Legal
Privacy Policy
1. Plivo CX Privacy Notice
This notice explains to you how Plivo CX manages and protects your personal data when you use our application or visit our website.
We want to make sure that you fully understand what personal data we need from you in order to serve you better, how we use and protect your personal data and why we need your personal data when you are interacting with us. We want to assure you that we have implemented strict information security and privacy practices to ensure that your personal data is safe while in our custody.
We always look for ways to improve our products, services and practices therefore we will update this Privacy Notice whenever there are changes to the ways that we manage and protect your personal data.
2. What is personal data?
It is important to understand what we mean when we discuss personal data. Personal data refers to any information related to someone that can be identified through it either directly or indirectly. This means that, in some cases, a single element of information may not identify you but several pieced together will and, if they do, then they are considered personal data. Examples of personal data include your name, identification numbers, location, factors specific to your physical, mental, economic or social identity, among others.
3. What personal data protection and privacy regulations does Plivo CX need to comply with?
Because we are a global organization, we need to comply with different data protection and privacy regulations around the world such as the EU General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) and others. And because we understand we live in a fully interconnected world; we want to assure you that Plivo CX commits to protecting all of our customers and visitors to our website personal data regardless of where they are located. We respect your privacy rights at all times.
4. Is Plivo CX a data controller or a data processor?
Some data protection regulations differentiate between a data controller and a data processor. A data controller is an organization that determines how to collect and process personal data whereas a data processor is an organization that collects and processes personal data on the data controller’s behalf and under the data controller’s instructions.
Plivo CX is both a data controller and a data processor.
As a controller, Plivo CX collects and processes personal data from visitors to the Plivo CX’s website and from customers that sign up for our services. In this context, Plivo CX determines how this personal data is collected, processed and shared.
As a data processor, Plivo CX collects and processes personal data from registered customers’ users and only does so as per customers’ requirements. Even if we are not making decisions about how personal data is being processed, we continue to protect at all times.
5. How does Plivo CX collect and process your personal data?
In order to provide you with an optimal web experience and also great products and services, we need to collect and process your personal data.
The following table explains what personal data we collect from you, how we process it, how we classify your personal data and, according to personal data protection regulations, what is the legal basis for the processing of your personal data.
We classify your personal data as Account data, Plivo CX Services data, Usage data Content data and Visitor data.
- Account data is all the personal data we collect from you to manage your account including creating end user accounts and routing workflows, buying and renting phone numbers, establishing integrations with the CRM system, and order management functionality. Your account data is also used for giving you support and charging you for our services
- Plivo CX Services data refers to all personal data collected, used and shared through the Plivo CX Desktop Agent app. This data includes receiving inbound customer calls, sending messages, recording and transcribing calls, customer information lookup and verification as well as the integration with the CRM system that the Plivo CX account uses.
- Usage data is all the personal data we collect from you when you use our services such as when you make a call, the length of your call, if you are using voice or text, among others.
- Content data is all the personal data we collect from you within the service including the details of text messages through chat or voice calls.
- Visitor data is all the personal data we collect from you when you visit our website and when you sign up for our current wait list and, in the future, for communications from Plivo CX
6. How does Plivo CX share your personal data?
As part of the products and services that Plivo CX offers to you, we need to share your personal data with our employees and some other third-parties that help Plivo CX deliver our products and services. We always make sure that we share your personal data when it is absolutely necessary to give you the best products and services and we ensure that we do so in a safe and controlled way.
We transmit your personal data to the CRM applications that we interface with such as Salesforce.com.
The following table explains who the parties are we share your personal data with and the purposes why they need access to your personal data.
7. How does Plivo CX protect your personal data?
Plivo CX takes the protection and security of your personal data very seriously. We use physical, organizational, technical, and administrative measures to safeguard your personal data, and regularly re-assess and revise our policies and practices to improve security measures to protect personal data and seek to partner with organizations that do the same.
Please remember that no data transmission over the Internet, whether wired or wireless, is 100% secure, therefore we cannot fully guarantee the security of information transmitted to Plivo and cannot be responsible for the actions of any third-party that may intercept any such information. Once we receive your data, we commit to making all reasonable efforts to protect it to ensure it resides securely in our systems.
If you believe that your personal data may have been compromised by Plivo CX or by using Plivo CX’s website, products or services, please contact our Help Centre immediately. We will be happy to assist you.
8. Where does Plivo CX store your personal data?
Plivo CX stores your personal data with third-party providers that have locations around the globe. We try, as much as possible, to keep your data in your region of residence. However, sometimes this is not possible, and we need to transfer your data internationally.
We work with data service providers that are able to support our expectations of security, privacy and compliance.
Keeping in line with our commitment to protect your personal data, Plivo CX ensures that all third-party vendors we work with sign a Data Processing Agreement to ensure that they will protect your personal data according to Plivo CX’s expectations.
For the purpose of transferring your data to the US, we sign Standard Contractual Clauses (Model Clauses) with all the third-party vendors that will receive your data for the purpose of storing it and we only work with vendors that have the infrastructure required to fulfill their obligations under the Standard Contractual Clauses.
9. Rights over your personal data
Privacy and data protection regulations such as the GDPR and the CPRA grant you with rights that you can exercise over the personal data that organizations like Plivo CX collect and manage about you. At Plivo CX we believe in providing these rights to all of our customers regardless of where they are located in the world. Every Plivo CX customer has the same rights over their personal data.
Unless there are clear exceptions because of legal or regulatory requirements, we will work to ensure that your requests are addressed within 30 days. These are the requests you may contact Plivo CX about:
- You have the right to access the personal data that Plivo CX maintains about you, including the categories of data and how Plivo CX collects, processes and shares your personal data.
