This Privacy Policy (“Privacy Policy”) describes how we at Nexa AI LLC (“Phonely”, “we”, “our”, or “us”) collect, protect, and use the Personal Data (as defined below) you (“User”, “you”, or “your”) may provide via the phonely.ai website (“Website”) or by utilizing any of our software products (“Products”) or services, including through your mobile device, Phonely’s desktop applications, browser and/or extensions (“Software”), or your desk phone (“Services”). Our Privacy Policy is available at www.phonely.ai/privacy-policy (and as amended from time to time and effective as of the date posted). Phonely uses a single Privacy Policy that addresses our treatment of Personal Data when you use our public-facing website or any of these Services, including through your mobile device, Phonely’s desktop applications, browser and/or extensions, or your desk phone. We commit ourselves to the highest standard for data protection and privacy. Due to our global footprint, we are subject to several data protection regulations and as a guiding principle, we apply the strictest regulation to protect your data and privacy globally. This results in a broad set of rights and choices made available to you.
Phonely is made up of various legal entities which we use as infrastructure to provide our Services and to comply with various local laws. However, the parent entity responsible for data protection across the organization is Nexa AI LLC, a U.S. company with a registered address of 30 N Gould St. Ste R Sheridan, WY 82801.
To exercise your data protection rights or for more information about Phonely’s data protection practices, please contact us at [email protected]
Overview
When and How Phonely Collects Data
Types of Data We Collect
How does Phonely use Personal Data?
Phonely Ai Training
Phonely as Data Controller and Processor
Automated Decision Making
What is “Legal Basis”?
Privacy Choices
Data Subject Rights
How We Keep Your Data Secure
Personal Data Disclosures
Disclosure With Your Consent
Disclosure Without Your Consent
International Data Transfers
Data Retention
Cookies Policy, Third Party Analytics, and Tracking
Privacy Shield Framework
Privacy of Minors
Changes and Amendments
Where can I ask questions about this policy?
Acceptance of this policy
Region Specific Provisions
GDPR – General Data Protection Regulation (EU)
CCPA – California Consumer Protection Act (CA)
LGPD – Lei Geral de Proteção de Dados (Brazil)
PIPL – Personal Data Protection Law (China)
Your use of Phonely’s Services is also subject to the Terms of Service or the General Terms and Conditions associated with the Master Services Agreement that governs your account, each of which may be amended from time to time and are effective as of the date posted. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service or the Applicable Data Protection Laws.
“Applicable Data Protection Laws” means all laws and regulations that are applicable to the processing of Personal Data under the Agreement, including European Data Protection Laws and the CCPA, as well as any future amending acts of the above-mentioned data protection laws any other applicable international, federal, national and state privacy and data protection laws, rules, and regulations pertaining to privacy, data processing and use, data protection, data security, encryption, or confidentiality.
“Personal Data” means all data which is defined as ‘Personal Data’, ‘personal information’, or ‘personally identifiable information’ (or analogous terms) under the Applicable Data Protection Laws.
Contact Information that facilitates communication between you and Phonely, such as name, email and physical address, telephone number, and password |
Billing Payment information |
Location Information about a specific location, such as physical address or IP address |
Identifiers Information that may tend to identify a specific individual, such as name, profile picture, birthdate. |
Device and Session Information about your browser or device, which may include your IP address, device IDs, or other unique identifiers, cookie information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested |
Telephony Information concerning customer call records such as time, duration, the number of the called party |
Session audio, video and messaging The audio, video, and messaging (including SMS, in-app chat, and other messaging channels) that you send through Phonely, and the information contained therein, should you opt-in to recording or otherwise storing that information |
Integrations Information regarding the integration of third-party services such as Google, Salesforce, Zendesk, HubSpot, and others, including credentialing information. |
Phonely may collect Personal Data through our communications with you or through your use of the Services. Consequently, Personal Data can be directly provided by you or indirectly collected by us from, for example, user interactions and use of the Services. You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features within the Services.
Data You Provide |
Data Phonely Collects |
When is this data collected |
Examples of Types of Data Collected |
X |
When you create an account with Phonely |
Contact; Billing |
|
X |
X |
When you integrate with a third-party service |
Integrations |
X |
When you use our Services |
Device and session information; Telephony information; Session audio, video, and messaging; Location; Integrations |
|
X |
When you use Phonely |
Device and session information; Telephony information; Session audio, video, and messaging; Integrations |
|
X |
When you browse pages of our website |
Device and Session; Location |
|
X |
When you request information from us |
Contact |
|
X |
When you opt-in for marketing messages |
Contact, Identifying |
All permanent data, such as contact lists, call records, recordings, and transcripts, are stored in the United States via Google Cloud Storage, unless your Phonely Services Administrator has selected a different region. Phonely may also temporarily process Personal Data in other regions for purposes such as technical support, customer support, and sales. In transit and temporary data associated with calls is processed through Phonely’s Data Centers and may be stored there for for no more than 72 hours.
What We Do |
Legal Basis for Processing (under GDPR) |
Data Subjects |
Personal Data |
Dialapad’s Role |
Deliver the Services, including placing and receiving voice and video calls, and providing recordings, transcriptions, and analytics of calls; determining your geographic location for efficient call routing, and organizing your contacts |
Contract (Art. 6(1)(b)) |
Customers |
Location Identifying Device and Session Telephony Session audio, video, and messaging Communication |
Processor |
Manage your account and billing, to enable secure login and single sign on, and allow third party integrations |
Contract (Art. 6(1)(b)) |
Customers |
Contact Billing Integrations |
Processor |
Communication with You. If you do not want to receive communications from us, you can always opt out by unsubscribing through the link at the bottom of our emails. |
Contract (Art. 6(1)(b)) Consent (Art. 6(1)(a)) |
Customers |
Contact Communications |
Processor |
Prevent, detect, and investigate potentially prohibited or illegal activities, including fraud and violations of our Terms of Service and Acceptable Use Policy |
Compliance (Art. 6(1)(c)) Public Interest (Art. 6(1)(e)) |
Customers End Users |
Location Identifying Device and Session Telephony Session audio, video, and messaging Communication Billing |
Processor |
Perform backups, disaster recovery, and system status monitoring) |
Contract (Art. 6(1)(b)) |
Customers End Users |
Telephony Session audio, video, and messaging |
Processor |
Direct Marketing |
Consent (Art. 6(1)(a)) |
Customers |
Communication Identifying |
Processor |
Third Party Integrations We will share your Personal Data with affiliated businesses only if you or your Nexa Services administrator set up an integration, and we will only share your information to the extent that it is related to the transaction or service. |
Contract (Art. 6(1)(b)) Consent (Art. 6(1)(a)) |
Customers End Users |
Integration |
Processor |
Improvement of the Service Such as A/B testing of new features, improvement of AI speech recognition and language processing, and performance monitoring |
Legitimate Interest (Art. 6(1)(a)) Consent (Art. 6(1)(a)) |
Customers End Users |
Location Identifying Device and Session Telephony Session audio, video, and messaging Communication Billing |
Controller |
We may anonymize, de-identify, and/or aggregate your Personal Data so that you are not individually identifiable (“De-Identified Personal Data”), and provide De-Identified Personal Data to certain of our partners to help us improve our Service, such as sending anonymized samples of audio or text to a third party to improve speech-to-text transcription and reading comprehension. We may also provide aggregate usage information to our partners to understand how often and in what ways people use our Services. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally, as an individual. De-Identified Personal Data may be aggregated for system administration and to monitor usage of the Website. It may be utilized to measure the number of visits to our Website, average time spent, number of pages viewed and to monitor various other Website statistics. This monitoring helps us evaluate how visitors use and navigate our Website so we can improve the content. We may share De-Identified Personal Data or anonymous information (including, but not limited to, anonymous usage data, referring/exit pages and URLs, IP address, platform types, number of clicks, etc.) with interested third parties in any way we choose and for any purpose.
Phonely Ai Training is a key part of how Phonely consistently improves its Services. As described below in the Section titled “Phonely as Data Controller and Processor,” where permitted by law and supported by an appropriate legal basis, Phonely acts as a controller for the data collected for Phonely Ai Training. If you use Phonely Ai, Personal data used for improving the services may include segments of call audio, video, or transcriptions. Training data saved by Phonely is used only for improving Phonely’s language models, and is processed primarily by automated systems. A small fraction of training data may be manually reviewed. You may opt out of manual review at any time by contacting [email protected]. You can control what data is stored by choosing which Nexa features you use from the settings menu in the relevant Service, and you may also opt out entirely from the use of your data for training and improving Nexa’s Ai services by contacting [email protected].
When processing Personal Data for the provision of the Service, Nexa’s direct Customer acts as the Controller (or a Processor processing Personal Data on behalf of a third-party Controller), and Nexa acts as a Processor (or sub-Processor, as applicable). When acting as a Processor, Nexa shall only process Personal Data to provide the Service and in accordance with the Customer’s written instructions, and as required by applicable law. When processing Personal Data for the improvement of the Service, as described above in the Section titled “How Does Nexa Use Personal Data”, Nexa acts as a controller.
Nexa does not use Personal Data to make automated decisions.
Under the GDPR, we only process Personal Data when there is a legal basis for doing so. For the Data Processing described in this policy, we rely on the following legal grounds:
Performance of a contract: when we rely on this basis the Data Processing is necessary for the performance of a contract with you or to take steps at your request before entering such a contract.
Consent: when we rely on this basis, we only process Personal Data about you for the specific purposes you expressly authorize. Where we process data based on your consent, you have the right to withdraw consent for processing at any time. This election will be effective going forward, but will not affect the lawfulness of processing based on consent before its withdrawal.
Substantial public interest: when we rely on this basis, we do it to prevent harm, fraud, money laundering, terrorist financing, child labor and to enable trust safety and compliance.
Compliance with a legal obligation: when we rely on this basis, we are obliged to process the relevant Personal Data to comply with the law.
Legitimate interests: when we rely on this basis, we process Personal Data as necessary in pursuit of our own or your legitimate interests. When we do this, we must ensure that the interests we pursue do not override your fundamental rights and freedoms. Specifically, the only processing that is solely justified by Legitimate Interests is processing required to improve our services. For more information on these Legitimate Interests, please see the Nexa Ai Training Section below.
With Nexa, you are in control of your data and you can always restrict the collection of certain types of information.
Disable cookies: You can block cookies through your web browser settings. Please note that the restriction of cookies may impact the functionality of the Nexa website.
Don’t provide Personal Data: Certain personal data is needed in order to create an account and provide services to you. However, if you choose to not provide any personal data, you are still able to navigate our website.
Nexa Ai Training: Nexa processes personal data to improve our Nexa Ai systems and has implemented strict security measures to keep this data safe and secure. While we encourage all users to permit such data usage so we can provide a superior product, you have the right to opt-out of this type of processing. If you do not want Nexa to use your personal data for Nexa Ai Training, please contact [email protected].
Direct Marketing: We endeavor to contact you with direct marketing only if you have given us your consent to do so. It is your right to withdraw this consent at any time. If you no longer wish to receive our marketing messages, simply click the unsubscribe link.
You have various rights related to the Personal Data we process and may exercise those rights by utilizing our Data Subject Access Request (DSAR) Portal. Following the submission of your request, Nexa will verify your identity and respond to you within 30 days of the receipt of the request. When you update information, we may maintain a copy of the unrevised information in our records.
If you are under the jurisdiction of the GDPR, and if you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns, but we hope you will contact us first so that we may address any issues.
Below is a summary of rights for those individuals subject to the GDPR and guidance on how to exercise them:
Right of Access |
You can request access to the Personal Data we hold about you, including:
Upon request, we can either provide an overview of the data we hold or we can provide you with a copy of your Personal Data |
Right to Rectification |
If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly. |
Right to Erasure |
You may ask us to erase your Personal Data in the following circumstances:
If we share your Personal Data with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly. |
Right to Restrict Processing |
You may ask us to restrict or ‘block’ the processing of your Personal Data in the following circumstances:
We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly. |
Right to data portability |
You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you where we process that Personal Data in an automated way. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere. |
Right to object |
You may ask us at any time to stop processing your Personal Data, and we will do so if we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing. If your objection is related to receiving marketing communications or our newsletter, please hit the unsubscribe link on the communication you no longer wish to receive. |
Rights in relation to automated decision-making and profiling |
You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use. Nexa does not perform automated decision-making. |
Right to withdraw consent |
If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place. |
Through your account settings, you may access, and, for some information, edit, or delete the following information you’ve provided to us:
name and password
email address
phone number(s)
location
time zone
place of employment
devices
recorded/transcribed messages and calls
call history including incoming/outgoing number and duration
user profile information, including images you have uploaded
billing information
contacts
other third-party account information you have linked to the site
To delete your accounts, please follow the instructions on How to Cancel Your Nexa Account. After deletion of your account, some information may remain in our records for a period that is consistent with the purpose it was collected for.
Compliance |
Nexa strives to comply with the controls set out in Applicable Data Protection Laws. |
Infrastructure Security |
Nexa has implemented appropriate technical and organizational security measures to protect your data, including:
|
Internal Best Practices |
Nexa has implemented practices in line with industry standards, including
|
A description of our data security practices is available on our Trust page and such security guarantees are incorporated into our Data Processing Agreement (which is available for signature within the Admin Portal of existing customers).
To provide, maintain, improve, secure, and promote our Services, Nexa needs to disclose certain Personal Data to third parties. We do not license or sell your Personal Data to third parties, including advertisers, without your consent. As described below, when we share any information about you with third parties, we pseudonymize and aggregate any information about you before we share it unless more detail is necessary to the function of the Services. Although our Privacy Policy does not apply to the practices of companies we don’t own or people that we don’t manage, our Data Processing Agreements define how these third parties can use and store your information, consistent with this Privacy Policy.
