GDPR Compliance

Our Commitment to GDPR

CallAgent.pro is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.

Data Controller Information

We are the data controller responsible for your personal data. We determine the purposes and means of processing your personal information.

Legal Basis for Processing

We process your personal data under the following legal bases:

1. Contractual Necessity (Article 6(1)(b))

Processing is necessary to:

• Provide our AI phone assistant service
• Create and manage your account
• Process payments and billing
• Deliver customer support

2. Legitimate Interest (Article 6(1)(f))

We process data for legitimate interests including:

• Improving our service quality and AI models
• Preventing fraud and ensuring security
• Network and information security
• Analytics and service optimization

3. Consent (Article 6(1)(a))

We obtain explicit consent for marketing communications, cookies, and optional features.

4. Legal Obligation (Article 6(1)(c))

We process data to comply with legal obligations, including tax laws, accounting requirements, and telecom regulations.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

How to Exercise Your Rights

To exercise any of your GDPR rights:

1. Email us at dpo@callagent.pro with your request
2. Include verification information to confirm your identity
3. Specify which right you wish to exercise and provide relevant details
4. We will respond within 30 days (extendable to 60 days for complex requests)

There is no charge for making a request unless it is manifestly unfounded or excessive.

Data Protection Principles

We process your personal data in accordance with GDPR principles:

• Lawfulness, Fairness, and Transparency: We process data legally, fairly, and transparently
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
• Data Minimization: We only collect data that is necessary and relevant
• Accuracy: We keep personal data accurate and up to date
• Storage Limitation: We don't keep data longer than necessary
• Integrity and Confidentiality: We protect data with appropriate security measures
• Accountability: We can demonstrate compliance with GDPR

Data Retention

We retain personal data only as long as necessary:

• Account Data: Retained while your account is active and for up to 2 years after deletion for legal purposes
• Call Recordings: Default retention of 90 days (configurable by you)
• Transaction Records: Retained for 7 years for tax and accounting compliance
• Marketing Data: Retained until you withdraw consent or for 2 years of inactivity

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU-approved contracts with data recipients
• Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
• Additional Safeguards: Encryption, access controls, and security measures

Data Security Measures

We implement appropriate technical and organizational measures (Article 32):

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and authentication (multi-factor authentication)
• Employee training and confidentiality agreements
• Incident response and breach notification procedures
• Regular backups and disaster recovery plans

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 and 34 of the GDPR.

Children's Data

We do not knowingly collect or process personal data from children under 16 years of age without parental consent, as required by Article 8 of the GDPR. If you believe we have inadvertently collected data from a child, please contact us immediately.

Automated Decision-Making and Profiling

Our AI service involves automated processing, including:

• AI Call Handling: Automated responses based on call content and context
• Analytics: Automated analysis of call patterns and performance
• No Sole Automated Decisions: We do not make decisions that significantly affect you based solely on automated processing without human involvement

Third-Party Processors

We work with carefully selected third-party processors who comply with GDPR. We have data processing agreements (DPAs) in place with all processors, as required by Article 28.

Our main processors include hosting providers, payment processors, and AI technology partners. A full list is available upon request.

Right to Lodge a Complaint

If you believe we have not complied with GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact:

• Your local data protection authority in your EU member state
• The lead supervisory authority where we are established

We encourage you to contact us first at dpo@callagent.pro so we can address your concerns.

Updates to This Page

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes and update the "Last updated" date at the top of this page.

Contact Us

For any GDPR-related questions, requests, or concerns: