Calls
Phone numbers
SMS
Business Phone System
CRM
Call Tracking
eSIM for Internet
AI agent
AI Speech Analytics
Click to Call
Video conferencing
VoIP for Business
Become a partner
Integrations
For whom
Setup guides
FAQ
Online chat
Contact us
Blog
This Data Processing Agreement (“DPA”) amends and forms part of the Customer Terms of Use (the “Agreement”). This DPA prevails over any conflicting term of the Agreement, but does not otherwise modify the Agreement.
This DPA will be effective only if executed in accordance with these instructions, and as of the day that the Customer starts using the Services.
1. Definitions
1.1. “Controller”, “Data Subject”, “Personal Data”, “Personal Data Breach”, “Processing”, “Processor”, and “Supervisory Authority” have the meaning given to them in the GDPR.
1.2. “Customer Personal Data” means any Data or File that constitutes Personal Data, the Processing of which is subject to Data Protection Law, for which Customer or Customer’s customers are the Controller, and which is Processed by Zadarma to provide the Call Tracking Service and the Cloud PBX (Business Phone System), CRM (Customer relationship management) “Services”).
1.3. “Data Protection Law” means Data Protection Directive 95/46/EC, General Data Protection Regulation (EU) 2016/679 (“GDPR”), and e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC), and their national implementations in the European Economic Area (“EEA”), Switzerland and the United Kingdom, each as applicable, and as may be amended or replaced from time to time.
1.4. “Data Subject Rights” means Data Subjects’ rights to information, access, rectification, erasure, restriction, portability, objection, and not to be subject to automated individual decision-making in accordance with Data Protection Law.
1.5. “Subprocessor” means a Processor engaged by Zadarma to Process Customer Personal Data.
2. Scope and applicability
2.1. This DPA applies to Processing of Customer Personal Data by Zadarma to provide the Services.
2.2. The subject matter, nature and purpose of the Processing are described in the Agreement. In particular Zadarma will process Customer Personal Data made available to Zadarma. The types of Customer Personal Data and categories of Data Subjects are set out in Annex 1. Zadarma will Process Customer Personal Data only for as long as necessary to provide the Services and as permitted under the Agreement.
2.3. Zadarma, Data Processor, is composed of the following companies:
- IP Telecom Bulgaria LTD, registration number: 201274344, with registered address: office 211, floor 2, 16 Vasil Levski Blvd., 8000 Burgas
- Voice Cloud S.L., registration number: B66781501, with the registered address: av/Cortes Valencianas, 58-1003, Valencia, España- 46015
- Smartvoice LTD, registration number: 12149920, with the registered address: 63-66 Hatton Garden, London, United Kingdom, EC1N 8LE
- Kosmaz Technologies LLC, registration number: 4040443, 80W Sierra Madre Blvd #130, Sierra Madre, CA 91024, USA
2.4. Customer is a Controller and appoints Zadarma as a Processor on behalf of Customer. Customer is responsible for compliance with the requirements of Data Protection Law applicable to Controllers.
2.5. If Customer is a Processor on behalf of other Controller(s), then Customer: is the single point of contact for Zadarma; must obtain all necessary authorizations from such other Controller(s); undertakes to issue all instructions and exercise all rights on behalf of such other Controller(s); and is responsible for compliance with the requirements of Data Protection Law applicable to Processors.
3. Instructions
3.1. Zadarma will Process Customer Personal Data to provide the Services and in accordance with Customer’s documented instructions.
3.2. Zadarma’s instructions are documented in this DPA and any applicable statement of work.
3.3. Customer may reasonably issue additional instructions as necessary to comply with Data Protection Law. Zadarma may charge a reasonable fee to comply with any additional instructions.
3.4. Unless prohibited by applicable law, Zadarma will inform Customer if Zadarma is subject to a legal obligation that requires Zadarma to Process Customer Personal Data in contravention of Customer’s documented instructions.
4. Personnel
4.1. Zadarma will ensure that all personnel authorized to Process Customer Personal Data are subject to an obligation of confidentiality.
5. Security and Personal Data Breaches
5.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Zadarma will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
5.2. Zadarma will notify Customer without undue delay after becoming aware of a Personal Data Breach involving Customer Personal Data. Zadarma’s notification is delayed, it will be accompanied by reasons for the delay.
6. Assistance
6.1. Taking into account the nature of the Processing, and the information available to Zadarma, Zadarma will assist Customer, including, as appropriate, by implementing technical and organizational measures, with the fulfilment of Customer’s own obligations under Data Protection Law to: comply with requests to exercise Data Subject Rights; conduct data protection impact assessments, and prior consultations with Supervisory Authorities; and notify a Personal Data Breach.
7. Audit
7.1. In cases where the Customer does not have sufficient information to address inquiries from competent Supervisory Authorities or other instances, we will provide assistance to the extent reasonable by supplying additional information if available.
7.2. All inquiries should be sent to the email address privacy@zadarma.com.
8. Notifications
8.1. Customer will send all notifications, requests and instructions under this DPA via email to privacy@zadarma.com.
9. Liability
9.1. Where Zadarma has paid damages or fines, Zadarma is entitled to claim back from Customer that part of the compensation, damages or fines, corresponding to Customer’s part of responsibility for the damages or fines.
10. Termination and return or deletion
10.1. This DPA is terminated upon the termination of the Agreement.
10.2. Customer may request return of Customer Personal Data up to ninety (90) days after termination of the Agreement. Unless required or permitted by applicable law, Zadarma will delete all remaining copies of Customer Personal Data within one hundred eighty (180) days after returning Customer Personal Data to Customer.
11. Modification of this DPA
11.1. This DPA may only be modified by a written amendment signed by both Zadarma and Customer.
12. Invalidity and severability
12.1. If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision does not affect any other provision of this DPA and all provisions not affected by such invalidity or unenforceability will remain in full force and effect.
Annex 1
Description of the Processing
1. Data Subjects of the Cloud PBX (Business Phone System), the Call Tracking Service and CRM (Customer Relationship Management) concern the following categories
- Users of Customer’s products and services
- Any other Data Subjects whose Personal Data is submitted to the Service
2. Categories of Customer Personal Data of the Call Tracking Service
- Dates of visits to the site, Linked calls, First and Last UTM tags (if any), ID/IP addresses
3. Categories of Customer Personal Data of the Cloud PBX (Business Phone System)
- Speech recognition, Call recording
- Speech (Voice): Since identification of a subject of personal data on its voice is not carried out, the consent to processing of the data is not necessary
4. Processing operations of the Cloud PBX (Business Phone System) and the Call Tracking Service, CRM (Customer relationship management) will be subject to
- Certain functions of the Service, for example classification and detection, Categorization, optionally with the storage of the resulting Outputs in one or more repositories for analysis and reporting
5. Subprocessors of the Cloud PBX (Business Phone System), CRM (Customer relationship management)
- VoiceBase / Speech recognition and analytics
- Google Cloud Platform / Speech recognition and analytics, Text to Speech
- Google Analytics / Analytics for Call Tracking Service
- Amazon AWS / Text to Speech
- OpenAI / AI Features
- Gemini / AI Features
- ElevenLabs AI / Speech recognition and analytics