We have prepared this Policy to help you understand the points described in the Table of Contents above
This Policy describes how Dial-Once processes personal and private data and how the company is committed to protecting the privacy of users of its websites, services and applications. However, a policy can not be comprehensive enough to answer all data processing questions. Therefore, Dial-Once, its partners or its customers may provide additional information (Supplement) specific to a product or service in addition to this Policy to inform of any other purposes of data collection. It is recommended that you read the Policy and Supplements, as well as any policies governing the use of data by Dial-Once Customers and Partners to better understand what actually applies to a specific product, technology, or service.
The General Data Protection Regulation of April 27, 2016, in effect since May 25, 2018, deals with the protection of natural persons with regard to the processing of personal data. Personal Data and the free circulation of these data, and repeal the directive 95/46 / CE.
The GDPR defines the principles to be respected when collecting, processing and storing personal data. It strengthens the rights of natural persons on their data, provides for a removal of declarative paperwork and their replacement by responsibilities including internal documentation. The GDPR also specifies the powers of control and sanction of the regulation authority (in France, the National Commission of Computing and Liberties also known as CNIL).
The GDPR is applicable when there is an automated processing or a manual file, that is to say a computer file or a “paper” file containing personal information relating to natural persons who are citizens of a country of the European Union.
The GDPR does not generally apply to legal persons (e.g. a file containing company names). However, if a file contains the names of natural persons (e.g. the name of the sales manager), mobile phone numbers that may be personal, etc., the GDPR is applicable. The links below allow you to find out more about the applicable laws and organizations responsible for the protection of personal data.
The GDPR on the CNIL website
The CNIL website http://www.cnil.fr/
The official text of the GDPR on the EU website:
In this document, terms that start with a capital letter hold a precise definition that is explained hereunder:
“Customer” means a Dial-Once customer organization (a company, a public service, a local authority, etc.) that uses or implements a Dial-Once technology to digitize the customer relationship. Customer encompass the users of Dial-Once services that are made available to customers personnel.
“User” means a natural person who comes in contact with or seeks to contact one of the Customer’s services, usually its customer care service or call center.
“GDPR” means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
The terms that are defined in the GDPR’s Article 4 have the meaning that is given to them is said article
This Policy applies primarily to data processed by Dial-Once’s websites, applications, services and software products and to Dial-Once’s infrastructure for which Dial-Once is the processing controller. For any information regarding the processing that Dial-Once is a controller, Dial-Once can be contacted at: Dial-Once, 58 avenue de Wagram, 75017 Paris, France, at one of the contact telephone numbers on the website www.dial-once.com or by email at email@example.com.
6.2 Dial-Once Customers
7.1 As a Data Controller
Dial-Once collects and processes only the personal data necessary for the provision of its services: contact and customers details, email address for connecting to Dial-Once services, etc.
7.2 As a Data Processor
From a technical standpoint, the data collected by Dial-Once does not allow it to link the collected data with a User identified or identifiable by Dial-Once.
7.3 Objectives of data collection
In order to provide the services offered by Dial-Once, it is necessary to process data collected on a user’s device (for example IP address, telephone number required to receive an SMS, type of device, etc.) and / or supplied by the user (e-mail address -mail, name, first name …).
When the applicable legal provisions allow it, Dial-Once reserves the right to use the information collected for the purpose of user support and statistics (in the case of use for statistical purposes, the data will be anonymized as soon as it is possible).
The processings in use within Dial-Once technologies have the following purposes:
7.4 As a Data Controller
7.5 As a Data Processor
As a subcontractor, Dial-Once neither decides nor controls the purposes for which its Customers use its services and technologies. However, given the nature of said services and technologies, these purposes will often include the following:
18.104.22.168 When digitizing customer relations or contact requests
The data collected by Dial Once as part of its customer care relationship digitization services are automatically collected. The User does not need to explicitly enter any of this data, except in cases where such data come from input fields explicitly embedded in the Customer’s interfaces, built upon scenarios defined by the Customer.
These interfaces are similar to web pages and are built under the responsibility of the Customer.
According to the GDPR, the pseudonymisation of data is: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;.
This is the case of the processings operated by Dial-Once that do not collect for the implementation of its solutions enough data to enable it to identify a particular natural person. Actually, without one or more files allowing to link natural persons and the technical details of devices or connections (IP address, calling number, etc.), it is impossible to assign the data processed by Dial-Once to an identifiable natural person.
