means a natural person who comes in contact with or seeks to contact one of the Customer's services, usually its customer care service or call center.
The terms that are defined in the GDPR’s Article 4 have the meaning that is given to them is said article
6 Data Processing Controllers
This Policy applies primarily to data processed by Dial-Once’s websites, applications, services and software products and to Dial-Once’s infrastructure for which Dial-Once is the processing controller. For any information regarding the processing that Dial-Once is a controller, Dial-Once can be contacted at: Dial-Once, 58 avenue de Wagram, 75017 Paris, France, at one of the contact telephone numbers on the website or by email at firstname.lastname@example.org.
6.2 Dial-Once Customers
7 Data Collection by Dial-Once
From a technical standpoint, the data collected by Dial-Once does not allow it to link the collected data with a User identified or identifiable by Dial-Once.
7.1 Objectives of data collection
The processings offered by Dial-Once technologies are aimed at:
● providing Users with rich and ergonomic interactive interfaces when interacting with customer care services or user services of Dial-Once Customers.
● digitizing the "customer care relationship" and the interactions between the Users and the customer care services of Dial-Once Customers, in particular interactions intended to get in touch with the customer care services of said organizations (contact with an after-sales service, customer service, information center, etc.). To achieve that goal, data relating to contacts or contact requests between Users and Clients are collected and aggregated. For example, the digitization process comprises the collection and recording of items such as the date and time of a call to a customer care service, its duration and the actions that resulted from it (cancellation of an order, request for return service, claim registration, package collection request, etc.)
● providing services and solutions to improve the ergonomics and efficiency of the services rendered by the Customers of Dial-Once, customer care services, call centers, after-sales services, etc., including the provision of tools, methods and processes to analyze and increase the effectiveness of user interaction, user experience and quality of the services rendered by the Customer to its users or customers, and possibly make reconciliations between these interactions and data contained in its own files and databases;
● providing analyses, studies and statistical calculations concerning the interactions of the Users with the services of the Customer;
7.1.1 When digitizing calls or customer relations
The data collected by Dial Once as part of its customer care relationship digitization services are automatically collected. The User does not need to explicitly enter any of these data, except in cases where these data come from input fields explicitly embedded in the Customer's interfaces, built upon scenarios defined by the Customer. These interfaces are similar to web pages and are built under the responsibility of the Customer.
To provide the services offered by Dial-Once, it is necessary to process technical data collected on the device of a user (e.g. IP address, device identifier, device status, etc.). The data collected is mandatory, in particular for verification by Dial-Once that the device is correctly registered, is connected to a data network, or has certain functionalities. Where applicable legal provisions permit it, Dial-Once reserves the right to use the technical information collected for end-user support and statistics (in the case of use for statistical purposes, the data will be anonymized as soon as possible). The technical details of telephone devices are collected in particular to recognize a particular device so that it can be attached to past interactions, for example to offer first the service that has been used most frequently in the past. In order to be as unobtrusive as possible, Dial-Once does not use a third-party retargeting service , but 1 processes the technical details collected during the interactions in order to compute the probability that the device or User will be the same device or User whose data is already present in the Customer's interaction files with which the User is in contact. Please note that this recognition is not done overall but only in relation to the interactions previously carried out with the same client organization. For example, if one interacts with one’s insurer through a Dial-Once interface and then interact with a parcel delivery network through another Dial-Once interface, there is no overlap between the interactions one has made with either one of said
(1) For example, see here : https://www.brickmarketing.com/define-retargeting.htm interfaces.
For the sole purpose of providing one of the Services, and only for a finite list of phone numbers specifically associated with the Services, Dial-Once may collect and process incoming, outgoing and call duration data. With the same purpose, Dial-Once can also collect details about the phone used and enrich a listing of the user's interactions with one of the Services or with a particular customer service. Dial-Once technology can inhibit outgoing calls when the called number is in the list of numbers for which Dial-Once technology is to be enabled. Similarly, the Dial-Once technology can activate an interactive interface when the called or calling number is part of the list of numbers for which the Dial-Once technology is to be activated. When Dial-Once technology is embedded in a third-party application, the publisher of said application is committed to allowing end users to disable or enable the Dial-Once technology, for example via the parameter settings of said application. Furthermore, only interactions triggered by a call to or from a number in the list of numbers for which the Dial-Once technology is to be activated are processed. Dial-Once does not collect data on calls made to phone numbers that are not in the list of numbers for which Dial-Once technology is to be activated.
Dial-Once never collects the entire call log of a phone.
Dial-Once does not advertise to users. Dial-Once can use, in particular for the purpose of analysis, a unique identifier called "Advertising ID", generally used to anonymously identify a particular user and offer him targeted advertising (more information about this here). In such a case, Dial-Once does not establish, except with the express consent of the user, the relation between the unique identifier "Advertising ID" and personal information nor associate the unique identifier "Advertising ID" To device identification data (SSID, MAC address, IMEI, etc.).
According to the GDPR, the pseudonymisation of data is: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;.
This is the case of the processings operated by Dial-Once that does not collect for the implementation of its solutions enough data to enable it to identify a particular natural person. Actually, without one or more files allowing to link natural persons and the technical details of devices or connections (IP address, serial number of the device, etc.), it is impossible to assign the data processed by Dial-Once to an identifiable natural person.
Application publishers and Cutomers that embed Dial-Once technology have no access to data collected through Dial-Once technology. In addition, when it is necessary to identify a user, for example with an email address and a password, the interfaces implemented by Dial-Once for its Customers are built so that the users are, as soon as it is technically possible, systematically redirected to the services of the Customer. These services may include a web server or a mobile application, operated by the Customer. Thus, if during a call to your bank you are redirected to a Dial-Once visual interface and in said interface you are offered access to one of the online services of your bank, you will then use the mobile application or the website of your bank, without any interference with Dial-Once’s technology. Dial-Once has no access to data collected and processed when the User interacts with the Customer’s services. Thus, unless there is an explicit subcontracting agreement, Dial-Once is not able to collect the personal data processed by the services of its Customer. In the event that a subcontracting agreement between Dial-Once and a Customer involves the processing of personal data subcontracted to Dial-Once on behalf of that Client, Dial-Once and its Client are committed to ensuring that the provisions relating to such personal data, in particular the provisions relating to collection, processing, access, security and confidentiality measures are contractually in accordance with the law as well as with the best professional practices. All the partners, subcontractors and customers of Dial-Once are committed to strict compliance with legal provisions and best practices in this area.
Dial-Once may access a User's electronic address book, but does not collect, record or transmit any data from this address book. Dial-Once can use data from an address book for example to allow the display of a contact name instead of a phone number.
Additional information may be provided voluntarily by the User, including comments or free input fields in which the user can enter text as she/he wishes. When a User has provided personal data, that personal data may be collected and stored by Dial-Once, its partners or Customers until such information is modified or deleted by the user or the retention period reaches its end.
A Customer which implements one of the Services, when it processes a data collected by Dial-Once in such a way that this data may be linked to at least one personal data collected by or for that Customer, is contractually committed to being in accordance with the law and best practices relating to the collection, processing, security, access and rights of modification and deletion of personal data collected or stored by said Customer. Certain provisions of this Policy may be taken back or adapted by said Customer in its own privacy policies, general terms and conditions of sale, use or service, its end-user license agreements, etc. Such a Customer does not need to mention Dial-Once in its contractual documents for its own customers or users, when the data collected by Dial-Once are not personal data per se or when existing provisions cover the use that this Customer may make of the data collected by Dial Once and provided to it.
7.4 Collection and use of non-identifiable information
“Non-identifiable information” refers to information that cannot be used to identify a specific natural person, even after cross-checking. Dial-Once can collect a set of statistical information, such as the number of users of a mobile application or the attendance rate of a website. Dial-Once collects this information to understand how its products or services are used. Dial-Once can thus improve and streamline its services and better meet the needs of users and its customers and partners. Dial-Once may, at its discretion, collect, use, process, transfer or disclose non-identifiable information for other purposes.