- You have the right to request deletion of your personal data, update or correct your data, object to processing of your data, ask us to restrict processing of your data or request portability of your data. On each particular case we will inform you of the consequences of your request and if there are any exemptions to honoring your request based on legal, regulatory or contractual requirements.
- If Plivo CX has collected and processed your personal data based on your explicit consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing Plivo CX conducted prior to your withdrawal.
- You have the right to be notified about a data breach that may impact the integrity, availability or confidentiality of your personal data. Refer to our data breach notification section for more details.
- You have the right to complain to a data protection authority about Plivo CX’s collection and processing of your personal data. However, we will appreciate if you give us the opportunity to deal with your complaint internally before contacting a data protection authority.
You have the ability to access, update or delete the personal data in your account if you choose to do so. Furthermore, you also have the ability to withdraw your consent to any marketing communications you have signed up for.
In order to exercise any of the rights you have over your personal data or if you are not able to complete your request directly through your account, please send an email to [email protected]. Once we receive your request, we will contact you to provide acknowledgement and request further information if required. We will never discriminate against you for exercising your personal data rights.
10. Personal data breach notification
As part of our security and data protection measures we have implemented processes to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Should we learn of a security breach that affects your personal data, we will notify you in order to explain how this breach may affect you and to provide you with any advice on how to protect yourself. We will contact you through the email address we have on file or by posting a notice on our website.
11. Plivo CX’s personal data retention period
Due to telecommunications and other regulations, we need to retain all the data that you generate as part of your relationship with Plivo CX for seven (7) years after you close your account.
12. Plivo CX’s Data Processing Addendum
In our role as a processor, we are happy to provide you with a Data Processing Addendum (or DPA) where we commit to safeguarding the personal data that we will process on your behalf, will support you on any request you may receive from individuals or Data Protection Authorities and will ensure that we process personal data according to personal data protection regulations such as the General Data Protection Regulation in the EU.
13. Plivo CX’s contact information
If you have any further questions about how Plivo CX collects, uses, discloses or protects your personal data or if you have any questions about this privacy notice, including any requests to exercise your personal data rights, you may contact our appointed Data Protection Officer using the details set out below.
Data Protection Officer
Email address: [email protected]
14. California Privacy Notice
This section of the Privacy Notice encompasses specific requirements for California residents, and it complies with the California Privacy Rights Act of 2020 (CPRA).
15. Categories of Collected Personal Information
Plivo CX, for the purpose of our business or for the purpose of your interactions with our website, collects and uses the following categories of personal information:
Plivo CX collects these categories of personal data from the following sources:
- Directly from the individual the information is about.
- Indirectly from an individual’s interaction with our website or our products.
We use and disclose personal information according to the purposes established in the sections How does Plivo CX collect and process your personal data and How does Plivo CX share your personal data.
16. Disclosures of personal information
Plivo CX has shared your personal information in the last twelve months on all categories identified and for the purposes described in this Privacy Notice.
17. Sale of personal information
Plivo CX may have collected publicly available personal information about you or obtained your information from third party providers. This information includes the industry, size, and other general information about your company such as URLs, in order to help Plivo CX understand our customers better. If you want to opt-out, you may email us at [email protected]
18. California Privacy Rights
The CPRA provides California residents with rights over their personal information. As a California resident, you have the following rights with respect to your personal information:
- You have the right to request to know about personal information that has been collected, disclosed, or sold.
- You have the right to rectify any personal information that we hold about you that, in your opinion, is not correct.
- You have the right to request the deletion of personal information.
- You have the right to portability, which means that you may request that we provide you a copy of specific pieces of personal information we have collected about you in the past 12 months in an electronic format.
- You have the right to request that we limit the disclosure of your sensitive personal information unless the disclosure is required for the provision of our services to you or for any other regulatory or legal requirements.
- You have the right to opt-out of the sale of your personal information at any time.
Once we receive a request from you to disclose how your personal information has been collected, used and shared by Plivo CX over the last twelve months, we will verify your identity and will share with you the following information:
- Categories of personal information Plivo CX collected about you
- The sources where we obtained your personal information from
- The purposes of use of your personal information
- The third-parties we shared your personal information with
- Whether we sold or shared your personal information for Plivo CX’s benefit
We aim to respond to your requests within the established 45 days from receipt. If we require more time to respond, we will let you know within this period. We will deliver our response by mail or electronically, depending on your preference.
We will not discriminate against you for exercising your personal information rights.
19. Authorized agent
You may designate an authorized agent to make requests on your behalf. We will require verification that you did, in fact, authorize the agent. Unless the law requires otherwise, your authorized agent must provide contact details for you. We will contact you to confirm that you authorized the agent. Once you confirm, we will promptly respond to the rights request.
20. Exercising your privacy rights
To exercise your rights, you may contact us at [email protected]. In order to fulfill your request, we may require additional personal information for purposes of verifying your identity. If you make a request through an authorized agent, we may require additional information to verify your authorization of the agent.
21. EU-US Data Privacy Framework
Data Privacy Framework Compliance. Plivo CX complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Plivo CX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Plivo CX has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF, Plivo CX commits to resolve DPF Principles-related complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF should first contact our DPO here.
Plivo CX has further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF to the American Arbitration Association / International Centre for Dispute Resolution (AAA / ICDR), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of AAA / ICDR are provided at no cost to you.
The Federal Trade Commission has jurisdiction over Plivo CX’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
Questions and Assistance. For assistance or questions regarding this Privacy Policy or use of data in connection with the Plivo CX Cloud, you may email us at any time at [email protected]