On May 25, 2018, the European GDPR directive, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Regulation on personal data protection).
Daktela and GDPR
What is the position of Daktela in relation to the data you have stored in it
For its customers, Daktela is in the position of a technical service organization, i.e. a processor of personal data.
You are in the position of personal data controller. As part of the activity for the processor, Daktela can only carry out such processing operations that the controller authorizes it to do or that result from the activity for which the processor was authorized by the controller - based on the contracts we have concluded between us.
Data in Daktela (call recordings, records in CRM, campaign records, ticket attachments, etc.), with which Daktela as a processor works, or comes into contact in the performance of its contractual obligations, is still owned by the data controller (customer).
Daktela is not responsible for compliance of this data (personal data) with GDPR. Daktela provides only the necessary technical service for personal data controller according to their instructions and in accordance with concluded contracts and applicable legislation.
What personal data can you process in Daktela
In Daktela, you can have a wide range of data that can be considered personal data from the point of view of GDPR. These are in particular:
Campaign record with form
Informations about operators
Email, webchat, SMS or other communication
How long does Daktela keep data?
In advance, it should be emphasized that the data is the property of our customers (data controllers) at all times and is only kept for the agreed period. This period is agreed in advance in the contract.
After the end of the contract, the customer is allowed to download the data and possibly transfer it to another provider. The data will then be deleted.
Daktela is not authorized to provide or forward this data to anyone.
Where the data is physically stored
The data and servers operated by Daktela for the purpose of providing the virtual switchboard and contact center service are stored in hosting centers:
TTC Teleport s.r.o., Tiskařská 257/10, Praha 10, 108 00, Česká republika
DC Nagano, U nákladového nádraží 3153/8, Praha 3, 130 00, Česká republika
OVH Cloud, Limburger Str. 45, 65555 Limburg an der Lahn, Německo
OVH Cloud, 8 Viking Way, Erith DA8 1EW, United Kingdom
All data centers have 24-hour security. Only authorized and trained employees have physical access to Daktela servers.
All accesses are audited and monitored.
How data is secured
For the sake of maximum data protection, all Internet traffic on the customers' virtual servers is implemented via standard secure and encrypted protocols (HTTPS, SSL/TLS). In addition, all communication is routed through a central firewall that performs real-time inspection analysis of communication. If the firewall evaluates the traffic as suspicious based on the inspection rules, the source IP address is automatically blocked.
Data is regularly backed up and located for geo-redundancy in the aforementioned data centers.
Only trained employees who access via a secure communication channel and are authenticated with a username and password have the necessary access to data provided by customers for the purpose of the concluded contract. Daktela has set up internal processes and procedures to protect these accesses.
Access is required to provide technical support, required intervention or upgrade based on the customer's specified requirements.
Implementation of the right to be forgotten
If the purpose for which the personal data is collected no longer exists, it is necessary to allow the data controllers to delete the customer's personal data. In Daktele, the authorized user has the right to delete the necessary data by clicking the Delete button. In this way, it is possible to delete a CRM contact, a help desk ticket including attachments or a campaign record.
From version 6.15, a new DPO right is available, which will allow you to delete a call recording, web chat, SMS chat, Facebook Messenger communication or email, and a new Anonymization function when deleting a CRM contact. This function enables automatic anonymization of all personal data of a given CRM contact - anonymization of activities, help desk tickets and campaign records.
All these activities are audited in the audit log.
Records of consent to the processing of personal data
In some cases, it is necessary to prove the customer's consent to the processing of personal data. In Daktele, you have the option of custom defining the structure of a CRM contact, campaign record or ticket header. You can easily add a new item to the desired object, where you will record this consent.
Operators can then easily fill in or change this item. Subsequently, you can adjust your internal processes depending on whether you have consent to the records or not.
Deleting call recordings
All versions of Daktela allow you to set a global value for automatic retention (deletion of older recordings) of saved call recordings. If the recording is older than the set retention, the system automatically deletes it. The length of recording retention is specified in the contract and is set automatically when the Daktela is installed.
This value can only be changed by contacting technical support.
From version 6.15, the options for deleting call recordings are further extended by:
the possibility of individual deletion of the recording by the user who has the right DPO
option to set recording retention for each call queue separately in the queue settings
option to delete recording via API
Based on the GDPR regulation, it is the duty of the controller or processor to establish the role of a personal data protection officer in the company. These obligations include ensuring the compliance of internal business processes with the GDPR regulation, communication with the authorities and possible escalation of the performance of individual processes related to the protection of personal data.
You can contact our representative at the address email@example.com
Need more information?
If you need to answer any additional or other requests about how Daktela can help you with GDPR implementation, you can send an email to the responsible person at firstname.lastname@example.org