Dial-Once is committed to making its best efforts so that personal data and non-identifiable data are separated and used independently. If the personal data is combined with non-identifiable data, the whole will be treated as personal data.
8 Processing Location
The processing that Dial-Once is likely to perform on personal data is carried out in data centers located in France (Iliad DC-3 and DC-2, Vitry-sur-Seine, 94), in Europe (Oracle Cloud Infrastructure, Frankfurt, Germany, Google Cloud Platform, Brussels, Belgium or any other data center located on the territory of the European Union and, in particular with regards to backups, Amazon S3, Frankfurt, Germany). Generally, Dial-Once commits to carry out the personal data processing that Dial-Once is likely to perform, in data centers located in the European Union or in a country and with a partner offering adequate and sufficient or appropriate safeguards with regard to personal data protection.
9 Processings Description
The processings that Dial-Once is likely to perform on the data collected are as follows:
● Collection and recording of user journeys and certain data from the terminal during an interaction, in particular before and after a call,
● Display Web pages via the terminal browser (during or at the end of the interaction),
● Launching a mobile application (generally a mobile application offered by the Customer),
● Analysis and Statistics to provide the Customer with reports concerning the interactions with end-users, for example:
o Percentage of Interactions that did not require an effective telephone call o Most and least frequently used user journeys, most frequently used user journeys resulting in an actual phone call being placed...
10 Retention period of personal data
10.1 Data processed for the digitization of calls and contacts
10.2 Data processed for accessing Dial-Once services (dashboard, technical support, etc.)
This period is governed by the contractual relationship that binds you with Dial-Once, or which links Dial-Once and your employer, your customer or any entity responsible for creating your access to the service.
11 What are your rights and how can you exercise them?
As a customer, prospect or user of our websites, our applications and websites or applications that use our technology, you have the right:
● To request that your data, especially used to communicate with you (email address , phone, etc.), be erased from our files.
● To request that your data processed to render one of our services be erased from our files. This is called the right to oblivion. If you exercise your right to oblivion, and you have access to one of our services that requires identification, this access will become impossible since your identifier will be deleted from our files.
● To oppose the collection and processing of data concerning you when they are not strictly necessary. In certain cases, your email address may be necessary to access our services (including your access to the dashboard) because it is your username, and we need it to send you information, confirmation or activation emails, etc.;
● Access the data collected about you and retrieve it in a standard electronic format;
● To obtain rectification of the data that concern you;
● To request a limitation of their processing - for example by refusing any use for prospecting purposes.
These rights can be exercised by sending an email to the address or by contacting us by land mail at the above address or using the contact details available on our website https://www.dial-once.com/en/.
If you are not a registered user of one of our services, we will need to have certain details in order to be able to identify the data that concerns you because, as stated above, the data processed by Dial-Once to digitize calls and customer care relationship do not allow us to identify you directly. Some of the details we may need to ask you are: the IP address(es) assigned to your device at the time of your interactions, as well as the time-stamped ranges for assigning these addresses, the Advertising ID or IdFA associated with your device/account, the MSISDN assigned to your phone subscription and the period of that subscription, or other information about your connections or your device.
In order to allow the execution of the requests made to it, Dial-Once reserves the right to carry out or to have a third party carrying out any necessary verification intended to establish the correspondence between a particular person asking to exercise its rights and the data which concerns it, including identity checks.
You also have the right to lodge a complaint with a supervisory authority and to lodge a judicial appeal, in particular if your requests for claiming your rights have not been processed within one month after they have been filed. In France, the supervisor authority is the CNIL who can be contacted via the suitable forms on its website cnil.fr.
12 What types of personal data are processed?
Dial-Once does not collect the entire call log of a phone.
To implement its solutions, Dial-Once processes data among the following types:
- Connection data: IP address, connection timestamp (logging).
- Terminal data (serial numbers or IMEI, environment data, including terminal type and
operating system and browser version, MSISDN number, etc.)
- Interface usage data: these are the data relating to the use of the interface by a User, for example: opening of the home page, navigation to the help page, activation of an element allowing to make a call explicitly (including the called number) etc.
- Data directly provided by the users: some of the interfaces can indeed propose to the User to enter text or to enter other data in the fields provided for this purpose. The Customer decides if such fields are to be used and is responsible for it (Dial-Once is then a subcontractor who acts on behalf of his customer). Some data from satisfaction surveys may be parts of this type of data.
12.1 Geolocated Services
By default, Dial-Once does not collect, retrieve, use or process any geolocation data, neither precise nor fuzzy. For example, if an application, a website, or a service that ships or implements a Dial-Once solution processes certain location data, that data is not collected by any of the Dial-Once solutions or technologies.
13 Transfer of Collected Data
13.1 Recipients of Data Collected by Dial-Once
Pseudonymized data processed by Dial-Once is transmitted exclusively to the Customer whose services you have interacted with. This Customer is contractually the owner of this data.
Dial-Once teams that need to access these data in the course of their missions, especially the technical teams, have of course the possibility to access this pseudonymised data, when this is necessary for the fulfilment of their mission.
Dial-Once subcontractors and suppliers may be required to process on their behalf any type of data, including personal data. This is for instance the case with the hosting companies. Dial-Once and its partners, suppliers and subcontractors are mutually committed to compliance with regulations and industry standards with regard to the protection of data, especially personal data. No collected data is transmitted automatically when a User performs an action that has the effect of causing the opening of an external page such as those of the client area accessible to Users of the Customer's services. The opening of such an external page and the interactions that the User can then make with it are not processed by Dial-Once but by the browser or mobile application in charge of processing these pages.
14 Disclosure of personal data
Dial-Once may disclose collected data in the following cases:
14.1 Disclosure with explicit consent
After obtaining the consent of the user, Dial-Once may share certain data collected with the parties, in a manner that has been decided by the user.
14.2 Disclosure to Affiliates of Dial-Once
The collected data may be shared between Affiliates of Dial-Once. No more than the minimum information necessary to our affiliates will be disclosed to them.
14.3 Disclosure to authorized cooperation partners
Dial-Once can provide services through its partners, including suppliers and subcontractors. As a result, Dial-Once may share some of the information it collects with its partners to provide better customer service and improve the overall user experience, as well as the delivery of Dial-Once Services to its customers, partners or implemented with its suppliers and subcontractors. The collected data are processed only for specified, explicit and legitimate purposes, and the amount of data is limited to the minimum necessary for the fulfilment of the intended purposes. Unless expressly authorized, Affiliates or Partners of Dial-Once are not allowed to use collected data shared for any other purpose.
14.4 Disclosure of data collected according to compelling or reasonably necessary
Dial-Once may disclose certain data previously collected if it is required by law, judicial procedures or bodies, administrative or public authorities. Certain information collected may also be disclosed to parties to a transaction if Dial-Once is being restructured, merged or liquidated for insolvency. Dial-Once may also disclose certain information in reasonably necessary situations, including to enforce its terms and conditions, and to protect its customers and partners.
15 How Dial-Once protects the collected data
Dial-Once takes seriously the security of data collected related to the users of its services and solutions. We follow industry practices and standards to protect any personal data to prevent unauthorized access, disclosure, use, modification, alteration, or loss. We take all reasonable steps to protect personal data, for example we can:
● use encryption algorithms to ensure data confidentiality;
● use reliable protection mechanisms to protect data from malicious attacks;
● set up access control mechanisms, allowing only authorized personnel to access personal data;
● ensure that employees understand the importance of personal data protection through training sessions on security awareness and privacy protection;
● engage in contractual arrangements with our customers and partners so that the collected data shared with them is processed in a manner similar to that described in this Policy. We take all reasonable steps to limit the collection of data, especially personal data, to sufficient and relevant data. We retain the collected data only during the period necessary for the purposes set out in this Policy or during the term of the contractual commitment justifying the retention of such data, and do not store any personal data for longer unless a period of longer retention is required or permitted by law.
