Authenticalls, Inc. (“Authenticalls” or “we”) is a Cloud Platform as a Service (“CPaaS”) company that allows enterprises all over the world to communicate with their customers via various communication channels, such as Programmable SMS, Programmable Voice and email.
We only ask for personal data when we need it for business purposes or to provide you with relevant information. When partners, customers and end-users share personal data with us, we always handle that data in accordance with the applicable data protection regulations. We don’t use that data for any purposes other than those specifically issued by the individual or entity who provides the data.
Authenticalls provides certain services which may be subject to the EU General Data Protection Regulation (EU Regulation 2016/679), also known as “GDPR”.
Authenticalls is committed to complying with GDPR. Authenticalls collects and uses personal data which may be subject to the California Consumer Privacy Act (“CCPA”). This notice contains information required by the CCPA. Authenticalls is committed to complying with the CCPA.
Authenticalls operates through a reseller distribution model. We sell the Authenticalls Products to partners
(“Resellers”) who are typically communication service providers, telecom wholesalers, software developers and/or
system integrators. Our Resellers then white label our Authenticalls Products and resell them under their name to
their enterprise customers (“Enterprise Customers”). In some cases, our Resellers might use the Authenticalls
Product for their own internal use, in which case, they will act as an Enterprise Customer as well, as far as
End-Users of the Authenticalls Products include:
· Employees of the Resellers
· Employees of the Customers
· Recipients and senders of communication triggered by a Reseller or Customer using the Authenticalls Products.
Controller: As per GDPR and other data regulations, the Controller determines the purpose and the means of personal data sharing (e.g. to receive important information or sending invoices) and remains ultimately responsible for the correct handling of the subject’s data. The Controller is often the company that an individual provides their personal data to.
Processor: The Processor is the company that provides part of the service of the Controller, and needs specific personal data in control of the Controller in order to do so. For instance, when one of our customers sends a Programmable SMS to an individual, we need the phone number where that message needs to be sent. This phone number is personal data. The Processor only processes personal data according to the instructions of the Controller. Depending on your relationship with Authenticalls and the function that Authenticalls performs, Authenticalls can be a Controller, a Processor or both.
All the personal data we process is lawfully obtained and with a legal basis.
The purpose of the information we collect is so that we can enable you to use our services.
Personal data can also help us improve our products to fit the needs of our customers.
We process personal data based on a limited set of legal principles:
· explicit consent (e.g. ticking a box on our website)
· negotiating and signing a contract to use the Authenticalls Products
· legal obligation which requires us to do so (such as cooperating with formal disclosure requests or preventing misuse of our services)
Here is a list of some of the purposes for which we’ll request or use your data:
· Sharing relevant information about our products and services
· Creating an account that is connected to your person and company
· Verifying your identity
· Provision of the services
· Finance and billing
· Analyzing usage of our products and services
· Providing Customer Support to potential or existing customers
· Detecting and combating fraudulent or unlawful activity
· Training and quality improvement
· Expanding business through our marketing and sales channels
· Fulfill financial obligations such as paying taxes and ensuring invoices are paid
· Keeping your account secure
The personal data that we collect falls into four main categories:
· Reseller Account Data: if your company is a Reseller and you are the holder of a Authenticalls account on behalf of your company, the Reseller Account Data is the personal data you provide to us to setup and maintain that account.
· Enterprise Customer Account Data: if your company is an Enterprise Customer and you are the holder of a Authenticalls account on behalf of your company, the Enterprise Customer Account Data is the personal data you provide to the Reseller to setup and maintain that account.
· End-User Data: this is the personal data of the End-Users that is collected by the Enterprise Customer to allow the End-User to receive and send messages through the Authenticalls Products.
· Website visitor data: this is the data that you will share with us while visiting the site, through cookies and forms. You will always be asked if you agree to share personal data on our site.
The types of personal data collected may include (but are not limited to):
· First name
· Last name
· Job title
· Company name
· Email address
· Phone number
· Authenticalls username
· Authenticalls password
· Usage and traffic data of services and website
· Customer support call recordings
· Communication content (e.g. the content of an SMS)
· Location information
· Cookie preferences
· IP addresses
Personal Data does not include information that is aggregated or otherwise does not identify an individual or does not permit us to associate such information with an individual.
If your company is a Reseller, the Reseller Account Data is provided by you to us when
we setup your Authenticalls account. You can provide this information to us by filling in a form online,
by sending it to us by email or by sharing it with us by phone.
Enterprise Account data: either you enter it yourself in an online form or you provide it to the Reseller from whom you are buying the Authenticalls Product and the Reseller enters your data into our systems.
End-user data is either provided by you through the use of the Authenticalls Products or by the End-Users through the use of the Authenticalls Products. Website Data is collected as you visit the Site, according to the preferences that you set.
Whether we fulfill the role of Controller, Processor, or even as a mere conduit,
we always make sure that the parties we work with adhere to similar Data Protection
and Security Standards as we agreed upon with you.
Authenticalls engages three categories of recipients:
· The Reseller through whom you purchased the Authenticalls Product
· Third party service and technology providers as well as telecommunications services providers working on our behalf to provide you with products and services
· Government authorities, when required to do so by law
If you purchased the Authenticalls Products through a Reseller, the Reseller will have access to the Personal Data that you loaded into the Authenticalls Products.
Most of the products that Authenticalls offers require the Reseller to provide the carrier services for SMS, voice and email. Either the Reseller has the capabilities to perform such services in-house or they buy the services from a third party carrier. This is known as “Bring your Own Carrier” or BYOC. In this case, the communication of SMS message, voice and email is done through a telecommunication company (“Telco”) that is in contract with the Reseller. The communication of the Personal Data is done through the Telco and it is governed by the Privacy Policies from the Reseller and from the Telco. Our Reseller is contractually committed with us to adhere to the same Data Protection and Security Standards as we agreed with you and they have the responsibility to enforce similar standards with the Telco.