When it is necessary to identify a user, for example with an email address and a password, the interfaces implemented by Dial-Once for its Customers are built so that the users are, as soon as it is technically possible, systematically redirected to the services of the Customer. These services may include a web server allowing to connect to a user account or a mobile application, operated by the Customer. Thus, if during a contact request to your bank you are redirected to a Dial-Once visual interface and in said interface you are offered access to one of the online services of your bank, you will then use the mobile application or the website of your bank, without any interference with Dial-Once’s technology. Dial-Once has no access to data collected and processed when the User interacts with the Customer’s services. Thus, unless there is an explicit subcontracting agreement, Dial-Once is not able to collect the personal data processed by the services of its Customer. In the event that a subcontracting agreement between Dial-Once and a Customer involves the processing of personal data subcontracted to Dial-Once on behalf of that Customer, Dial-Once and its Customer are committed to ensuring that the provisions relating to such personal data, in particular the provisions relating to collection, processing, access, security and confidentiality measures are contractually in accordance with the law as well as with the best professional practices. All the partners, subcontractors and customers of Dial-Once are committed to strict compliance with legal provisions and best practices in this area.
Additional information may be provided voluntarily by the User, including comments or free input fields in which the user can enter text as she/he wishes. When a User has provided personal data, that personal data may be collected and stored by Dial-Once, its partners or Customers until such information is modified or deleted by the user or the retention period reaches its end.
A Customer which implements one of the Services, when it processes a data collected by Dial-Once in such a way that this data may be linked to at least one personal data collected by or for that Customer, is contractually committed to being in accordance with the law and best practices relating to the collection, processing, security, access and rights of modification and deletion of personal data collected or stored by said Customer. Certain provisions of this Policy may be taken back or adapted by said Customer in its own privacy policies, general terms and conditions of sale, use or service, its end-user license agreements, etc. Such a Customer does not need to mention Dial-Once in its contractual documents for its own customers or users, when the data collected by Dial-Once are not personal data per se or when existing provisions are covering the use that this Customer may make of the data collected by Dial Once and provided to it.
7.8 Collection and use of non-identifiable information
“Non-identifiable information” refers to information that cannot be used to identify a specific natural person, even after cross-checking. Dial-Once can collect a set of statistical information, such as the number of users of a mobile application or the attendance rate of a website. Dial-Once collects this information to understand how its products or services are used. Dial-Once can thus improve and streamline its services and better meet the needs of users and its customers and partners. Dial-Once may, at its discretion, collect, use, process, transfer or disclose non-identifiable information for other purposes.
Dial-Once is committed to making its best efforts so that personal data and non-identifiable data are separated and used independently. If the personal data is combined with non-identifiable data, the whole will be treated as personal data.
8 Processing Location
The processing that DialOnce may perform on personal data is carried out in data centers located in Europe. The list of subcontractors, data centers and processing location is available on demand.
On a general standpoint, DialOnce undertakes that the processing that DialOnce may carry out on personal data, as a data controller or as a processor, is carried out in
data centers located in the territory of the European Union, or
The processings that DialOnce may perform on the data collected are as follows:
9.1 As a Data Controller
9.2 As a Data Processor
10.1 Data processed for the digitization of calls and contacts
10.2 Data processed for accessing Dial-Once services (dashboard, Interface Builder, technical support, etc.)
This period is governed by the contractual relationship that binds you with Dial-Once, or which links Dial-Once and your employer, your customer or any entity responsible for creating your access to the service.
As a customer, prospect or user of our websites, our applications and websites or applications that use our technology, you have the right:
These rights can be exercised by sending an email to the address firstname.lastname@example.org or by contacting us by land mail at the above address or using the contact details available on our website https://www.dial-once.com/en/.
If you are not a registered user of one of our services, your requests should not be addressed to us, but to the Customer whose interface you have implemented using Dial Once technology.
You will certainly have to provide certain details in order to be able to identify the data that concerns you because, as stated above, the data processed by Dial-Once to customer care relationship do not allow us to identify you directly. Some of the details we may need to ask you are: the IP address(es) assigned to your device at the time of your interactions, as well as the time-stamped ranges for assigning these addresses, the MSISDN (your telephone number) assigned to your phone subscription and the period of that subscription, or other information about your connections or your device.
In order to allow the execution of the requests made to it, Dial-Once reserves the right to carry out or to have a third party carrying out any necessary verification intended to establish the correspondence between a particular person asking to exercise its rights and the data which concerns it, including identity checks.
You also have the right to lodge a complaint with a supervisory authority and to lodge a judicial appeal, in particular if your requests for claiming your rights have not been processed within one month after they have been filed. In France, the supervisor authority is the CNIL who can be contacted via the suitable forms on its website cnil.fr.
12.1 As a Data Controller
12.2 As a Data Processor
To implement its solutions, Dial-Once processes data among the following types:
By default, DialOnce does not collect, retrieve, use or process any geolocation data, neither precise nor fuzzy. For example, if an application, a website, or a service that ships or implements a DialOnce solution processes certain location data, that data is not collected by any of the DialOnce solutions or technologies.
13.1 Recipients of data collected by Dial-Once
Dial-Once subcontractors and suppliers may be required to process on their behalf any type of data, including personal data. This is for instance the case with the hosting companies. Dial-Once and its partners, suppliers and subcontractors are mutually committed to compliance with regulations and industry standards with regard to the protection of data, especially personal data.
13.1.1 As a Data Controller
Dial-once can transfer personal data to its subcontractors and partners, in particular accounting services, technical support services, suppliers of office automation solutions, cloud computing or after-sales service, etc.
