GDPR

General Data Protection Regulation

Our Commitment to the GDPR

GDPR is the acronym for General Data Protection Regulation, and is a new set of standards provided to protect the rights of EU citizens regarding how their personal data is being used and processed.

Telzio has always been focused on providing the highest level of security possible, and as a processor of your user data we are also committed to making it easier for you to provide compliance for your customers.

GDPR Basics

GDPR is put in place to strengthen and expand the privacy rights of individuals in a world where much of life takes place online. It replaces the existing EU privacy directive 95/46/EC, which is now more than 20 years old.

GDPR does not just affect businesses based in the EU, but also any company that processes the personal data of EU citizens, or works with companies that processes EU citizen data. For instance, if you make phone calls to a customer in EU, the GDPR also applies to you.

The Data Protection Principles in the GDPR can be summarized to the following:

  • Personal data collected must be processed in a fair, legal and transparent way, and should only be used in a way that a person would reasonably expect.
  • Personal data should only be collected to fulfill a specific purpose, and should only be used for that purpose.
  • Personal data should be stored no longer than necessary to fulfill its purpose.
  • People covered by the GDPR have the right to access their own data and request a copy, delete it or move it to another organization at any time.

The full extend of the GDPR can be found on https://gdpr-info.eu

GDPR Compliance at Telzio

Telzio is implementing a series of controls and features, that allows you to specify how long personal identifiable data is stored on our platform. As a rule of thumb, you should not store data that can identify an individual within EU for more than 90 days. You can set the retention period for your data on your Account Settings page. It is important to note, that once data has been deleted or scrambled, it can not under any circumstance be retrieved again.

  • Call Log

    Because call logs are central to many things, like your ability to analyze your usage, queue statistics and billing calculation, they can not be deleted completely. Instead, we now allow you to scramble personal identifiable data after a certain period of time. This means, that anything that can identify a person calling you, will be scrambled - for example, a phone number like +1 888-998-9080 would show up as +1 888-998-9***. Events on a call detail record, that can identify an individual will be deleted. GDPR best practice is to set the retention time for Call Logs to 90 days.

  • Voicemail

    Because voicemails contain actual audio recording as well as information about who left the message, you now have the ability to automatically delete these completely after a certain period of time. When a voicemail is deleted, the physical file along with all data about it, is removed from our system completely. GDPR best practice is to set the retention time for Voicemails to 90 days.

  • Fax

    Both inbound and outbound faxes contain personal identifiable information. For that reason, you will now have the ability to automatically delete your faxes after a certain period of time. When a fax is deleted, the physical file along with all data about it, is removed from our system completely. GDPR best practice is to set the retention time for Faxes to 90 days.

  • Call Recordings

    Recordings of phone calls along with the data about the call are considered personal identifiable information, and you will for that reason be able to automatically delete call recordings after a certain period of time. When a call recording is deleted, the physical audio file is removed from our system along with the data about it. GDPR best practice is to set the retention time for Call Recordings to 90 days.

  • SMS

    Because SMS messages contain personal identifiable information about the person you are communicating with, you will now be able to define how long messages are stored in our system before being deleted. If the message being deleted, is part of a message thread, the message will be removed from the thread, but other messages may remain until they are old enough to be deleted. GDPR best practice is to set the retention time for SMS to 90 days.

  • Downloading Your Data

    As part of the GDPR requirements, you are now able to download all your personal data from the Telzio platform, using an easy accessible tool on your Account Settings page. When requesting your data for download Telzio queues your request and automatically starts gathering and processing the data for download. Please note, that because some customers have a large amount of data on their account, this process may take some time. Once the data is ready for download, you will receive an email with instructions on how to download the data.

  • Deleting Your Telzio Account

    When you delete your Telzio account, we automatically delete all content associated with it. This means, that any call logs, voicemails, faxes, call recordings, SMS and any other personal identifiable data will be deleted or scrambled. For that reason, you will not be able to reopen the account once deleted, and to resume Telzio service will require that you create a new account.

  • Other Personal Identifiable Data

    As part of Telzio's standard GDPR compliance, we automatically delete any personal identifiable data from our platform after 90 days. This includes information about logins, technical logs from the platform as well as data used for analytical purposes. Telzio never logs any data that is not intended for a specific purpose, and never sells any of your data to third parties.

Data Processing Addendum

Telzio offers a Data Processing Addendum (DPA) with revised terms and additional provisions for protecting personal data. Contact support@telzio.com for more info.

Sub-Processors

Telzio uses certain third party vendors to assist in providing Telzio's services. A sub-processor is a third party vendor hired by Telzio who agrees to receive personal identifiable data from Telzio indented for processing to be carried out on behalf of Telzio's customers. As we add new services that require sub-processing, we will update the list below.

Subprocessor Type of data transmitted Purpose of the data transfer Location
AWS Personal data contained in communication customers send or receive through Telzio's platform. Telzio's platform is hosted by AWS, and all data is stored on AWS servers. Click here for more information about how AWS complies with the GDPR. USA
Google Personal data contained in communications customers send or receive through Telzio's platform. Provides transcripts of voicemails where transcription is enabled. Click here for more information about how Google complies with the GDPR. USA