This section provides further details about the specific disclosures we make to other third parties, such as vendors, governmental authorities, or because of corporate restructuring.
Sub-Processors (Processors) |
Certain Personal Data may be disclosed to our vendors who are essential for the functioning of the Services. Vendors that have access to Personal Data are considered sub-processors and nearly all our sub-processors are categorized by law as processors. This means that these sub-processors may process Personal Data on our behalf solely in accordance with our instructions and pursuant to a written agreement. For example, we use suppliers for webhosting, secure cloud storage, analytics, email delivery, customer relationship management, and other services.
|
Sub-Processors (Controllers) |
In a few rare circumstances, our sub-processors may act as an independent controller of Personal Data. This means that these sub-processors process Personal Data in accordance with their own privacy policies; however, our contracts with such sub-processors require them to comply with applicable data protection law when processing any Personal Data they receive from us.
|
Governmental Authorities |
Various authorities such as regulators, tax authorities, law enforcement agencies, courts of law and others may legally require us to produce information that may include Personal Data, for example through a subpoena or warrant. If Nexa becomes aware of any government data demands requesting Personal Data, then Nexa, in accordance with its Government Data Demands Policy, will:
More information may be found on our Governmental Data Demand Page. |
Corporate Restructuring |
If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data could be one of the assets transferred to or acquired by a third party. |
Further Information |
We would be happy to address any specific questions you may have about your Personal Data. This Privacy Policy is intended to provide as much relevant information as possible; however, if you need more specific information, please contact us at [email protected]. |
Where we are processing your information as a processor on behalf of a Customer, the Customer determines their own policies and practices for the sharing and disclosure of your information and Nexa does not control how a Customer or any other third parties choose to share or disclose information. Where we are processing your information on our own behalf as a controller, we may disclose your information with your consent, which we may obtain in several ways, including:
In writing;
Verbally;
Online, by clicking on a link or button; or,
Other mechanisms.
Our Services permit you to submit information which may be displayed to other authorized users in the same or different Customer Account. The sharing and other controls applied to such information may be determined by you, other users and/or an administrator of your Account.
In general, we may disclose or transfer your information without your consent to disclosure when we reasonably believe disclosure is appropriate to:
Comply with the law (e.g., lawful subpoena or court order);
Cooperate with or report to law enforcement agencies in investigations that involve users who use our Service Offerings for activities that are or seem illegal or illegitimate activities;
Enforce or apply agreements for our Service Offerings; or
Protect our rights or property or that of our affiliates, including respective officers, directors, employees, agents, third party content providers, suppliers, sponsors, or licensors (e.g., to address allegations about fraudulent or unlawful activity related to a Miro account).
In connection with a merger, acquisition, public offering, sale of company assets, insolvency, bankruptcy, or receivership, subject to standard confidentiality requirements.
To defend Nexa and our affiliates, licensors, officers, agents and representatives from legal claims and processes brought to us by third parties (including takedown notices);
Use or disclose De-identified Personal Data in our sole discretion.
Nexa operates at a global level and therefore Personal Data may need to be transferred to countries outside of where it was originally collected. In such a case, Nexa only makes such cross-border transfers according to applicable laws. For example, to transfer data outside of the EEA or the UK, our Data Processing Agreement (which is available for signature within the Admin Portal of existing customers) incorporates the EU and UK Standard Contractual Clauses and supporting documents, as applicable, or other inter-company agreements. For transfers out of other jurisdictions operating transfer restriction regimes, we take similar steps to ensure compliance with local law.
In accordance with applicable data protection laws, we do not store your Personal Data for longer than needed for the purposes of the respective processing activity.
Nexa, by default, will retain your data for as long as your account is active. Upon closure of your account, Nexa will automatically delete your data within 180 days of account termination. You always have the right to implement a customizable retention policy that will delete data routinely based on your specific retention requests. For more information on how to set up a customizable retention policy, please visit our Help Center.
This retention policy ensures that Nexa is completely deleting your data if it is no longer needed, unless its further temporary storage is still necessary to:
fulfill Nexa’s obligations pursuant to the agreement between Nexa and you;
establish, exercise, and defend a legal claim; or
fulfil statutory obligations to which Nexa is subject.
For more detailed information about the retention periods of the Personal Data, please contact us at [email protected].
Nexa and third-party service providers of tracking technologies gather non-Personal Data about how users enter, navigate, and leave the website and Services, the frequency and length of visits to the Services or third party websites, application or device usage data, and your product or service preference indicated by the number of times and the length of time you view a product. Nexa gathers this data using cookies, web beacons, tags, and other similar techniques that deliver small files to your computer and which allow these networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers.
Nexa uses certain third-party services that help us understand traffic on our website in various ways:
Cookie Name |
Description |
Google Analytics and Google Adwords |
These help Nexa understand who is visiting Nexa’s websites and to show relevant ads on other websites to people who have visited Nexa’s websites. You can control what ads you see through the Google Ad Settings Manager. More information on how Google uses information collected when you use Google’s partner sites is available at Google’s Partner Technologies page. |
Marketo is a marketing automation tool that handles various marketing tasks, such as contacting visitors who provide their contact information and requesting additional information. You can read more about Marketo’s Privacy Policy and opt-out options here via Marketo’s Privacy Notice. |
|
Wistia powers the videos on our site. Wistia tracks how you interact with these videos: how much of a video you watch, at what points in a video you pause or rewind, etc. In some videos, we pause the video and request that you provide your email address or name. You are under no obligation to provide this information, but we reserve the right to limit certain videos to identified users. Wistia aggregates the data collected through the videos here, including names and email addresses, and provides it to us. Wistia does not sell or provide the data it collects to third parties. |
|
Nextrol |
Nextroll is a marketing automation tool that handles various marketing tasks, such as contacting visitors who provide their contact information and requesting additional information. You can read more about Nextroll’s Privacy Policy and opt-out options here via Nextroll’s Privacy Policy |
In general, it is important to note the following regarding the use of cookies:
Cookies cannot be used to run programs or deliver viruses to your computer.
Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
We may use cookies to collect, store, and track information for statistical purposes to operate our Website and Services. You can accept or decline cookies.
Most web browsers automatically accept cookies, but you can modify your browser settings to disable cookies if you prefer (check your browser’s Help page).
If you choose to decline cookies, you may not be able to experience all the features of the Website and Services.
For more information on cookies and how to manage them, please visit Internet Cookies.
You may be able to opt out of tracking conducted by third parties through our Services by adjusting the Do Not Track settings on your browser; but we don’t control whether or how these third parties comply with Do Not Track requests. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.
For more information on how to manage or restrict the use of cookies and to opt-out of all interest-based advertising, please visit the Network Advertising Initiative or Your Ad Choices. For End Users located in European Territories, the EDAA opt-out page here: http://youronlinechoices.eu/.
