Privacy Policy

Our commitment to privacy

Authenticalls, Inc. (“Authenticalls” or “we”) is a Cloud Platform as a Service (“CPaaS”) company that allows enterprises all over the world to communicate with their customers via various communication channels, such as Programmable SMS, Programmable Voice and email.
At Authenticalls, your privacy is important to us. This Privacy Policy is intended to describe Authenticalls’s privacy practices and provide information about the choices you have regarding the ways in which information collected by Authenticalls is used and disclosed.
We only ask for personal data when we need it for business purposes or to provide you with relevant information. When partners, customers and end-users share personal data with us, we always handle that data in accordance with the applicable data protection regulations. We don’t use that data for any purposes other than those specifically issued by the individual or entity who provides the data.
By using the site located at www.authenticalls.com (the “Site”) and by using the Authenticalls products and services (the “Authenticalls Products”), you agree to the collection and use of information as set forth in this Privacy Policy.

Key regulations

Authenticalls provides certain services which may be subject to the EU General Data Protection Regulation (EU Regulation 2016/679), also known as “GDPR”. Authenticalls is committed to complying with GDPR. Authenticalls collects and uses personal data which may be subject to the California Consumer Privacy Act (“CCPA”). This notice contains information required by the CCPA. Authenticalls is committed to complying with the CCPA.

A few definitions

Authenticalls operates through a reseller distribution model. We sell the Authenticalls Products to partners (“Resellers”) who are typically communication service providers, telecom wholesalers, software developers and/or system integrators. Our Resellers then white label our Authenticalls Products and resell them under their name to their enterprise customers (“Enterprise Customers”). In some cases, our Resellers might use the Authenticalls Product for their own internal use, in which case, they will act as an Enterprise Customer as well, as far as this Privacy Policy is concerned.

End-Users of the Authenticalls Products include:
· Employees of the Resellers
· Employees of the Customers
· Recipients and senders of communication triggered by a Reseller or Customer using the Authenticalls Products.

Controller: As per GDPR and other data regulations, the Controller determines the purpose and the means of personal data sharing (e.g. to receive important information or sending invoices) and remains ultimately responsible for the correct handling of the subject’s data. The Controller is often the company that an individual provides their personal data to.

Processor: The Processor is the company that provides part of the service of the Controller, and needs specific personal data in control of the Controller in order to do so. For instance, when one of our customers sends a Programmable SMS to an individual, we need the phone number where that message needs to be sent. This phone number is personal data. The Processor only processes personal data according to the instructions of the Controller. Depending on your relationship with Authenticalls and the function that Authenticalls performs, Authenticalls can be a Controller, a Processor or both.

Why we collect personal data

All the personal data we process is lawfully obtained and with a legal basis. The purpose of the information we collect is so that we can enable you to use our services. Personal data can also help us improve our products to fit the needs of our customers.

We process personal data based on a limited set of legal principles:

• explicit consent (e.g. ticking a box on our website)
• negotiating and signing a contract to use the Authenticalls Products
• legal obligation which requires us to do so (such as cooperating with formal disclosure requests or preventing misuse of our services)

Here is a list of some of the purposes for which we’ll request or use your data:

• Sharing relevant information about our products and services
• Creating an account that is connected to your person and company
• Verifying your identity
• Provision of the services
• Finance and billing
• Analyzing usage of our products and services
• Providing Customer Support to potential or existing customers
• Detecting and combating fraudulent or unlawful activity
• Training and quality improvement
• Expanding business through our marketing and sales channels
• Fulfill financial obligations such as paying taxes and ensuring invoices are paid
• Keeping your account secure

What personal data we collect

The personal data that we collect falls into four main categories:

• Reseller Account Data: if your company is a Reseller and you are the holder of an Authenticalls account on behalf of your company, the Reseller Account Data is the personal data you provide to us to set up and maintain that account.
• Enterprise Customer Account Data: if your company is an Enterprise Customer and you are the holder of an Authenticalls account on behalf of your company, the Enterprise Customer Account Data is the personal data you provide to the Reseller to set up and maintain that account.
• End-User Data: this is the personal data of the End-Users that is collected by the Enterprise Customer to allow the End-User to receive and send messages through the Authenticalls Products.
• Website visitor data: this is the data that you will share with us while visiting the site, through cookies and forms. You will always be asked if you agree to share personal data on our site.

All covered data will be governed by this Privacy Policy. The types of personal data collected may include (but are not limited to):

• First name
• Last name
• Job title
• Company name
• Email address
• Phone number
• Authenticalls username
• Authenticalls password
• Usage and traffic data of services and website
• Customer support call recordings
• Communication content (e.g. the content of an SMS)
• Location information
• Cookie preferences
• IP addresses

Personal Data does not include information that is aggregated or otherwise does not identify an individual or does not permit us to associate such information with an individual.

How we collect the personal data

If your company is a Reseller, the Reseller Account Data is provided by you to us when we set up your Authenticalls account. You can provide this information to us by filling in a form online, by sending it to us by email, or by sharing it with us by phone.

Enterprise Account data: either you enter it yourself in an online form or you provide it to the Reseller from whom you are buying the Authenticalls Product and the Reseller enters your data into our systems.

