Last Updated: January 8, 2021
The primary goal of Processing Personal Data is to identify authorized users (logged in users) of Myphoner platform, so they can benefit from its functionalities as per their user profile.
In terms of Lawful Basis for processing activities, Personal Data is exclusively Processed under the scope and purpose of agreed Services between Myphoner and the Data Subject’s employer via a Services Contract (acceptance of the Terms of Service) or the Data Subject him/ herself (natural person to whom such Data pertains to) via his/ her Explicit Consent towards required Personal Data Processing Activities.
Regardless of which of the above applies, every Data Subject maintains full control over the Personal Data that pertains to him/ her as well as the Personal Data Processing Activities undertaken by Myphoner (as Data Subject's Rights defined both under the European General Data Protection Regulation [GDPR] and/ or California Consumer Protection Act[CCPA] as applicable).
- Data Collection
- Who is the Data Controller of your data?
- What data do we process?
- For what purposes do we process your data?
- What third parties can receive my data?
- International Data Transfers and Safeguards Employed
- Retention periods
- Storing of Personal Data
- Rights of Data Subjects
- HOW is Personal Data Processed in a Secure manner
Use of Information
We use information about you for the following purposes:
- Provide, maintain, and improve our services towards you and your company;
- Provide services you request, process transactions, and to send you related information;
- Send you technical notices, updates, security alerts, and support and administrative messages;
- Respond to your comments, questions, and requests, and provide customer service;
- Marketing purposes that fall under the Legitimate Interest while not colliding with the Rights of the Data Subject nor legal ruling;
- Communicate with you about news and information related to our service;
- Monitor and analyze trends, usage, and activities in connection with our services; and
- Personalize and improve our services.
I. Data Collection
Myphoner Processes Personal Data as a Controller about those Data Subjects who are users of the Myphoner platform.
Any user that is identified as being under 18 years of age (therefore not bearing full legal capacity as an adult) is not allowed to use our websites, and if any Personal Data has been gathered pertaining to such an individual, it shall be immediately erased from all repositories with except a black-list that will prevent further collection/ Processing of such Data.
Some Myphoner calls can be recorded if the user decides so (for those users operating over Telegenta and Twilio). Such recordings content may contain Personal Data disclosed by the meeting participants, therefore of the exclusive responsibility of those Data Subjects.
II. Who is the Data Controller of your data?
Data Protection Officer (DPO) contacts
Mr. Rui Serrano
Country: Portugal, European Union
email - firstname.lastname@example.org
When a Data Subject visits Myphoner’ websites, the only sessions cookie in use gathers Login Data to enable providing access to registered users and IP addresses and browser version to optimize the user experience. These are deemed as essential Cookies in the sense that if not in place, users will not be able to log in, hence use the Services or having proper access to those services.
Myphoner does not use any other type of Cookies.
Myphoner resorts to Intercom for the chat functionality, therefore as a user please check Intercom’s Privacy and Cookies policy for details on potential automated processing as well as the used Cookies.
Personal Data Collection
Myphoner gets Personal Data about its users from their companies while registering them on the platform.
There is also a user Log file with information fed by the user’s browser whenever that user visits the platform. This log file information may include information such as your computer's Internet Protocol address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
Myphoner also gathers users’ time zone information to enable service features that improve the service, however, the user may disable location services through browser settings.
Myphoner does not profile “Data Subjects” except for their usage of the platform services, least of all from public platforms such as Social Media or “Affiliate” entities’ information repositories, and all analytics information (which is important to assess the efficiency of Myphoner Service) consists of anonymized Data, meaning Myphoner uses third-party analytics tools that allow measuring traffic and usage trends for the Service. These tools collect information sent by the user device or Myphoner Service, including the visited web pages, add-ons, and other information that assists in improving the Service.
The tools use ‘cookies’, which are text files placed on your device, to collect log information and behavior information in an anonymous form. Myphoner collects and uses this analytics information in bulk, meaning mixed with analytics information from other Users so that it cannot reasonably be used to identify any particular individual User.
With respect to Google Analytics, although Google Analytics plants a permanent cookie on the web browser to identify the user, the cookie cannot be used by anyone but Google.
III. What data do we process?
Myphoner processes the following types of personal data and some examples of identifiers:
- Identification Data: First and last name, email address;
- Account Verification data: Username and Password;
- Corporate Information: employer company, invoices content;
- Business contacts information: leads; customers;
- Content of the call (the recording) accessible only by the user who made the call or “management users”;
Myphoner allows its Corporate Clients to address leads as well as Customers, acting not as a Controller, yet a Processor where its Corporate Client’s users collect; store; process, and/ or share such gathered Personal Data pertaining to 3rd party natural persons.
