and GDPR Provisions
Dernière mise à jour : 17/02/2021
1. Version history
2. Purpose of this document
We have prepared this Policy to help you understand the points described in the Table of Contents above
This Policy describes how DialOnce processes personal and private data and how the company is committed to protecting the privacy of users of its websites, services and applications. However, a policy can not be comprehensive enough to answer all data processing questions. Therefore, DialOnce, its partners or its customers may provide additional information (Supplement) specific to a product or service in addition to this Policy to inform of any other purposes of data collection. It is recommended that you read the Policy and Supplements, as well as any policies governing the use of data by DialOnce Customers and Partners to better understand what actually applies to a specific product, technology, or service.
4. General Data Protection Regulation
The General Data Protection Regulation of April 27, 2016, in effect since May 25, 2018, deals with the protection of natural persons with regard to the processing of personal data. Personal Data and the free circulation of these data, and repeal the directive 95/46 / CE.
The GDPR defines the principles to be respected when collecting, processing and storing personal data. It strengthens the rights of natural persons on their data, provides for a removal of declarative paperwork and their replacement by responsibilities including internal documentation. The GDPR also specifies the powers of control and sanction of the regulation authority (in France, the National Commission of Computing and Liberties also known as CNIL).
The GDPR is applicable when there is an automated processing or a manual file, that is to say a computer file or a "paper" file containing personal information relating to natural persons who are citizens of a country of the European Union.
The GDPR does not generally apply to legal persons (e.g. a file containing company names). However, if a file contains the names of natural persons (e.g. the name of the sales manager), mobile phone numbers that may be personal, etc., the GDPR is applicable. The links below allow you to find out more about the applicable laws and organizations responsible for the protection of personal data.
The GDPR on the CNIL website
The CNIL website http://www.cnil.fr/
The official text of the GDPR on the EU website:
In this document, terms that start with a capital letter hold a precise definition that is explained hereunder:
"Customer" means a DialOnce customer organization (a company, a public service, a local authority, etc.) that uses or implements a DialOnce technology to digitize the customer relationship. Customer encompass the users of DialOnce services that are made available to customers personnel.
"User" means a natural person who comes in contact with or seeks to contact one of the Customer's services, usually its customer care service or call center.
"GDPR" means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
The terms that are defined in the GDPR’s Article 4 have the meaning that is given to them is said article.
6. Data Processing Controllers
This Policy applies primarily to data processed by Dial-Once’s websites, applications, services and software products and to DialOnce’s infrastructure for which DialOnce is the processing controller. For any information regarding the processing that DialOnce is a controller, DialOnce can be contacted at: DialOnce, 58 avenue de Wagram, 75017 Paris, France, at one of the contact telephone numbers on the website or by email at email@example.com.
6.2 Dial-Once Customers
7 Data Collection by Dial-Once
7.1 As a Data Controller
Dial-Once collects and processes only the personal data necessary for the provision of its services: contact and customers details, email address for connecting to Dial-Once services, etc.
7.2 As a Data Processor
From a technical standpoint, the data collected by DialOnce does not allow it to link the collected data with a User identified or identifiable by DialOnce.
7.3 Objectives of data collection
In order to provide the services offered by DialOnce, it is necessary to process data collected on a user's device (for example IP address, telephone number required to receive an SMS, type of device, etc.) and / or supplied by the user (e-mail address -mail, name, first name ...).
When the applicable legal provisions allow it, DialOnce reserves the right to use the information collected for the purpose of user support and statistics (in the case of use for statistical purposes, the data will be anonymized as soon as it is possible).
The processings in use within DialOnce technologies have the following purposes :
7.4 As a Data Controller
Allowing the use of its services, in particular the creation of interfaces and scenarios, reporting, etc.
Offering optimized ergonomic and interesting content to visitors and users of its websites and services.
Gaining a better understanding of the visitors and users of its websites, the reasons for which they navigate there, the most visited pages or content, typical navigation routes, etc.
