Privacy Policy

Our commitment to privacy

Authenticalls, Inc. (“Authenticalls” or “we”) is a Cloud Platform as a Service (“CPaaS”) company that allows enterprises all over the world to communicate with their customers via various communication channels, such as Programmable SMS, Programmable Voice and email.

At Authenticalls, your privacy is important to us. This Privacy Policy is intended to describe Authenticalls’s privacy practices and provide information about the choices you have regarding the ways in which information collected by Authenticalls is used and disclosed.

We only ask for personal data when we need it for business purposes or to provide you with relevant information. When partners, customers and end-users share personal data with us, we always handle that data in accordance with the applicable data protection regulations. We don’t use that data for any purposes other than those specifically issued by the individual or entity who provides the data.

By using the site located at www.authenticalls.com (the “Site”) and by using the Authenticalls products and services (the “Authenticalls Products”), you agree to the collection and use of information as set forth in this Privacy Policy.

Key regulations

Authenticalls provides certain services which may be subject to the EU General Data Protection Regulation (EU Regulation 2016/679), also known as “GDPR”.

Authenticalls is committed to complying with GDPR. Authenticalls collects and uses personal data which may be subject to the California Consumer Privacy Act (“CCPA”). This notice contains information required by the CCPA. Authenticalls is committed to complying with the CCPA.

A few definitions

Authenticalls operates through a reseller distribution model. We sell the Authenticalls Products to partners (“Resellers”) who are typically communication service providers, telecom wholesalers, software developers and/or system integrators. Our Resellers then white label our Authenticalls Products and resell them under their name to their enterprise customers (“Enterprise Customers”). In some cases, our Resellers might use the Authenticalls Product for their own internal use, in which case, they will act as an Enterprise Customer as well, as far as this Privacy Policy is concerned.

End-Users of the Authenticalls Products include:
· Employees of the Resellers
· Employees of the Customers
· Recipients and senders of communication triggered by a Reseller or Customer using the Authenticalls Products.

Controller: As per GDPR and other data regulations, the Controller determines the purpose and the means of personal data sharing (e.g. to receive important information or sending invoices) and remains ultimately responsible for the correct handling of the subject’s data. The Controller is often the company that an individual provides their personal data to.

Processor: The Processor is the company that provides part of the service of the Controller, and needs specific personal data in control of the Controller in order to do so. For instance, when one of our customers sends a Programmable SMS to an individual, we need the phone number where that message needs to be sent. This phone number is personal data. The Processor only processes personal data according to the instructions of the Controller. Depending on your relationship with Authenticalls and the function that Authenticalls performs, Authenticalls can be a Controller, a Processor or both.

Why we collect personal data

All the personal data we process is lawfully obtained and with a legal basis. The purpose of the information we collect is so that we can enable you to use our services. Personal data can also help us improve our products to fit the needs of our customers.

We process personal data based on a limited set of legal principles:
· explicit consent (e.g. ticking a box on our website)
· negotiating and signing a contract to use the Authenticalls Products
· legal obligation which requires us to do so (such as cooperating with formal disclosure requests or preventing misuse of our services)

Here is a list of some of the purposes for which we’ll request or use your data:

· Sharing relevant information about our products and services
· Creating an account that is connected to your person and company
· Verifying your identity
· Provision of the services
· Finance and billing
· Analyzing usage of our products and services
· Providing Customer Support to potential or existing customers
· Detecting and combating fraudulent or unlawful activity
· Training and quality improvement
· Expanding business through our marketing and sales channels
· Fulfill financial obligations such as paying taxes and ensuring invoices are paid
· Keeping your account secure

What personal data we collect

The personal data that we collect falls into four main categories:
· Reseller Account Data: if your company is a Reseller and you are the holder of a Authenticalls account on behalf of your company, the Reseller Account Data is the personal data you provide to us to setup and maintain that account.
· Enterprise Customer Account Data: if your company is an Enterprise Customer and you are the holder of a Authenticalls account on behalf of your company, the Enterprise Customer Account Data is the personal data you provide to the Reseller to setup and maintain that account.
· End-User Data: this is the personal data of the End-Users that is collected by the Enterprise Customer to allow the End-User to receive and send messages through the Authenticalls Products.
· Website visitor data: this is the data that you will share with us while visiting the site, through cookies and forms. You will always be asked if you agree to share personal data on our site.

All covered data will be governed by this Privacy Policy.
The types of personal data collected may include (but are not limited to):
· First name
· Last name
· Job title
· Company name
· Email address
· Phone number
· Authenticalls username
· Authenticalls password
· Usage and traffic data of services and website
· Customer support call recordings
· Communication content (e.g. the content of an SMS)
· Location information
· Cookie preferences
· IP addresses

Personal Data does not include information that is aggregated or otherwise does not identify an individual or does not permit us to associate such information with an individual.