Nexa recognizes that the Privacy Shield is no longer a valid transfer mechanism for Personal Data from the European Union and its Member States, the European Economic Area, or Switzerland. However, we continue to comply with the requirements under Privacy Shield due to our commitment to the Privacy Shield Principles. Organizations’ continued participation in the EU-U.S. Privacy Shield demonstrates a serious commitment to protect Personal Data in accordance with a set of privacy principles that offer meaningful privacy protections and recourse for individuals.
Nexa has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/ or visit our Privacy Shield Policy.
Nexa commits to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection, or the Information Commissioner. EU, Swiss, and UK individuals can contact EU DPA, the Swiss Federal Data Protection, or the Information Commissioner as applicable. Please find the contact details of the EU DPAs here.
The Federal Trade Commission has jurisdiction over Nexa’s compliance with the Privacy Shield Principles. Failing to follow the Privacy Shield principles could result in U.S. FTC enforcement measures for Nexa.
Nexa does not provide services designed for use by children under the age of 18, nor does it knowingly collect or solicit Personal Data from anyone under the age of 18. If we learn that we have collected such information we will delete that information as quickly as possible. If you believe that a child under 18 has provided us Personal Data, please contact us at [email protected].
We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well. We will alert you to changes by placing a notice on the Nexa website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.
You can always reach Nexa with questions or concerns regarding our Privacy Policy by sending an email to [email protected].
By using the Website or its Services, you agree to be bound by this Privacy Policy.
If you do not agree to abide by the terms of this Privacy Policy, you are not authorized to use or access the Website and its Services.
Nexa believes that the GDPR provides the gold standard for personal data protection and therefore has based its entire privacy policy on the premise that all users should be afforded the rights guaranteed by the GDPR. As such, many of the specific provisions of the GDPR are covered in the main privacy policy.
Nexa warrants that it complies and that it is able to demonstrate compliance with the GDPR.
Under the GDPR and when processing your data, Nexa will act as either a processor (or sub-processor, as applicable) or a controller, depending on the purpose for the data processing. While processing Personal Data for the provision of Nexa’s Services, Nexa’s Customer is the Controller (or a Processor processing Personal Data on behalf of a third-party Controller), and Nexa is a Processor (or sub-Processor, as applicable). In this case, the end-user of the service is the data subject.
While processing Personal Data for the improvement of the Service via Nexa Ai Training (as discussed in the main Privacy Policy) Nexa acts as a Controller.
As Processor, Nexa will comply with the instructions contained in this document, in the Nexa Terms of Service and Acceptable Use Policy, Nexa’s Data Processing Agreement (DPA), in any agreements between you and Nexa, or other instructions that you provide later.
As Controller, Nexa will use, with your consent, your Personal Data for improving our services by, for example, saving and analyzing segments of call audio, video, or transcriptions, both to enable these features and to train and improve the models that these features are based on, as described in the Nexa Ai FAQs. Nexa may use pseudonymized segments of such transcriptions and recordings to improve or validate its features, or securely share it with contractors to do so on Nexa’s behalf. Training data saved by Nexa is used only for improving Nexa’s language models, and is processed primarily by automated systems. A small fraction of training data may be manually reviewed. You may opt out of manual review at any time by contacting [email protected]. You can control what data is stored by choosing which Nexa features you use from the settings menu in the relevant Service.
Nexa ensures that the collection, use, and retention of Personal Data transferred from the European Union, Switzerland, and the United Kingdom to the United States is authorized via a suitable legal vehicle, such as the relevant Standard Contractual Clauses. For more information on how to sign a Data Processing Agreement for your organization please visit our DPA Help Center article.
As noted in the Section titled “Data Subject Rights” above, you have a right to access your data, correct or remove it, or completely withdraw your consent for processing it at any time. Such requests may be submitted via Nexa’s Data Subject Access (DSAR) Request Form. The withdrawal of a consent does not affect the lawfulness of processing based on consent before its withdrawal.
Nexa has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU and the UK. You can contact EDPO by using the online request form for the EU or UK, respectively, or via mail at Avenue Huart Hamoir 71, 1030 Brussels, Belgium, or 8 Northumberland Avenue, London WC2N 5BY, United Kingdom, respectively.
Nexa maintains a record of the processing activities it carries out in the course of using personal data to deliver its services, and it will provide this report (Art. 30 “Record of Processing Activities”) to supervisory authorities upon written demand.
If you have questions about our Privacy Policy or data practices, you may contact Nexa’s Data Protection Officer (DPO) at [email protected]. You also have the right to lodge a complaint with the national supervisory authority of your residence, place of work, or where you believe an infringement of your GDPR rights may have occurred.
The California Consumer Privacy Act of 2018 (“CCPA”) and the subsequent California Privacy Rights Act (“CPRA”) requires businesses that collect personal data of California residents to make certain disclosures regarding how they collect, use and disclose such information. This CCPA/CPRA-specific section addresses those requirements.
Personal Data Collection and Sharing: Nexa collects the Personal Data as set forth in the Section titled “When and How Nexa Collects Personal Data” of the Privacy Policy. For the purposes of the CCPA/CPRA, the term “Personal Data” means “Personal Data,” as defined in the CCPA. For purposes of CCPA/CPRA, we collect the following categories of Personal Data from you when you Interact with us and we share that Personal Data for a business purpose as follows:
You can find the types of Personal Data we collect about you in the Section titled “Types of Data We Collect” of the Privacy Policy, but since California regulations have specific terms, please find below the correct applicable terms:
Identifiers (e.g., unique personal identifiers)
Any categories of Personal Data described in subdivision (e) of Section 1798.80. (e.g., name, address, telephone number, passport number, employment history, bank account number, etc.)
Characteristics of protected classifications under California or federal law (e.g., gender, marital status)
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding the interaction with the website, applications, or advertisements (e.g. email conversations).
Geolocation data (e.g., your location).
Professional or employment-related information.
Sources and Uses of Personal Data: The sources from which we collect Personal Data are described in the Sections titled “How Does Nexa Use Personal Data” and “Types of Data We Collect” of the Privacy Policy.
Purposes and Uses for Collecting Personal Data: We collect Personal Data identified in the list above to communicate with you, for marketing and promotional purposes, to provide and improve our services and other purposes set forth in the Section titled “How Does Nexa Use Personal Data” of the Privacy Policy.
Subprocessors. Our subprocessors have privacy and security practices in place to ensure compliance with the CCPA and have contractual requirements to protect the privacy and security of the personal data that they sub-process. As described in the Section titled “Personal Data Disclosures” of the Privacy Policy, we share some personal data with these sub-processors to help us provide, manage, secure, and improve the Services we provide. A current list of our third-party sub-processors is available here.
Sale or sharing of Personal Data. In this context, the word “sale” means any “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic means, a consumer’s Personal Data by the business to another business or a third party, for monetary or other valuable consideration.” Similarly, the word “share” means the disclosure of Personal Data “for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.”
Nexa does not sell or share your Personal Data as those terms are defined under California law. Nexa will only disclose your Personal Data as detailed in this Privacy Policy.