7.5 As a Data Processor
As a subcontractor, DialOnce neither decides nor controls the purposes for which its Customers use its services and technologies. However, given the nature of said services and technologies, these purposes will often include the following:
Providing Users with rich and ergonomic interactive interfaces when interacting with customer care services or user services of DialOnce Customers.
Digitizing the "customer care relationship" and the interactions between the Users and the customer care services of DialOnce Customers, in particular interactions intended to get in touch with the customer care services of said organizations (contact with an after-sales service, customer service, information center, etc.). To achieve that goal, data relating contact requests between Users and Clients are collected and aggregated. For example, the digitization process comprises the collection and recording of items such as the date and time of an interaction with a customer care service, its duration and the actions that resulted from it (redirection to a FAQ page or a specific page in the User's customer area, call to a specific number, etc.)
Providing services and solutions to improve the ergonomics and efficiency of the services rendered by the Customers of DialOnce, customer care services, call centers, after-sales services, etc., including the provision of tools, methods and processes to analyze and increase the effectiveness of user interaction, user experience and quality of the services rendered by the Customer to its users or customers, and possibly make reconciliations between these interactions and data contained in its own files and databases;
Providing analyses, studies and statistical calculations concerning the interactions of the Users with the services of the Customer.
126.96.36.199 When digitizing customer relations or contact requests
The data collected by DialOnce as part of its customer care relationship digitization services are automatically collected. The User does not need to explicitly enter any of this data, except in cases where such data come from input fields explicitly embedded in the Customer's interfaces, built upon scenarios defined by the Customer.
These interfaces are similar to web pages and are built under the responsibility of the Customer.
According to the GDPR, the pseudonymisation of data is: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;.
This is the case of the processings operated by DialOnce that do not collect for the implementation of its solutions enough data to enable it to identify a particular natural person. Actually, without one or more files allowing to link natural persons and the technical details of devices or connections (IP address, calling number, etc.), it is impossible to assign the data processed by DialOnce to an identifiable natural person.
When it is necessary to identify a user, for example with an email address and a password, the interfaces implemented by DialOnce for its Customers are built so that the users are, as soon as it is technically possible, systematically redirected to the services of the Customer. These services may include a web server allowing to connect to a user account or a mobile application, operated by the Customer. Thus, if during a contact request to your bank you are redirected to a DialOnce visual interface and in said interface you are offered access to one of the online services of your bank, you will then use the mobile application or the website of your bank, without any interference with DialOnce’s technology. DialOnce has no access to data collected and processed when the User interacts with the Customer’s services. Thus, unless there is an explicit subcontracting agreement, DialOnce is not able to collect the personal data processed by the services of its Customer. In the event that a subcontracting agreement between DialOnce and a Customer involves the processing of personal data subcontracted to DialOnce on behalf of that Customer, DialOnce and its Customer are committed to ensuring that the provisions relating to such personal data, in particular the provisions relating to collection, processing, access, security and confidentiality measures are contractually in accordance with the law as well as with the best professional practices. All the partners, subcontractors and customers of DialOnce are committed to strict compliance with legal provisions and best practices in this area.
Additional information may be provided voluntarily by the User, including comments or free input fields in which the user can enter text as she/he wishes. When a User has provided personal data, that personal data may be collected and stored by DialOnce, its partners or Customers until such information is modified or deleted by the user or the retention period reaches its end.
A Customer which implements one of the Services, when it processes a data collected by DialOnce in such a way that this data may be linked to at least one personal data collected by or for that Customer, is contractually committed to being in accordance with the law and best practices relating to the collection, processing, security, access and rights of modification and deletion of personal data collected or stored by said Customer. Certain provisions of this Policy may be taken back or adapted by said Customer in its own privacy policies, general terms and conditions of sale, use or service, its end-user license agreements, etc. Such a Customer does not need to mention DialOnce in its contractual documents for its own customers or users, when the data collected by DialOnce are not personal data per se or when existing provisions are covering the use that this Customer may make of the data collected by DialOnce and provided to it.
