GDPR Compliance

Our Commitment to GDPR

VeloCalls is committed to protecting the privacy and rights of individuals in the European Economic Area (EEA) and the United Kingdom. We have implemented comprehensive measures to ensure our compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK GDPR. This page outlines our data processing practices and your rights as a data subject.

Data Processing

Data Controller vs. Data Processor

VeloCalls acts as both a data controller and a data processor depending on the context. We are a data controller for personal data we collect directly from you, such as account information and billing details. We act as a data processor for call data and related information that you process through our platform on behalf of your customers and business partners.

Categories of Data Processed

• Account data: name, email, company information
• Billing data: payment method, billing address, transaction history
• Call data: phone numbers, call metadata, recordings, transcriptions
• Usage data: platform activity, feature usage, session information
• Technical data: IP addresses, browser information, device identifiers

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR Article 6:

• Contractual necessity (Art. 6(1)(b)): Processing necessary to perform our contract with you, including providing the call tracking and routing service
• Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, such as improving the Service, fraud prevention, and security
• Legal obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws and regulations
• Consent (Art. 6(1)(a)): Processing based on your freely given consent, such as marketing communications

Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access (Art. 15): Request a copy of all personal data we hold about you
• Right to Rectification (Art. 16): Request correction of inaccurate personal data
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Art. 18): Request restriction of processing of your personal data
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing

We respond to all data subject requests within 30 days. To exercise your rights, contact our Data Protection Officer.

International Data Transfers

VeloCalls is based in the United States. When we transfer personal data from the EEA or UK to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as our primary transfer mechanism. We also implement supplementary technical and organizational measures to ensure an adequate level of data protection. We maintain Data Processing Agreements (DPAs) with all sub-processors that handle EEA personal data.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at dpo@velocalls.com or write to: Data Protection Officer, VeloCalls, Inc., 123 Innovation Drive, Suite 400, Wilmington, DE 19801, United States.

Data Breach Notification

In the event of a personal data breach, VeloCalls will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify affected data subjects without undue delay.

Supervisory Authority

If you are located in the EEA or UK and believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at the European Data Protection Board website.