California Consumer Rights: California law gives California residents the right to make the following requests with regard to certain information we collect about them, at no charge, two times every 12 months:
Disclosure Right. The right to request disclosure of Nexa’s data collection and sales practices, including categories of information we have collected, the source of the information, our use of the information and, if the information was disclosed or sold to third parties, the categories of Personal Data disclosed or sold to third-parties and the categories of third-parties to whom such information was disclosed or sold.
Copy Right. The right to request a copy of the specific Personal Data we collected about you in the past 12 months.
Deletion Right. The right to request deletion of Personal Data we have collected, subject to certain exemptions (for example, where the information is used by us to detect security incidents, debugging or to comply with a legal obligation, and where the Personal Data is being used on an anonymized and aggregated basis consistent with the requirements of the CCPA/CPRA).
Opt-out Right. The right to opt-out of the sale or sharing of your Personal Data, if applicable. However, Nexa strictly does not sell or share, as defined by the CCPA and the CPRA, as applicable, your Personal Data.
Non-discrimination Right. The right not to be discriminated against when exercising any of these rights.
Exercising Your Rights: You may exercise those rights by utilizing our Data Subject Access Request (DSAR) Portal. Following the submission of your request, Nexa will verify your identity and respond to you within 30 days of the receipt of the request. When you update information, we may maintain a copy of the unrevised information in our records. Nexa does not and will not discriminate against you for exercising your rights under the CCPA/CPRA.
The Lei Geral de Proteção de Dados (LGPD) requires businesses that collect personal data of Brazilian citizens to make certain disclosures regarding how they collect, use, and disclose such information. This LGPD-specific section addresses those requirements.
Information users located in Brazil
The provisions contained in this section apply to all Users who are located in Brazil, according to the “Lei Geral de Proteção de Dados”. For such Users, these provisions supersede any other possibly divergent or conflicting provisions contained in the Privacy Policy.
This part of the document uses the term “Personal Data“ as it is defined in the Lei Geral de Proteção de Dados (LGPD). Our Data Protection Officer is Preston Thomas and you can contact him at [email protected].
The grounds on which we process your Personal Data
Please refer to the Section titled “How Does Nexa Use Personal Data” of the Privacy Policy to read the legal basis we use for processing your Personal Data.
If you have any additional questions regarding our legal basis for processing, please contact us at [email protected].
Categories of Personal Data processed
Please read the Section titled “Types of Data We Collect” of the Privacy Policy to check the types of data we collect from you.
If you have any additional questions regarding the types of data we collect, please contact us at [email protected].
Why we process your Personal Data
To find out why and when we process your Personal Data, you can read sections “When and how we collect data” and “How we use your data”.
If you have any questions about why we process your data, please contact us at [email protected].
Your Brazilian privacy rights
We assure you that you will never be discriminated against by exercising your rights. Please refer to section “Data Subjects rights” to understand how you can exercise your rights.
You can also lodge a complaint related to your Personal Data with the ANPD (the National Data Protection Authority) or with consumer protection bodies.
In the event you wish to exercise your right of data portability, please let us know that you are performing this request under the LGPD and whether if you wish a simplified or complete disclosure. If you opt for the complete disclosure, please note that it might take up to 15 days to fulfill your request.
Transfer of Personal Data outside of Brazil permitted by the law
Please be aware that we are allowed to transfer your Personal Data outside of the Brazilian territory when the transfer:
is necessary for compliance with a legal or regulatory obligation, the performance of a contract or preliminary procedures related to a contract, or the exercise of rights in judicial, administrative, or arbitration procedures.
is necessary for international legal cooperation between public intelligence, investigation, and prosecution bodies, according to the legal means provided by the international law;
is necessary to protect your life or physical security or those of a third party;
is authorized by the ANPD;
results from a commitment undertaken in an international cooperation agreement; or
is necessary for the execution of a public policy or legal attribution of public service.
The Personal Data Protection Law (PIPL) requires businesses that process personal data of Chinese citizens to make certain disclosures regarding how they collect, use, and disclose such information. This PIPL-specific section addresses those requirements.
Identity of the Personal Data Processor and Entrusted Parties
Please refer to the Section titled “Nexa as Data Controller and Processor” of the Privacy Policy to read about the situations in which Nexa acts as a Personal Data Processor (i.e., Controller) and when it acts as an Entrusted Party (i.e., Processor). In situations where Nexa is acting as an Entrusted Party, the Personal Data Processor is Nexa’s direct customer with which the end user has a direct relationship.
If you have any additional questions regarding our legal basis for processing, please contact us at [email protected].
Purposes and Methods of Personal Data Processing
Please refer to the Sections titled “How Does Nexa Use Personal Data” and “When and How Nexa Collects Personal Data” of the Privacy Policy to read about the purposes and methods of Personal Data processing.
If you have any additional questions regarding our legal basis for processing, please contact us at [email protected].
Categories of Processed Personal Data
Please read the Section titled “Types of Data We Collect” of the Privacy Policy to check the types of data we collect from you.
If you have any additional questions regarding the types of data we collect, please contact us at [email protected].
Retention Period for Processed Personal Data
Please read the Section titled “Data Retention” of the Privacy Policy to check the retention period for processed Personal Data.
If you have any additional questions regarding the types of data we collect, please contact us at [email protected].
Methods and Procedures for Exercising Data Subject Rights
Please read the Section titled “Data Subject Rights” of the Privacy Policy to understand how to exercise your rights.
If you have any additional questions regarding how to exercise your rights, please contact us at [email protected].
Other Information
When applicable, Nexa’s Customers are contractually obligated for obtaining any applicable security assessment through Cyberspace Administration of China (“CAC”) as required by Article 40 of PIPL.
When applicable, Nexa’s Customers are contractually obligated for obtaining explicit and separate consent from all end-users to internationally transfer Personal Data to Nexa as a processing entity pursuant to Articles 23 and 39 of PIPL.
When applicable, Nexa’s Customers are contractually obligated for performing a Personal Data impact assessment with regards to the transfer of Personal Data to Nexa pursuant to Article 55 of PIPL.
When applicable, Nexa’s Customers are contractually obligated for ensuring that they are not subject to the data localization requirements of Article 40 of PIPL.
Phonely
This Privacy Policy (“Privacy Policy”) describes how we at Nexa AI LLC (“Phonely”, “we”, “our”, or “us”) collect, protect, and use the Personal Data (as defined below) you (“User”, “you”, or “your”) may provide via the Phonely.com website (“Website”) or by utilizing any of our software products (“Products”) or services, including through your mobile device, Phonely’s desktop applications, browser and/or extensions (“Software”), or your desk phone (“Services”). Our Privacy Policy is available at www.phonely.ai/privacy-policy (and as amended from time to time and effective as of the date posted). Phonely uses a single Privacy Policy that addresses our treatment of Personal Data when you use our public-facing website or any of these Services, including through your mobile device, Phonely’s desktop applications, browser and/or extensions, or your desk phone. We commit ourselves to the highest standard for data protection and privacy. Due to our global footprint, we are subject to several data protection regulations and as a guiding principle, we apply the strictest regulation to protect your data and privacy globally. This results in a broad set of rights and choices made available to you.