7.8 Collection and use of non-identifiable information
“Non-identifiable information” refers to information that cannot be used to identify a specific natural person, even after cross-checking. DialOnce can collect a set of statistical information, such as the number of users of a mobile application or the attendance rate of a website. DialOnce collects this information to understand how its products or services are used. DialOnce can thus improve and streamline its services and better meet the needs of users and its customers and partners. DialOnce may, at its discretion, collect, use, process, transfer or disclose non-identifiable information for other purposes.
DialOnce is committed to making its best efforts so that personal data and non-identifiable data are separated and used independently. If the personal data is combined with non-identifiable data, the whole will be treated as personal data.
8 Processing Location
The processing that DialOnce may perform on personal data is carried out in data centers located in Europe. The list of subcontractors, data centers and processing location is available on demand.
On a general standpoint, DialOnce undertakes that the processing that DialOnce may carry out on personal data, as a data controller or as a processor, is carried out in
data centers located in the territory of the European Union, or
in a country whose regulations regarding the protection of personal data have been deemed adequate by the competent European bodies (see here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), or
with a partner offering adequate and sufficient guarantees with regard to the protection of personal data, in particular via data protection agreements, binding corporate rules and certification mechanisms.
9 Processings Description
The processings that DialOnce may perform on the data collected are as follows :
9.1 As a Data Controller
Collection, recording and use of data from prospects, contacts and users of DialOnce services
Collection and recording of connections and actions of users of DialOnce services
Transfer of collected data
Linking of collected data
Erasure of collected data
9.2 As a Data Processor
Collection and recording of user journeys and certain data from the terminal during an interaction,
Display Web pages via the terminal browser (during or at the end of the interaction),
Launching a mobile application (generally a mobile application offered by the Customer),
Analysis and Statistics to provide the Customer with reports concerning the interactions with end-users, for example:
Percentage of Interactions that did not require an effective telephone call
Most and least frequently used user journeys, most frequently used user journeys resulting in an actual phone call being placed…
Transfer of collected data
Linking of collected data
Erasure of collected data
10 Retention period of personal data
10.1 Data processed for the digitization of calls and contacts
10.2 Data processed for accessing Dial-Once services (dashboard, Interface Builder, technical support, etc.)
This period is governed by the contractual relationship that binds you with Dial-Once, or which links Dial-Once and your employer, your customer or any entity responsible for creating your access to the service.
11 What are your rights and how can you exercise them ?
As a customer, prospect or user of our websites, our applications and websites or applications that use our technology, you have the right:
To request that your data, especially used to communicate with you (email address , phone, etc.), be erased from our files.
To request that your data processed to render one of our services be erased from our files. This is called the right to oblivion. If you exercise your right to oblivion, and you have access to one of our services that requires identification, this access will become impossible since your identifier will be deleted from our files.
To oppose the collection and processing of data concerning you when they are not strictly necessary. In certain cases, your email address may be necessary to access our services (including your access to the dashboard) because it is your username, and we need it to send you information, confirmation or activation emails, etc.;
Access the data collected about you and retrieve it in a standard electronic format;
To obtain rectification of the data that concern you;
To request a limitation of their processing - for example by refusing any use for prospecting purposes.
These rights can be exercised by sending an email to the address firstname.lastname@example.org or by contacting us by land mail at the above address or using the contact details available on our website https://www.dial-once.com/en/.
If you are not a registered user of one of our services, your requests should not be addressed to us, but to the Customer whose interface you have implemented using DialOnce technology.
You will certainly have to provide certain details in order to be able to identify the data that concerns you because, as stated above, the data processed by Dial-Once to customer care relationship do not allow us to identify you directly. Some of the details we may need to ask you are: the IP address(es) assigned to your device at the time of your interactions, as well as the time-stamped ranges for assigning these addresses, the MSISDN (your telephone number) assigned to your phone subscription and the period of that subscription, or other information about your connections or your device.