In practice, Dial Once uses state-of-the-art technologies in its infrastructure for storage, redundancy, backup, replication and, in a general way, everything concerning the data stored or transmitted within the elements of the network infrastructure.
Dial Once infrastructure is hosted in at least two separate data centers located in Europe. As of this document, these data centers are located in Belgium, Brussels region and in Germany, Frankfurt region. The data centers used by Dial-Once are among the safest and most secure. They are certified by one or more labels, standards and standards of the data center industry: PCI-DSS, Tier-III, ISO27001 ... Storage is replicated between all data centers. Thus, if the storage in a particular data center is completely failing, another data center can take over automatically, ensuring the resiliency of the data.
Automatic data backup in Frankfurt, Germany is implemented.
Although we strive to protect the personal data collected, no security measure is perfect or 100% inviolable.
16 How the data collected by Dial-Once is transferred internationally
To allow websites and applications to function properly, small data files can be placed on users' computers or mobile devices. They are known as cookies. A cookie is a simple file stored on a computer or mobile device by the server of a website or a server offering similar services, for example "Web Services" offered to applications. Only the server that placed the cookie is able to retrieve or read its contents. Each cookie is unique and is linked to an internet browser or an application. A cookie may contain certain information, such as a unique identifier, the name of the site, numbers and characters. Cookies allow websites and applications to remember information, such as user preferences, information previously entered by the user through the website or the application in question.
17.2 Disable Cookies in your browser
The links below will help you learn more about what to do to disable cookies directly in your Internet browsers.
Please understand that totally disabling cookies for the use of our services may render them inoperative, partially or totally. The same is true for other websites and services.
17.2.1 Mozilla Firefox
17.2.2 Google Chrome
17.2.3 Apple Safari
For MacOS (MacBook, iMac, etc.): For iOS (iPhone, iPad, etc.) : https://support.apple.com/en-gb/HT201265
17.2.4 Microsoft Internet Explorer
17.2.5 Microsoft Edge
17.2.7 Other browsers
To disable or manage cookies in other browsers, refer to the browser's documentation or online help.
17.3 Resources to control cookies
To generally control third-party cookies, you can use the following online tools: http://www.youronlinechoices.com/uk/your-ad-choices
To disable most plotter cookies totally or only on certain sites, you can use the browser plug-in Ghostery.
17.4 Cookies used on Dial-Once sites
● Compile statistical data on the use of the site to improve it
● Share our web pages on social networks
● Facilitate user ability to browse our websites
Dial-Once uses different types of cookies:
● Cookies necessary for the smooth running of its services
● Functional cookies, intended to make your navigation easier
● Performance and audience measurement cookies
● Third-party cookies
17.4.1 Necessary Cookies
17.4.2 Functional Cookies
The following cookies provide features that make navigating the Dial-Once websites more ergonomic and are posted when you access these websites.
17.4.3 Cookies for performance and audience measurements
We may use analytics cookies to improve the performance of our websites, by collecting only login data for the date, time, Internet address, your device's protocol, and the page viewed. We do not transfer any of these data to third parties. We do not reuse them for other purposes, or intersect them with other processings including client files, and do not store them in any way for more than six months. In any case, we may use vendor analytics tools and associated cookies. For additional information, and subject to the availability of this information, refer, as appropriate, to the following sites:
For this purpose, your connection details may be transferred to this or, where appropriate, these providers. Located in the United States, they have certified that they comply with the US Department of Commerce's Privacy Shield, allowing such a transfer to be considered to provide a sufficient level of protection for data of a given nature.
Cookies in this category that may be used by one of our websites or our interfaces are:
17.4.4 Third-party Cookies
These cookies are created and used by third-party organizations. They are generally intended to help determine the interests of the user and to provide advertising and / or appropriate content.
Cookies in this category that may be used by one of our websites are:
18 Providers, third parties and their services
19 How this Policy is updated
20 How to contact Dial-Once
If you have any questions, comments or suggestions, please contact us by email at
21 Applicable Language
22 Applicable Law
Copyright © Dial-Once Holdings. 2016-2019. All rights reserved.