Phonely is made up of various legal entities which we use as infrastructure to provide our Services and to comply with various local laws. However, the parent entity responsible for data protection across the organization is Nexa AI LLC, a U.S. company with a registered address of 30 N Gould St. Ste R Sheridan, WY 82801.
To exercise your data protection rights or for more information about Phonely’s data protection practices, please contact us at [email protected].
Your use of Phonely’s Services is also subject to the Terms of Service or the General Terms and Conditions associated with the Master Services Agreement that governs your account, each of which may be amended from time to time and are effective as of the date posted. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service or the Applicable Data Protection Laws.
“Applicable Data Protection Laws” means all laws and regulations that are applicable to the processing of Personal Data under the Agreement, including European Data Protection Laws and the CCPA, as well as any future amending acts of the above-mentioned data protection laws any other applicable international, federal, national and state privacy and data protection laws, rules, and regulations pertaining to privacy, data processing and use, data protection, data security, encryption, or confidentiality.
“Personal Data” means all data which is defined as ‘Personal Data’, ‘personal information’, or ‘personally identifiable information’ (or analogous terms) under the Applicable Data Protection Laws.
Contact Information that facilitates communication between you and Phonely, such as name, email and physical address, telephone number, and password | Billing Payment information |
Location Information about a specific location, such as physical address or IP address | Identifiers Information that may tend to identify a specific individual, such as name, profile picture, birthdate. |
Device and Session Information about your browser or device, which may include your IP address, device IDs, or other unique identifiers, cookie information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested | Telephony Information concerning customer call records such as time, duration, the number of the called party |
Session audio, video and messaging The audio, video, and messaging (including SMS, in-app chat, and other messaging channels) that you send through Phonely, and the information contained therein, should you opt-in to recording or otherwise storing that information | Integrations Information regarding the integration of third-party services such as Google, Salesforce, Zendesk, HubSpot, and others, including credentialing information. |
Phonely may collect Personal Data through our communications with you or through your use of the Services. Consequently, Personal Data can be directly provided by you or indirectly collected by us from, for example, user interactions and use of the Services. You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features within the Services.
Data You Provide | Data Phonely Collects | When is this data collected | Examples of Types of Data Collected |
X |
| When you create an account with Phonely | Contact; Billing |
X | X | When you integrate with a third-party service | Integrations |
| X | When you use our Services | Device and session information; Telephony information; Session audio, video, and messaging; Location; Integrations |
| X | When you use Phonely AI | Device and session information; Telephony information; Session audio, video, and messaging; Integrations |
| X | When you browse pages of our website | Device and Session; Location |
X |
| When you request information from us | Contact |
X |
| When you opt-in for marketing messages | Contact, Identifying |
All permanent data, such as contact lists, call records, recordings, and transcripts, are stored in the United States via Google Cloud Storage, unless your Phonely Services Administrator has selected a different region. Phonely may also temporarily process Personal Data in other regions for purposes such as technical support, customer support, and sales. In transit and temporary data associated with calls is processed through Phonely’s Data Centers and may be stored there for for no more than 72 hours.
What We Do | Legal Basis for Processing (under GDPR) | Data Subjects | Personal Data | Phonely’s Role |
Deliver the Services, including placing and receiving voice and video calls, and providing recordings, transcriptions, and analytics of calls; determining your geographic location for efficient call routing, and organizing your contacts | Contract (Art. 6(1)(b)) | Customers | Location Identifying Device and Session Telephony Session audio, video, and messaging Communication | Processor |
Manage your account and billing, to enable secure login and single sign on, and allow third party integrations | Contract (Art. 6(1)(b)) | Customers | Contact Billing Integrations | Processor |
Communication with You. If you do not want to receive communications from us, you can always opt out by unsubscribing through the link at the bottom of our emails. | Contract (Art. 6(1)(b)) Consent (Art. 6(1)(a)) | Customers | Contact Communications | Processor |
Prevent, detect, and investigate potentially prohibited or illegal activities, including fraud and violations of our Terms of Service and Acceptable Use Policy | Compliance (Art. 6(1)(c)) Public Interest (Art. 6(1)(e)) | Customers End Users | Location Identifying Device and Session Telephony Session audio, video, and messaging Communication Billing | Processor |
Perform backups, disaster recovery, and system status monitoring) | Contract (Art. 6(1)(b)) | Customers End Users | Telephony Session audio, video, and messaging | Processor |
Direct Marketing | Consent (Art. 6(1)(a)) | Customers | Communication Identifying | Processor |
Third Party Integrations We will share your Personal Data with affiliated businesses only if you or your Phonely Services administrator set up an integration, and we will only share your information to the extent that it is related to the transaction or service. | Contract (Art. 6(1)(b)) Consent (Art. 6(1)(a)) | Customers End Users | Integration | Processor |
Improvement of the Service Such as A/B testing of new features, improvement of AI speech recognition and language processing, and performance monitoring | Legitimate Interest (Art. 6(1)(a)) Consent (Art. 6(1)(a)) | Customers End Users | Location Identifying Device and Session Telephony Session audio, video, and messaging Communication Billing | Controller |
We may anonymize, de-identify, and/or aggregate your Personal Data so that you are not individually identifiable (“De-Identified Personal Data”), and provide De-Identified Personal Data to certain of our partners to help us improve our Service, such as sending anonymized samples of audio or text to a third party to improve speech-to-text transcription and reading comprehension. We may also provide aggregate usage information to our partners to understand how often and in what ways people use our Services. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally, as an individual. De-Identified Personal Data may be aggregated for system administration and to monitor usage of the Website. It may be utilized to measure the number of visits to our Website, average time spent, number of pages viewed and to monitor various other Website statistics. This monitoring helps us evaluate how visitors use and navigate our Website so we can improve the content. We may share De-Identified Personal Data or anonymous information (including, but not limited to, anonymous usage data, referring/exit pages and URLs, IP address, platform types, number of clicks, etc.) with interested third parties in any way we choose and for any purpose.
Phonely Ai Training is a key part of how Phonely consistently improves its Services. As described below in the Section titled “Phonely as Data Controller and Processor,” where permitted by law and supported by an appropriate legal basis, Phonely acts as a controller for the data collected for Phonely Ai Training. If you use Phonely Ai, Personal data used for improving the services may include segments of call audio, video, or transcriptions. Training data saved by Phonely is used only for improving Phonely’s language models, and is processed primarily by automated systems. A small fraction of training data may be manually reviewed. You may opt out of manual review at any time by contacting [email protected]. You can control what data is stored by choosing which Phonely features you use from the settings menu in the relevant Service, and you may also opt out entirely from the use of your data for training and improving Phonely’s Ai services by contacting [email protected].