Not all Authenticalls Products are BYOC. In some cases, we bundle some carrier services from a third party Telco and sell the bundle to our Resellers.
When it comes to the contents of electronic communications transmitted by a Telco, the Telco qualifies neither as a controller nor as a processor under the EU’s GDPR insofar as it acts as mere conduits in transmitting the content. If the Telco processed content data for its own purpose (e.g. undertaking its own filtering or data retention activities), they act as controllers.
Third party service and technology providers
We can share personal data with third party service providers, like our hosting provider (Amazon Web Services) and our accounting services (for invoicing purposes), that perform services on our behalf. We never share information without prior vetting, or for specific purposes that can be fulfilled in-house.
Authenticalls will respond to government requests only when we are legally obliged to do so.
The request needs to i) be sent from a government agency, ii) be issued where we are subject
to the respective jurisdiction, iii) be an enforceable subpoena, search warrant, court order or
similar official instrument compelling us to disclose the information requested, and iv)
state the categories of records sought and specific time period. Authenticalls will also respond,
as necessary, (1) to protect the security or integrity of our products and services; (2) to
protect the public from harm or illegal activities; and (3) to respond to an emergency which
requires the disclosure of data to assist in preventing death or serious bodily injury.
If Authenticalls responds to such Governmental Requests, or Legal Obligations, Authenticalls
will notify you of such requests and responses, unless prohibited by law.
As a global cloud based enterprise, the usage of our services often
involves the transfer of personal data, both within and outside the
European Economic Area (“EEA”). We always take care to ensure our partners
have sufficient guarantees and safeguards in place to properly treat and
protect your data in line with our data protection and information security standards.
Among others we make sure data transferred outside the EEA will only be done with the appropriate cross border transfer mechanisms in place. We always make sure we contractually agree on data protection to protect the rights and freedoms of all individuals, inside and outside the EU, and ensure compliance with our data protection standards and, when applicable, the GDPR. The Personal Data that we collect may be stored and processed on servers located in various countries, including servers located outside of your home country, which is necessary to provide our services.
We do everything in our power to keep your data safe. We invest in state-of-the-art
technology and thorough security screenings of our infrastructure and employees to minimize security risks.
Since all our accounts are password protected the only person with access to your account should be you. If your login information is stolen or used without your permission, it is imperative that you notify us immediately so we can secure your account. You can do so by sending an email to firstname.lastname@example.org.
Personal Data will be retained only as long as necessary for the fulfillment of the purposes
If you request the deletion of specific Personal Data, we will honor this request if we are able to do so.
If your request will prevent us from performing necessary business functions, we will not be able to honor
such requests. We retain personal data to fulfill contractual or legal obligations which may vary
depending on the geographical location you are residing in, the service is procured or the communications
services originate or are terminate.
If you would like to review, amend, transfer or request to delete personal data during the retention period, you can request us to do so. Please direct any such request regarding your personal data via the “How to Contact Us” section below. Please note that we are not always in a position to follow up on an these requests if they conflict with one of our legal retention obligations, or any other obligation.
After the required retention period expires, we might keep data in a non-identifiable form for archival, statistical and/or other legitimate purposes. None of it will be able to identify you as an individual.
Even though we collect your data to conduct business, your data stays your own. You control
your personal data and can at any time choose what you want us to do with it. You can change
your cookie settings as a website visitor, withdraw consent to our processing of your data when
this applies, control and review your data, and object to and restrict the processing of data if you deem that necessary.
For any changes that you would like to make to your personal data, including erasures, and that you cannot make online through our interfaces, please contact us at email@example.com
When your personal data is being processed to fulfill a legitimate interest to us, you’re able to object and unsubscribe. You can always exercise your right to restrict processing, and we’ll make sure to process your data in the way you specify. We will assess each request on a case-by-case basis according to the rules set out by the applicable data protection laws, often the GDPR. If we override your request, we need to demonstrate that we have compelling grounds to do so, or that there’s a legal claim which allows us to retain personal data.
You may have a right to data portability under applicable law. You may also access a copy of your Personal Data, request rectification or erasure of your Personal Data, object to processing of your Personal Data, request the restriction of the processing of your Personal Data, or otherwise exercise your rights afforded under applicable law by contacting us at the address provided below and by providing evidence of your identity. If the information requested does not identify you without us obtaining additional information, we may not be able to honor your request. Finally, you also have the right to lodge a complaint with a supervisory authority.
Our services and products are not directed to children under the age of 18. Authenticalls does not knowingly collect and/or process any personal data from children under this age directly. Authenticalls does not knowingly allow children under the age of 18 to become registered members of our sites, or buy products and services on our sites, or collect personal data about children under the age of 18. If we discover we’ve received personal data from a child without parental or legal consent, we will immediately take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about a child, please contact us at firstname.lastname@example.org with the subject: ‘Children’.
Our online services and communications may embed hyperlinks to websites that are not owned or controlled by Authenticalls. We’re not responsible for the privacy practices, policies, notices or content that are not on our website or domain, even if we’ve embedded a link to them. We encourage you to read and understand the privacy practices, policies, notices, and content of any linked sites that you visit.
If you have any questions or concerns regarding the processing of your personal data when you use our website and services, please do not hesitate to contact us by email at email@example.com or to the following address:
SC NEXTOCELL SRL
11 Ion Câmpineanu street, Modul 4.01+Modul 4.02+Modul 4.03A, 4th floor, cam. 3, district 1, Bucharest, Romania