In this scenario, the Data Subject must address those Corporate Clients for both the purpose of getting to know their Lawful Basis for Processing Personal Data as well as exercising Data Subject’s rights under applicable Personal Data Protection legislation.
IV. For what purposes do we process your data?
Personal Data is exclusively processed by Myphoner to enable access to its resources by registered users.
Notwithstanding this fact, your company/ employer (Myphoner’s Corporate Client) may (eventually) resort to Myphoner Services and resources to Process Personal Data that pertains to its users for specific internal purposes. If that is the case, then it is up to your company to internally clarify and (if necessary) to have the needed documentation that demonstrates an adequate Lawful Basis towards such Personal Data Processing Activities.
Corporate Clients will (though their users) gather, host, process and potentially share Personal Data that pertains to their leads and customers on/ via Myphoner; that is nevertheless of the full responsibility of each Corporate Client. Therefore, Corporate Clients must have in place required Lawful Basis for such processing of Personal Data and convey them towards the Data Subjects whose Personal Data is under processing by them, also via the Myphoner platform, either on their website or when contacting those Data Subjects as required by applicable Personal Data Protection legislation.
No Automated Decision Making.
Myphoner does not undergo any type of Automated Personal Data Processing activities or Decision Making, mainly (yet not exclusively) that may lead to Data Subject “Profiling” activities.
The Principle of Data Minimization.
Myphoner takes every reasonable step to ensure that Personal Data under its direct Processing activities (as the Controller) is limited to the amount and type that is necessary to deliver its Services towards its Users and Corporate Clients as it has been agreed by those, either via Consent or a Contract not maintained over redundant repositories nor for any longer than required under the scope of agreed services.
V. What third parties can receive my data?
Myphoner resorts to partners that act as Processors, nevertheless none of those partners proceed with Personal Data Processing activities outside of the scope of their Processor role under Myphoner Services, as per ruled by Data Processing Agreements in place between Myphoner and those partners.
Besides what has been hereinabove mentioned, Myphoner does not share Personal Data pertaining to its users with any 3rd party entities.
VI. International Data Transfers and Safeguards Employed
Some of Myphoner’s partners (Processors or Controllers) are established in 3rd countries (meaning not the EU Member States nor within the European Economic Area), therefore not enjoying an adequacy qualification by the European Commission pursuant to GDPR Article 45 ruling.
To make such transfers fully compliant with the GDPR, the Data Processing Agreements with those partners include the EU Standard Contractual Clauses in accordance with the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council and the recent outcome of the “Schrems II” court case ruling by the Court of Justice of the European Union (dated July 26th, 2020).
And, more relevant, Myphoner both ensures having internal Security Measures and Processes in place as performing a detailed assessment regarding such partners.
VII. Retention periods
General Retention Criteria.
Myphoner will maintain Personal Data pertaining to its Corporate Clients’ Users for the duration of the Services plus as per Legal requirements (e.g. invoices must be maintained by Law for 7 years after document date).
In case of a potential legal dispute or for the period allowed by local legislation (in the geography where the Corporate Client is located) after the Services Contract has come to an end, Myphoner reserves itself the right under Legitimate Interest to maintain Personal Data that exclusively is relevant to allow legal defense; all other Personal Data shall be erased.
VIII. Storing of Personal Data
Myphoner is a Digital company, which means that the overwhelming amount of Data and information the company requires to operate is exclusively maintained under Digital format on IT Systems.
Myphoner stores all Personal Data under AWS Europe resources while using some external 3rd party tools to enable parts of the Service, namely:
- AWS – Hosting;
- MailChimp – exclusively used for Myphoner B2B marketing;
- Telegenta – VoIP phone calls (although users may resort to any SoftPhone);
- Intercom – Messaging and user support;
- Zapier – facilitates the integration of calendar appointments with Myphoner and Intercom.
- CloudApp – User support;
- Calendly – online calendar for meetings/appointments/tasks;
- Vimeo – video platform;
- ProductBoard - feature requests;
Myphoner acts as the Controller and these “Partners” as “Processors”, meaning they will not undergo any “Personal Data Processing Activities” activities towards information registered, submitted or conveyed by Myphoner unless under the scope of contracted services and that is agreed and documented under an existing “DPA” between the parties.