End-user data is either provided by you through the use of the Authenticalls Products or by the End-Users through the use of the Authenticalls Products. Website Data is collected as you visit the Site, according to the preferences that you set.

With whom we share personal data

Whether we fulfill the role of Controller, Processor, or even as a mere conduit, we always make sure that the parties we work with adhere to similar Data Protection and Security Standards as we agreed upon with you.

Authenticalls engages three categories of recipients:

• The Reseller through whom you purchased the Authenticalls Product
• Third party service and technology providers as well as telecommunications services providers working on our behalf to provide you with products and services
• Government authorities, when required to do so by law

Resellers

If you purchased the Authenticalls Products through a Reseller, the Reseller will have access to the Personal Data that you loaded into the Authenticalls Products.

Telecommunication providers

Most of the products that Authenticalls offers require the Reseller to provide the carrier services for SMS, voice, and email. Either the Reseller has the capabilities to perform such services in-house, or they buy the services from a third-party carrier. This is known as “Bring your Own Carrier” or BYOC. In this case, the communication of SMS message, voice, and email is done through a telecommunication company (“Telco”) that is in contract with the Reseller. The communication of the Personal Data is done through the Telco and it is governed by the Privacy Policies from the Reseller and from the Telco. Our Reseller is contractually committed with us to adhere to the same Data Protection and Security Standards as we agreed with you and they have the responsibility to enforce similar standards with the Telco.

Not all Authenticalls Products are BYOC. In some cases, we bundle some carrier services from a third-party Telco and sell the bundle to our Resellers.

When it comes to the contents of electronic communications transmitted by a Telco, the Telco qualifies neither as a controller nor as a processor under the EU’s GDPR insofar as it acts as mere conduits in transmitting the content. If the Telco processed content data for its own purpose (e.g. undertaking its own filtering or data retention activities), they act as controllers.

Third party service and technology providers

We can share personal data with third-party service providers, like our hosting provider (Amazon Web Services) and our accounting services (for invoicing purposes), that perform services on our behalf. We never share information without prior vetting, or for specific purposes that can be fulfilled in-house.

Government requests and legal obligations

Authenticalls will respond to government requests only when we are legally obliged to do so. The request needs to:

• be sent from a government agency,
• be issued where we are subject to the respective jurisdiction,
• be an enforceable subpoena, search warrant, court order, or similar official instrument compelling us to disclose the information requested, and
• state the categories of records sought and specific time period.

Authenticalls will also respond, as necessary, (1) to protect the security or integrity of our products and services; (2) to protect the public from harm or illegal activities; and (3) to respond to an emergency that requires the disclosure of data to assist in preventing death or serious bodily injury. If Authenticalls responds to such Governmental Requests, or Legal Obligations, Authenticalls will notify you of such requests and responses, unless prohibited by law.

We also may disclose Personal Data in connection with a merger, acquisition, or bankruptcy. If we should ever file for bankruptcy or merge with another company, or if we should decide to buy another business, or sell or reorganize part or all of our business, we may disclose your Personal Data to prospective or actual purchasers and other parties. By using this website, you acknowledge that any such transfer of your Personal Data may occur. It is Authenticalls’s practice to obtain appropriate protections for Personal Data disclosed in these types of transactions. Authenticalls cannot, however, guarantee that this Privacy Policy will remain unchanged if Authenticalls is sold or merges with or is acquired by another company. You should periodically check this Privacy Policy for any such changes.

International transfer of data

As a global cloud-based enterprise, the usage of our services often involves the transfer of personal data, both within and outside the European Economic Area (“EEA”). We always take care to ensure our partners have sufficient guarantees and safeguards in place to properly treat and protect your data in line with our data protection and information security standards.

Among others, we make sure data transferred outside the EEA will only be done with the appropriate cross-border transfer mechanisms in place. We always make sure we contractually agree on data protection to protect the rights and freedoms of all individuals, inside and outside the EU, and ensure compliance with our legal obligations and ethical standards.

Data security

We strive to protect personal data using appropriate technical and organizational measures based on the type of personal data and applicable processing activity. For example, we use pseudonymization, encryption, and access control mechanisms to ensure personal data is properly safeguarded from unauthorized access. We also have a data breach response procedure in place to minimize the risk to individuals in the event of a breach, and our contracts with third parties who process personal data on our behalf contain appropriate data protection and information security standards.

Your rights regarding your personal data

You have the right to access, rectify, erase, restrict, and port your personal data in accordance with the law. You also have the right to object to certain processing activities based on grounds related to your particular situation, including direct marketing. To exercise your rights, please contact us using the information provided at the end of this Privacy Policy. We will respond to your request within the applicable time frame under the law.

Finally, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law.

Data retention

We retain personal data for as long as necessary to provide our services or as required by law. If you wish to request the deletion of your personal data, please contact us, and we will comply with your request in accordance with applicable law.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated Privacy Policy on our website and update the "Last Updated" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

Contact information

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at:

Email: support@authenticalls.com

Phone: +1 234 567 890

Address: 1234 Authenticalls St, Tech City, TC 56789