How we collect the personal data

If your company is a Reseller, the Reseller Account Data is provided by you to us when we setup your Authenticalls account. You can provide this information to us by filling in a form online, by sending it to us by email or by sharing it with us by phone.

Enterprise Account data: either you enter it yourself in an online form or you provide it to the Reseller from whom you are buying the Authenticalls Product and the Reseller enters your data into our systems.
End-user data is either provided by you through the use of the Authenticalls Products or by the End-Users through the use of the Authenticalls Products. Website Data is collected as you visit the Site, according to the preferences that you set.

With whom we share personal data

Whether we fulfill the role of Controller, Processor, or even as a mere conduit, we always make sure that the parties we work with adhere to similar Data Protection and Security Standards as we agreed upon with you.

Authenticalls engages three categories of recipients:
· The Reseller through whom you purchased the Authenticalls Product
· Third party service and technology providers as well as telecommunications services providers working on our behalf to provide you with products and services
· Government authorities, when required to do so by law

Resellers

If you purchased the Authenticalls Products through a Reseller, the Reseller will have access to the Personal Data that you loaded into the Authenticalls Products.

Telecommunication providers

Most of the products that Authenticalls offers require the Reseller to provide the carrier services for SMS, voice and email. Either the Reseller has the capabilities to perform such services in-house or they buy the services from a third party carrier. This is known as “Bring your Own Carrier” or BYOC. In this case, the communication of SMS message, voice and email is done through a telecommunication company (“Telco”) that is in contract with the Reseller. The communication of the Personal Data is done through the Telco and it is governed by the Privacy Policies from the Reseller and from the Telco. Our Reseller is contractually committed with us to adhere to the same Data Protection and Security Standards as we agreed with you and they have the responsibility to enforce similar standards with the Telco.
Not all Authenticalls Products are BYOC. In some cases, we bundle some carrier services from a third party Telco and sell the bundle to our Resellers.
When it comes to the contents of electronic communications transmitted by a Telco, the Telco qualifies neither as a controller nor as a processor under the EU’s GDPR insofar as it acts as mere conduits in transmitting the content. If the Telco processed content data for its own purpose (e.g. undertaking its own filtering or data retention activities), they act as controllers.

Third party service and technology providers

We can share personal data with third party service providers, like our hosting provider (Amazon Web Services) and our accounting services (for invoicing purposes), that perform services on our behalf. We never share information without prior vetting, or for specific purposes that can be fulfilled in-house.

Government requests and legal obligations

Authenticalls will respond to government requests only when we are legally obliged to do so. The request needs to i) be sent from a government agency, ii) be issued where we are subject to the respective jurisdiction, iii) be an enforceable subpoena, search warrant, court order or similar official instrument compelling us to disclose the information requested, and iv) state the categories of records sought and specific time period. Authenticalls will also respond, as necessary, (1) to protect the security or integrity of our products and services; (2) to protect the public from harm or illegal activities; and (3) to respond to an emergency which requires the disclosure of data to assist in preventing death or serious bodily injury. If Authenticalls responds to such Governmental Requests, or Legal Obligations, Authenticalls will notify you of such requests and responses, unless prohibited by law.

We also may disclose Personal Data in connection with a merger, acquisition or bankruptcy. If we should ever file for bankruptcy or merge with another company, or if we should decide to buy another business, or sell or reorganize part or all of our business, we may disclose your Personal Data to prospective or actual purchasers and other parties. By using this website, you acknowledge that any such transfer of your Personal Data may occur. It is Authenticalls’s practice to obtain appropriate protections for Personal Data disclosed in these types of transactions. Authenticalls cannot, however, guarantee that this Privacy Policy will remain unchanged if Authenticalls is sold or merges with or is acquired by another company. You should periodically check this Privacy Policy for any such changes.

International transfer of data

As a global cloud based enterprise, the usage of our services often involves the transfer of personal data, both within and outside the European Economic Area (“EEA”). We always take care to ensure our partners have sufficient guarantees and safeguards in place to properly treat and protect your data in line with our data protection and information security standards.

Among others we make sure data transferred outside the EEA will only be done with the appropriate cross border transfer mechanisms in place. We always make sure we contractually agree on data protection to protect the rights and freedoms of all individuals, inside and outside the EU, and ensure compliance with our data protection standards and, when applicable, the GDPR. The Personal Data that we collect may be stored and processed on servers located in various countries, including servers located outside of your home country, which is necessary to provide our services.

Authenticalls is a EU based corporation. The information we collect is governed by E.U. law. The laws of other countries may not provide the same degree of protection for your Personal Data as your home country. By accessing or using Authenticalls services or otherwise providing information to us, you expressly acknowledge and consent to the processing and transfer of Personal Data in and to countries outside your home country, including to the E.U. If you do not agree to the transfer of your Personal Data as provided in this Privacy Policy, we may not be able to provide services to you. Please direct any inquiries or complaints regarding our compliance with this Privacy Policy in the “How to Contact Us” section below. We will investigate all such inquiries or complaints and will respond as appropriate in our sole discretion.

