Voicescape is committed to compliance with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
Our customers can trust that Voicescape has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR.
What Voicescape Ltd is doing
Like many other Software as a Service companies, Voicescape Ltd has rolled out its company-wide GDPR compliance strategy and continues to improve its data handling processes. Voicescape appreciates that our customers have requirements under GDPR that are directly impacted by their use of Voicescape's products and services, and Voicescape is committed to helping our customers fulfil their requirements under GDPR and local law. Voicescape are ensuring that our existing and new services are designed in privacy in mind. Our security policies mirror many of the security and privacy requirements of GDPR and help us to control our software development and data management practices.
- We are committed to following any additional security and privacy measures required under GDPR.
- We are committed to appropriate data transfer mechanisms as required by GDPR. Data in transit is always transferred via a secure encrypted method.
- Assisting with respect to security and privacy of processing, notifying regulators of breaches, and promptly communicating any breaches to customers and users.
- Assisting with data processing security and privacy requirements, notifying regulators of personal data breaches and promptly communicating any such breaches to our customers and end-users.
- Ensuring Voicescape staff that access and process customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
- Holding any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.
- Committing to carrying out data impact assessments and consulting with EU regulators where appropriate.
How your data is processed by Voicescape
Voicescape processes the Customer Personal Data for the purpose of providing the Services specified in the Services Agreement. We process data to make calls and send text messages using our Broadcast platform. The data we require in order to make a call is, at a basic level, an individual's telephone number and name. Some other details may also be provided by our clients, such as the preferred calling time. We use this data to makes the calls and provide reports of the outcomes of these calls to our clients. The outcomes of the calls are provided via a secure reporting platform. The data is stored for a limited period of time for audit purposes and is not used for any other purpose or shared with any third parties.
How Voicescape keep your data secure
We ensure that all data in transit is encrypted. When you send data to us or we send data back to you it will be via secure encrypted routes. Once we have your data it is kept in a secure environment at our dedicated co-located secure datacentres. Our developers and staff are trained in data protection and know how to keep your data safe.
Data retention and destruction
The data we process on behalf and the results of processing that data are stored by us for the duration of the agreement you have with us. Once that agreement has expired or been terminated the data will be destroyed. If data needs to be destroyed sooner than the end of the agreement this can be discussed and we will accommodate your requests.
Data processors we use
We have our own robust platform at Voicescape that has been built over 15 years in the industry. As part of the services we provide we have to send some data, such as, telephone numbers to third party carriers. These are the SMS gateways and PSTN providers that we use in order to provide the service. These include; Redcentric, CLX, Textlocal, Reach Interactive. We do not use any other sub-processors and will inform our customers before adding or changing our third-party carriers.
Technical measures being taken
We will ensure the integrity, confidentiality, availability, and resilience of data we process and the systems and services we provide. To do this we keep our data replicated across collocated datacentres and have a rolling back up service of our data.
We can restore availability and access to personal data in the case of a technical incident and we keep records of all incidents and resolutions for audit purposes.
In the event of a data breach we will notify our customers and the ICO within 72 hours. This notification will be sent as soon as possible after the breach is detected and ongoing updates will be provided until the breach has been resolved.
Services agreement and addendum to existing agreements
Section 5, "Client Data" of your services agreement contains information on data processing.
View the agreement
Existing customers will be sent an addendum to their agreement.
View the addendum
Any questions?
If you have anything that you would like to discuss just contact us to talk to our team directly.