When processing Personal Data for the provision of the Service, Phonely’s direct Customer acts as the Controller (or a Processor processing Personal Data on behalf of a third-party Controller), and Phonely acts as a Processor (or sub-Processor, as applicable). When acting as a Processor, Phonely shall only process Personal Data to provide the Service and in accordance with the Customer’s written instructions, and as required by applicable law. When processing Personal Data for the improvement of the Service, as described above in the Section titled “How Does Phonely Use Personal Data”, Phonely acts as a controller.
Phonely does not use Personal Data to make automated decisions.
Under the GDPR, we only process Personal Data when there is a legal basis for doing so. For the Data Processing described in this policy, we rely on the following legal grounds:
With Phonely, you are in control of your data and you can always restrict the collection of certain types of information.
You have various rights related to the Personal Data we process and may exercise those rights by utilizing our Data Subject Access Request (DSAR) Portal. Following the submission of your request, Phonely will verify your identity and respond to you within 30 days of the receipt of the request. When you update information, we may maintain a copy of the unrevised information in our records.
If you are under the jurisdiction of the GDPR, and if you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns, but we hope you will contact us first so that we may address any issues.
Below is a summary of rights for those individuals subject to the GDPR and guidance on how to exercise them:
Right of Access | You can request access to the Personal Data we hold about you, including:
Upon request, we can either provide an overview of the data we hold or we can provide you with a copy of your Personal Data |
Right to Rectification | If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly. |
Right to Erasure | You may ask us to erase your Personal Data in the following circumstances:
If we share your Personal Data with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly. |
Right to Restrict Processing | You may ask us to restrict or ‘block’ the processing of your Personal Data in the following circumstances:
We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly. |
Right to data portability | You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you where we process that Personal Data in an automated way. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere. |
Right to object | You may ask us at any time to stop processing your Personal Data, and we will do so if we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing. If your objection is related to receiving marketing communications or our newsletter, please hit the unsubscribe link on the communication you no longer wish to receive. |
Rights in relation to automated decision-making and profiling | You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use. Phonely does not perform automated decision-making. |
Right to withdraw consent | If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place. |
Through your account settings, you may access, and, for some information, edit, or delete the following information you’ve provided to us:
To delete your accounts, please follow the instructions on How to Cancel Your Phonely Account. After deletion of your account, some information may remain in our records for a period that is consistent with the purpose it was collected for.
Compliance | Phonely strives to comply with the controls set out in Applicable Data Protection Laws. |
Infrastructure Security | Phonely has implemented appropriate technical and organizational security measures to protect your data, including:
|
Internal Best Practices | Phonely has implemented practices in line with industry standards, including
|
A description of our data security practices is available on our Trust page and such security guarantees are incorporated into our Data Processing Agreement (which is available for signature within the Admin Portal of existing customers).
To provide, maintain, improve, secure, and promote our Services, Phonely needs to disclose certain Personal Data to third parties. We do not license or sell your Personal Data to third parties, including advertisers, without your consent. As described below, when we share any information about you with third parties, we pseudonymize and aggregate any information about you before we share it unless more detail is necessary to the function of the Services. Although our Privacy Policy does not apply to the practices of companies we don’t own or people that we don’t manage, our Data Processing Agreements define how these third parties can use and store your information, consistent with this Privacy Policy.
This section provides further details about the specific disclosures we make to other third parties, such as vendors, governmental authorities, or because of corporate restructuring.
Sub-Processors (Processors) | Certain Personal Data may be disclosed to our vendors who are essential for the functioning of the Services. Vendors that have access to Personal Data are considered sub-processors and nearly all our sub-processors are categorized by law as processors. This means that these sub-processors may process Personal Data on our behalf solely in accordance with our instructions and pursuant to a written agreement. For example, we use suppliers for webhosting, secure cloud storage, analytics, email delivery, customer relationship management, and other services.
|
Sub-Processors (Controllers) | In a few rare circumstances, our sub-processors may act as an independent controller of Personal Data. This means that these sub-processors process Personal Data in accordance with their own privacy policies; however, our contracts with such sub-processors require them to comply with applicable data protection law when processing any Personal Data they receive from us.
|
Governmental Authorities | Various authorities such as regulators, tax authorities, law enforcement agencies, courts of law and others may legally require us to produce information that may include Personal Data, for example through a subpoena or warrant. If Phonely becomes aware of any government data demands requesting Personal Data, then Phonely, in accordance with its Government Data Demands Policy, will:
More information may be found on our Governmental Data Demand Page. |
Corporate Restructuring | If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data could be one of the assets transferred to or acquired by a third party. |
Further Information | We would be happy to address any specific questions you may have about your Personal Data. This Privacy Policy is intended to provide as much relevant information as possible; however, if you need more specific information, please contact us at [email protected]. |
Where we are processing your information as a processor on behalf of a Customer, the Customer determines their own policies and practices for the sharing and disclosure of your information and Phonely does not control how a Customer or any other third parties choose to share or disclose information. Where we are processing your information on our own behalf as a controller, we may disclose your information with your consent, which we may obtain in several ways, including:
Our Services permit you to submit information which may be displayed to other authorized users in the same or different Customer Account. The sharing and other controls applied to such information may be determined by you, other users and/or an administrator of your Account.
In general, we may disclose or transfer your information without your consent to disclosure when we reasonably believe disclosure is appropriate to:
Phonely operates at a global level and therefore Personal Data may need to be transferred to countries outside of where it was originally collected. In such a case, Phonely only makes such cross-border transfers according to applicable laws. For example, to transfer data outside of the EEA or the UK, our Data Processing Agreement (which is available for signature within the Admin Portal of existing customers) incorporates the EU and UK Standard Contractual Clauses and supporting documents, as applicable, or other inter-company agreements. For transfers out of other jurisdictions operating transfer restriction regimes, we take similar steps to ensure compliance with local law.
In accordance with applicable data protection laws, we do not store your Personal Data for longer than needed for the purposes of the respective processing activity.
Phonely, by default, will retain your data for as long as your account is active. Upon closure of your account, Phonely will automatically delete your data within 180 days of account termination. You always have the right to implement a customizable retention policy that will delete data routinely based on your specific retention requests. For more information on how to set up a customizable retention policy, please visit our Help Center.
This retention policy ensures that Phonely is completely deleting your data if it is no longer needed, unless its further temporary storage is still necessary to:
For more detailed information about the retention periods of the Personal Data, please contact us at [email protected].
Phonely and third-party service providers of tracking technologies gather non-Personal Data about how users enter, navigate, and leave the website and Services, the frequency and length of visits to the Services or third party websites, application or device usage data, and your product or service preference indicated by the number of times and the length of time you view a product. Phonely gathers this data using cookies, web beacons, tags, and other similar techniques that deliver small files to your computer and which allow these networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers.