Data security and compliance obligations

We do everything in our power to keep your data safe. We invest in state-of-the-art technology and thorough security screenings of our infrastructure and employees to minimize security risks.

Since all our accounts are password protected the only person with access to your account should be you. If your login information is stolen or used without your permission, it is imperative that you notify us immediately so we can secure your account. You can do so by sending an email to support@authenticalls.com.

Retention of Personal Data

Personal Data will be retained only as long as necessary for the fulfillment of the purposes identified in this Privacy Policy or as otherwise required or permitted by applicable law. If you request the deletion of specific Personal Data, we will honor this request if we are able to do so. If your request will prevent us from performing necessary business functions, we will not be able to honor such requests. We retain personal data to fulfill contractual or legal obligations which may vary depending on the geographical location you are residing in, the service is procured or the communications services originate or are terminate.

If you would like to review, amend, transfer or request to delete personal data during the retention period, you can request us to do so. Please direct any such request regarding your personal data via the “How to Contact Us” section below. Please note that we are not always in a position to follow up on an these requests if they conflict with one of our legal retention obligations, or any other obligation.

After the required retention period expires, we might keep data in a non-identifiable form for archival, statistical and/or other legitimate purposes. None of it will be able to identify you as an individual.

Controlling your rights and choices related to Personal Data

Even though we collect your data to conduct business, your data stays your own. You control your personal data and can at any time choose what you want us to do with it. You can change your cookie settings as a website visitor, withdraw consent to our processing of your data when this applies, control and review your data, and object to and restrict the processing of data if you deem that necessary.

For any changes that you would like to make to your personal data, including erasures, and that you cannot make online through our interfaces, please contact us at support@authenticalls.com

When your personal data is being processed to fulfill a legitimate interest to us, you’re able to object and unsubscribe. You can always exercise your right to restrict processing, and we’ll make sure to process your data in the way you specify. We will assess each request on a case-by-case basis according to the rules set out by the applicable data protection laws, often the GDPR. If we override your request, we need to demonstrate that we have compelling grounds to do so, or that there’s a legal claim which allows us to retain personal data.

You may have a right to data portability under applicable law. You may also access a copy of your Personal Data, request rectification or erasure of your Personal Data, object to processing of your Personal Data, request the restriction of the processing of your Personal Data, or otherwise exercise your rights afforded under applicable law by contacting us at the address provided below and by providing evidence of your identity. If the information requested does not identify you without us obtaining additional information, we may not be able to honor your request. Finally, you also have the right to lodge a complaint with a supervisory authority.

Cookies

“Cookies” are pieces of information that a web site transfers to your computer’s hard disk, or mobile device, for record-keeping purposes when you visit a website. Cookies in and of themselves do not personally identify users, although they do identify a user’s computer. Most browsers are initially set up to accept cookies, although you can set your browser to refuse cookies. If you refuse to accept cookies, you may not be able to take full advantage of our website. We use cookies to deliver content specific to your interests and to save your Password so that if you choose to, you do not have to re-enter your password each time you visit our site. Advertisers that display ads on our site may also use cookies. Authenticalls does not have access to the information obtained from those cookies.

Our commitment to children’s online privacy

Our services and products are not directed to children under the age of 18. Authenticalls does not knowingly collect and/or process any personal data from children under this age directly. Authenticalls does not knowingly allow children under the age of 18 to become registered members of our sites, or buy products and services on our sites, or collect personal data about children under the age of 18. If we discover we’ve received personal data from a child without parental or legal consent, we will immediately take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about a child, please contact us at support@authenticalls.com with the subject: ‘Children’.

Links, third party websites and social networking sites

Our online services and communications may embed hyperlinks to websites that are not owned or controlled by Authenticalls. We’re not responsible for the privacy practices, policies, notices or content that are not on our website or domain, even if we’ve embedded a link to them. We encourage you to read and understand the privacy practices, policies, notices, and content of any linked sites that you visit.

Changes to our Privacy Policy

This Privacy Policy might be subject to change at any time without notice. We reserve the right to change, update, modify, or remove any part of this Privacy Policy at any time. The amended policy shall be effective immediately after it is posted on this Site. . You should periodically check this Privacy Policy for any such changes.

How to contact us

If you have any questions or concerns regarding the processing of your personal data when you use our website and services, please do not hesitate to contact us by email at support@authenticalls.com or to the following address:
Authenticalls
SC NEXTOCELL SRL
11 Ion Câmpineanu street, Modul 4.01+Modul 4.02+Modul 4.03A, 4th floor, cam. 3, district 1, Bucharest, Romania