IX. Rights of Data Subjects
Those Data subjects who are individual Customers may exercise their Rights directly towards Myphoner, however, those who are staff members from Myphoner Corporate Clients must address those companies to exercise their rights towards Myphoner.
Under the GDPR, the Data Subject has the following set of established rights:
Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information. Myphoner will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access. Customers may exercise this right by reviewing information on Myphoner’s website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not Myphoner Customers.
Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject. Customers may directly amend existing information on Myphoner’s website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not Myphoner Customers.
Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by Myphoner erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents Myphoner from observing such right, in which case the Data Subject shall be duly informed. This right may be exercised by submitting a request as defined in the procedure stated below in this section.
The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to them/ they. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request. This right may be exercised by submitting a request as defined in the procedure stated below in this section.
Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used, and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. Myphoner will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access. Customers may directly amend existing information on Myphoner’s website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not Myphoner Customers.
Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.
Right to complain with a supervisory authority. The right to lodge a complaint regarding Myphoner’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. Myphoner is however also available to provide any clarification towards those Data Subjects who may feel that it's Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.
Submitting a Data Subject Request/ Complaint.
Under the scope of Personal Data Protection, the Data Subjects may address Myphoner via:
- a written request, accompanied by all necessary information, to the following address: Stationsvej 1, DK-3390 Hundested, Denmark
- an e-mail to email@example.com
The exercise of Data Subjects’ rights as some other “interactions” requires the univocal identification of the person submitting such request as being, in fact, the Data Subject to whom such Personal Data pertains to, hence Myphoner may have to set in place a process or mechanism that allows it to document having undergone such assertive identification.
XI. HOW is Personal Data Processed in a Secure manner
Myphoner has its “IT Landscape” configured and monitored under the strictest Security market standards and it has reviewed and adopted changes to its operational processes in a manner that ensures compliance with the requirements posed under “GDPR” towards “Personal Data” Protection. This means to assure its Confidentiality and Privacy while under “Personal Data Processing Activities” performed by itself and its “Partners” within the scope of Myphoner rendered services.
“Agreed Services” or “Services” means those Services being rendered by the Controller towards the Data Subject towards which he/ she has agreed with and/ or comprehending Processing legitimacy that derives from an existing and documented Lawful Basis.
“Controller” means the “Party” which determines the “scope”, “purpose” and form of Personal Data Processing activities.
“Data Subject” means the identified or identifiable natural person to whom “Personal Data” relates. Both Parties understand that the “Data Subject” is the sole owner of “Personal Data” which pertains to him/ her.
“Data Subjects’ Rights” means the rights established towards the “Data Subjects” under “GDPR”.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the “Personal Data” Treatment” and on the free movement of such data, while replacing the Directive 95/46/EC and having become enforceable on May 25th, 2018.
“IT Landscape” means the set of IT assets and services of and at the disposal of either the Data Subject, Myphoner or its Partners that enables their Personal Data Processing to occur, meaning the communications infrastructure (LAN, WAN, Wi-Fi networks), Data Center and technical rooms, Cloud-based services, workstations, software systems and tools, mobile devices in use, peripheral IT devices, Firewalls and web-based resources.
“Lawful Basis” means the enlisted lawful grounds that a Controller has to entice Personal Data Processing activities under “GDPR”, namely (but not limited to) having documented: the Data Subject’ Explicit Consent towards those Personal Data Processing activities; the Controller’ Legitimate Interest in proceeding with those activities; accessory legal obligations that the Controller must observe and which entitled it to proceed with such activities within the limits of GDPR ruling and inherent obligations.
“Partner” means any 3rd party entity towards which the Controller may resort in order to ensure Personal Data Processing activities under an established Lawful Base (as defined under the “GDPR”) and within the scope of agreed Services with the Data Subject.
“Personal Data” means any data which by itself or when cross-referenced with other data enables one to univocally identify a specific natural person, the “Data Subject”.
“Personal Data Processing” means any operation or set of operations which is performed upon “Personal Data”, whether or not by automated means, such as: collection/ retrieval; accessing (consultation, use); processing (organization, structuring, adaptation or alteration); storage (recording, erasure or destruction); sharing (disclosure by transmission, dissemination or otherwise making available, publishing).
“Personal Data Breach” means any “event” or “incident” (as per ITIL definition) which enables the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to “Personal Data”.
“Processor” means the entity which proceeds with authorized Personal Data Processing activities on behalf of the “Controller”.