Phonely uses certain third-party services that help us understand traffic on our website in various ways:
Cookie Name | Description |
Google Analytics and Google Adwords | These help Phonely understand who is visiting Phonely’s websites and to show relevant ads on other websites to people who have visited Phonely’s websites. You can control what ads you see through the Google Ad Settings Manager. More information on how Google uses information collected when you use Google’s partner sites is available at Google’s Partner Technologies page. |
Marketo is a marketing automation tool that handles various marketing tasks, such as contacting visitors who provide their contact information and requesting additional information. You can read more about Marketo’s Privacy Policy and opt-out options here via Marketo’s Privacy Notice. | |
Wistia powers the videos on our site. Wistia tracks how you interact with these videos: how much of a video you watch, at what points in a video you pause or rewind, etc. In some videos, we pause the video and request that you provide your email address or name. You are under no obligation to provide this information, but we reserve the right to limit certain videos to identified users. Wistia aggregates the data collected through the videos here, including names and email addresses, and provides it to us. Wistia does not sell or provide the data it collects to third parties. | |
Nextrol | Nextroll is a marketing automation tool that handles various marketing tasks, such as contacting visitors who provide their contact information and requesting additional information. You can read more about Nextroll’s Privacy Policy and opt-out options here via Nextroll’s Privacy Policy |
In general, it is important to note the following regarding the use of cookies:
For more information on cookies and how to manage them, please visit Internet Cookies.
You may be able to opt out of tracking conducted by third parties through our Services by adjusting the Do Not Track settings on your browser; but we don’t control whether or how these third parties comply with Do Not Track requests. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.
For more information on how to manage or restrict the use of cookies and to opt-out of all interest-based advertising, please visit the Network Advertising Initiative or Your Ad Choices. For End Users located in European Territories, the EDAA opt-out page here: http://youronlinechoices.eu/.
Phonely recognizes that the Privacy Shield is no longer a valid transfer mechanism for Personal Data from the European Union and its Member States, the European Economic Area, or Switzerland. However, we continue to comply with the requirements under Privacy Shield due to our commitment to the Privacy Shield Principles. Organizations’ continued participation in the EU-U.S. Privacy Shield demonstrates a serious commitment to protect Personal Data in accordance with a set of privacy principles that offer meaningful privacy protections and recourse for individuals.
Phonely has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/ or visit our Privacy Shield Policy.
Phonely commits to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection, or the Information Commissioner. EU, Swiss, and UK individuals can contact EU DPA, the Swiss Federal Data Protection, or the Information Commissioner as applicable. Please find the contact details of the EU DPAs here.
The Federal Trade Commission has jurisdiction over Phonely’s compliance with the Privacy Shield Principles. Failing to follow the Privacy Shield principles could result in U.S. FTC enforcement measures for Phonely.
Phonely does not provide services designed for use by children under the age of 18, nor does it knowingly collect or solicit Personal Data from anyone under the age of 18. If we learn that we have collected such information we will delete that information as quickly as possible. If you believe that a child under 18 has provided us Personal Data, please contact us at [email protected].
We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well. We will alert you to changes by placing a notice on the Phonely website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.
You can always reach Phonely with questions or concerns regarding our Privacy Policy by sending an email to [email protected].
By using the Website or its Services, you agree to be bound by this Privacy Policy.
If you do not agree to abide by the terms of this Privacy Policy, you are not authorized to use or access the Website and its Services.
Phonely believes that the GDPR provides the gold standard for personal data protection and therefore has based its entire privacy policy on the premise that all users should be afforded the rights guaranteed by the GDPR. As such, many of the specific provisions of the GDPR are covered in the main privacy policy.
Phonely warrants that it complies and that it is able to demonstrate compliance with the GDPR.
Under the GDPR and when processing your data, Phonely will act as either a processor (or sub-processor, as applicable) or a controller, depending on the purpose for the data processing. While processing Personal Data for the provision of Phonely’s Services, Phonely’s Customer is the Controller (or a Processor processing Personal Data on behalf of a third-party Controller), and Phonely is a Processor (or sub-Processor, as applicable). In this case, the end-user of the service is the data subject.
While processing Personal Data for the improvement of the Service via Phonely Ai Training (as discussed in the main Privacy Policy) Phonely acts as a Controller.
As Processor, Phonely will comply with the instructions contained in this document, in the Phonely Terms of Service and Acceptable Use Policy, Phonely’s Data Processing Agreement (DPA), in any agreements between you and Phonely, or other instructions that you provide later.
As Controller, Phonely will use, with your consent, your Personal Data for improving our services by, for example, saving and analyzing segments of call audio, video, or transcriptions, both to enable these features and to train and improve the models that these features are based on, as described in the Phonely Ai FAQs. Phonely may use pseudonymized segments of such transcriptions and recordings to improve or validate its features, or securely share it with contractors to do so on Phonely’s behalf. Training data saved by Phonely is used only for improving Phonely’s language models, and is processed primarily by automated systems. A small fraction of training data may be manually reviewed. You may opt out of manual review at any time by contacting [email protected]. You can control what data is stored by choosing which Phonely features you use from the settings menu in the relevant Service.
Phonely ensures that the collection, use, and retention of Personal Data transferred from the European Union, Switzerland, and the United Kingdom to the United States is authorized via a suitable legal vehicle, such as the relevant Standard Contractual Clauses. For more information on how to sign a Data Processing Agreement for your organization please visit our DPA Help Center article.
As noted in the Section titled “Data Subject Rights” above, you have a right to access your data, correct or remove it, or completely withdraw your consent for processing it at any time. Such requests may be submitted via Phonely’s Data Subject Access (DSAR) Request Form. The withdrawal of a consent does not affect the lawfulness of processing based on consent before its withdrawal.
Phonely has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU and the UK. You can contact EDPO by using the online request form for the EU or UK, respectively, or via mail at Avenue Huart Hamoir 71, 1030 Brussels, Belgium, or 8 Northumberland Avenue, London WC2N 5BY, United Kingdom, respectively.
Phonely maintains a record of the processing activities it carries out in the course of using personal data to deliver its services, and it will provide this report (Art. 30 “Record of Processing Activities”) to supervisory authorities upon written demand.
If you have questions about our Privacy Policy or data practices, you may contact Phonely’s Data Protection Officer (DPO) at [email protected]. You also have the right to lodge a complaint with the national supervisory authority of your residence, place of work, or where you believe an infringement of your GDPR rights may have occurred.
The California Consumer Privacy Act of 2018 (“CCPA”) and the subsequent California Privacy Rights Act (“CPRA”) requires businesses that collect personal data of California residents to make certain disclosures regarding how they collect, use and disclose such information. This CCPA/CPRA-specific section addresses those requirements.
The Lei Geral de Proteção de Dados (LGPD) requires businesses that collect personal data of Brazilian citizens to make certain disclosures regarding how they collect, use, and disclose such information. This LGPD-specific section addresses those requirements.
The Personal Data Protection Law (PIPL) requires businesses that process personal data of Chinese citizens to make certain disclosures regarding how they collect, use, and disclose such information. This PIPL-specific section addresses those requirements.
Copyright Phonely 2024. All rights reserved.