In order to allow the execution of the requests made to it, DialOnce reserves the right to carry out or to have a third party carrying out any necessary verification intended to establish the correspondence between a particular person asking to exercise its rights and the data which concerns it, including identity checks.
You also have the right to lodge a complaint with a supervisory authority and to lodge a judicial appeal, in particular if your requests for claiming your rights have not been processed within one month after they have been filed. In France, the supervisor authority is the CNIL who can be contacted via the suitable forms on its website cnil.fr.
12 What types of personal data are processed?
12.1 As a Data Controller
Last name, first name, professional email address, professional contact details, professional position
Connection data: IP address, time stamp of connections (logging).
Cookie and tracker data
12.2 As a Data Processor
To implement its solutions, Dial-Once processes data among the following types:
Connection data: IP address, connection timestamp (logging).
Terminal data (data provided by web browsers, MSISDN number, etc.)
Interface usage data: these are the data relating to the use of the interface by a User, for example: opening of the home page, navigation to the help page, activation of an element allowing to make a call explicitly, etc.
Data directly provided by the users: some of the interfaces can indeed propose to the User to enter text or to enter other data in the fields provided for this purpose. The Customer decides if such fields are to be used and is responsible for it (Dial-Once is then a subcontractor who acts on behalf of his customer). Some data from satisfaction surveys may be parts of this type of data.
12.3 Geolocated Services
By default, DialOnce does not collect, retrieve, use or process any geolocation data, neither precise nor fuzzy. For example, if an application, a website, or a service that ships or implements a DialOnce solution processes certain location data, that data is not collected by any of the DialOnce solutions or technologies.
13 Transfer of Collected Data
13.1 Recipients of data collected by DialOnce
DialOnce subcontractors and suppliers may be required to process on their behalf any type of data, including personal data. This is for instance the case with the hosting companies. DialOnce and its partners, suppliers and subcontractors are mutually committed to compliance with regulations and industry standards with regard to the protection of data, especially personal data.
13.1.1 As a Data Controller
DialOnce can transfer personal data to its subcontractors and partners, in particular accounting services, technical support services, suppliers of office automation solutions, cloud computing or after-sales service, etc.
13.1.2 As a Data Processor
Pseudonymized data processed by DialOnce is transmitted exclusively to the Customer whose services you have interacted with. This Customer is contractually the owner of this data.
DialOnce teams that need to access these data in the course of their missions, especially the technical teams, have of course the possibility to access this pseudonymised data, when this is necessary for the fulfillment of their mission.
No collected data is transmitted automatically when a User performs an action that has the effect of causing the opening of an external page such as those of the client area accessible to Users of the Customer's services. The opening of such an external page and the interactions that the User can then make with it are not processed by Dial-Once but by the browser or mobile application in charge of processing these pages.
13.2 Protection during data transfers
Whether inside Europe or with a country or an organization outside Europe, DialOnce is committed to the protection of personal data: each recipient is scrupulously chosen or identified according to the guarantees it offers to protect the personal data transmitted to it. In particular, in the event that data is accessed from a third-party location located outside the European Union, in particular for technical support or maintenance purposes, DialOnce undertakes that all such transfers will be compliant with provisions guaranteeing protection of personal data in accordance with Articles 45 (adequacy), 46 (Transfer with appropriate guarantees, in particular contractual commitments and standard contractual clauses for the EC) or 47 (Binding Company Rules) of the GDPR.
14 Disclosure of personal data
DialOnce may disclose collected data in the following cases :
14.1 Disclosure with explicit consent
After obtaining the consent of the user, DialOnce may share certain data collected with the parties, in a manner that has been decided by the user.
14.2 Disclosure to Affiliates of Dial-Once
The collected data may be shared between Affiliates of DialOnce. No more than the minimum information necessary to our affiliates will be disclosed to them.