13.1.2 As a Data Processor
Pseudonymized data processed by Dial-Once is transmitted exclusively to the Customer whose services you have interacted with. This Customer is contractually the owner of this data.
DialOnce teams that need to access these data in the course of their missions, especially the technical teams, have of course the possibility to access this pseudonymised data, when this is necessary for the fulfillment of their mission.
No collected data is transmitted automatically when a User performs an action that has the effect of causing the opening of an external page such as those of the client area accessible to Users of the Customer’s services. The opening of such an external page and the interactions that the User can then make with it are not processed by Dial-Once but by the browser or mobile application in charge of processing these pages.
Whether inside Europe or with a country or an organization outside Europe, DialOnce is committed to the protection of personal data : each recipient is scrupulously chosen or identified according to the guarantees it offers to protect the personal data transmitted to it. In particular, in the event that data is accessed from a third-party location located outside the European Union, in particular for technical support or maintenance purposes, DialOnce undertakes that all such transfers will be compliant with provisions guaranteeing protection of personal data in accordance with Articles 45 (adequacy), 46 (Transfer with appropriate guarantees, in particular contractual commitments and standard contractual clauses for the EC) or 47 (Binding Company Rules) of the GDPR.
Dial-Once may disclose collected data in the following cases:
14.1 Disclosure with explicit consent
After obtaining the consent of the user, Dial-Once may share certain data collected with the parties, in a manner that has been decided by the user.
14.2 Disclosure to Affiliates of Dial-Once
The collected data may be shared between Affiliates of Dial-Once. No more than the minimum information necessary to our affiliates will be disclosed to them.
14.3 Disclosure to authorized cooperation partners
Dial-Once can provide services through its partners, including suppliers and subcontractors. As a result, Dial-Once may share some of the information it collects with its partners to provide better customer service and improve the overall user experience, as well as the delivery of Dial-Once Services to its customers, partners or implemented with its suppliers and subcontractors. The collected data are processed only for specified, explicit and legitimate purposes, and the amount of data is limited to the minimum necessary for the fulfillment of the intended purposes. Unless expressly authorized, Affiliates or Partners of Dial-Once are not allowed to use collected data shared for any other purpose.
The list of such recipients of personal data is available on demand.
14.4 Disclosure of data collected according to compelling or reasonably necessary legal requirements
Dial-Once may disclose certain data previously collected if it is required by law, judicial procedures or bodies, administrative or public authorities. Certain information collected may also be disclosed to parties to a transaction if Dial-Once is being restructured, merged or liquidated for insolvency. DialOnce may also disclose certain information in reasonably necessary situations, including to enforce its terms and conditions, and to protect its customers and partners.
DialOnce takes seriously the security of data collected related to the users of its services and solutions. We follow industry practices and standards to protect any personal data to prevent unauthorized access, disclosure, use, modification, alteration, or loss. We take all reasonable steps to protect personal data, for example we can:
We take all reasonable steps to limit the collection of data, especially personal data, to sufficient and relevant data. We retain the collected data only during the period necessary for the purposes set out in this Policy or during the term of the contractual commitment justifying the retention of such data, and do not store any personal data for longer unless a period of longer retention is required or permitted by law.
In practice, DialOnce uses state-of-the-art technologies in its infrastructure for storage, redundancy, backup, replication and, in a general way, everything concerning the data stored or transmitted within the elements of the network infrastructure.
DialOnce infrastructure is hosted in at least two separate data centers located in Europe. As of this document, these data centers are mainly located in Germany, Frankfurt region. The data centers used by DialOnce are among the safest and most secure. They are certified by one or more labels, standards and standards of the data center industry: PCI-DSS, Tier-III, SOC-2, ISO27001 … Storage is replicated between several data centers. Thus, if the storage in a particular data center is completely failing, another data center can take over automatically, ensuring the resiliency of the data.
Automatic data backup in Frankfurt, Germany is implemented.
Although we strive to protect the personal data collected, no security measure is perfect or 100% inviolable.
The servers that host the Dial-Once infrastructure are located in Germany, in France and/or in a country member of the EU. A backup server is located in Germany.
To find out more about the cookies and trackers that we use, please refer to our dedicated document for the implementation of cookies and trackers.
To simplify and improve the user experience, it is possible to navigate to the contents or hypertext links of third parties (“Third Parties”) external to DialOnce, its Partners and Customers. DialOnce has no control over said Third Parties and a User may decide whether to access their hyperlinks or content, or use their services or products.
DialOnce can not control the data protection and privacy measures put in place by third parties, and such measures will not be governed by this Policy. If a User decides to voluntarily provide information to third parties, it will be necessary to refer to their own privacy policies.
If you have any questions, comments or suggestions regarding the protection of personal data that can be processed by Dial-Once on its own behalf (as a data controller), please contact us by email at email@example.com.
Copyright © Dial-Once. 2016-2021. All rights reserved.