14.3 Disclosure to authorized cooperation partners
DialOnce can provide services through its partners, including suppliers and subcontractors. As a result, DialOnce may share some of the information it collects with its partners to provide better customer service and improve the overall user experience, as well as the delivery of DialOnce Services to its customers, partners or implemented with its suppliers and subcontractors. The collected data are processed only for specified, explicit and legitimate purposes, and the amount of data is limited to the minimum necessary for the fulfillment of the intended purposes. Unless expressly authorized, Affiliates or Partners of DialOnce are not allowed to use collected data shared for any other purpose.
The list of such recipients of personal data is available on demand.
14.4 Disclosure of data collected according to compelling or reasonably necessary legal requirements
DialOnce may disclose certain data previously collected if it is required by law, judicial procedures or bodies, administrative or public authorities. Certain information collected may also be disclosed to parties to a transaction if DialOnce is being restructured, merged or liquidated for insolvency. DialOnce may also disclose certain information in reasonably necessary situations, including to enforce its terms and conditions, and to protect its customers and partners.
15 How Dial-Once protects the collected data
DialOnce takes seriously the security of data collected related to the users of its services and solutions. We follow industry practices and standards to protect any personal data to prevent unauthorized access, disclosure, use, modification, alteration, or loss. We take all reasonable steps to protect personal data, for example we can:
use encryption algorithms to ensure data confidentiality;
use reliable protection mechanisms to protect data from malicious attacks;
set up access control mechanisms, allowing only authorized personnel to access personal data;
ensure that employees understand the importance of personal data protection through training sessions on security awareness and privacy protection;
engage in contractual arrangements with our customers and partners so that the collected data shared with them is processed in a manner similar to that described in this Policy.
We take all reasonable steps to limit the collection of data, especially personal data, to sufficient and relevant data. We retain the collected data only during the period necessary for the purposes set out in this Policy or during the term of the contractual commitment justifying the retention of such data, and do not store any personal data for longer unless a period of longer retention is required or permitted by law.
In practice, DialOnce uses state-of-the-art technologies in its infrastructure for storage, redundancy, backup, replication and, in a general way, everything concerning the data stored or transmitted within the elements of the network infrastructure.
DialOnce infrastructure is hosted in at least two separate data centers located in Europe. As of this document, these data centers are mainly located in Germany, Frankfurt region. The data centers used by DialOnce are among the safest and most secure. They are certified by one or more labels, standards and standards of the data center industry: PCI-DSS, Tier-III, SOC-2, ISO27001 ... Storage is replicated between several data centers. Thus, if the storage in a particular data center is completely failing, another data center can take over automatically, ensuring the resiliency of the data.
Automatic data backup in Frankfurt, Germany is implemented.
Although we strive to protect the personal data collected, no security measure is perfect or 100% inviolable.
16 How the data collected by DialOnce is transferred internationally
The servers that host the DialOnce infrastructure are located in Germany, in France and/or in a country member of the EU. A backup server is located in Germany.
To find out more about the cookies and trackers that we use, please refer to our dedicated document for the implementation of cookies and trackers.
18 Providers, third parties and their services
To simplify and improve the user experience, it is possible to navigate to the contents or hypertext links of third parties ("Third Parties") external to DialOnce, its Partners and Customers. DialOnce has no control over said Third Parties and a User may decide whether to access their hyperlinks or content, or use their services or products.
DialOnce can not control the data protection and privacy measures put in place by third parties, and such measures will not be governed by this Policy. If a User decides to voluntarily provide information to third parties, it will be necessary to refer to their own privacy policies.
19 How this Policy is updated
20 How to contact Dial-Once
If you have any questions, comments or suggestions regarding the protection of personal data that can be processed by DialOnce on its own behalf (as a data controller), please contact us by email at email@example.com.
21 Applicable Language
22 Applicable Law