Data Processing Agreement (DPA)

Last updated: June 18, 2026

1. Roles

  • Customer = Controller
  • Kallglot = Processor

2. Purpose and Scope

Kallglot processes personal data only to provide translation, telephony, transcription, and related features as instructed by the Controller. The categories of data processed include call audio, transcripts, caller/agent metadata, and account information.

3. Instructions

We process data only according to documented instructions from the Controller, unless required by EU or member state law.

4. Confidentiality

All personnel with access to personal data are bound by confidentiality obligations.

5. Technical and Organisational Measures

We maintain appropriate security measures, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access control
  • Monitoring and logging
  • Incident response procedures
  • EU-hosted infrastructure (where applicable)
  • Regular security reviews

6. Sub-processors

You authorize the use of sub-processors listed on the Sub-processor List. Subprocessor notice is provided in accordance with applicable agreements.

7. Data Breach Notification

If Kallglot becomes aware of a personal data breach affecting customer personal data for which it acts as processor, Kallglot will notify the Controller without undue delay and provide available information as the assessment progresses.

8. Assistance

We assist the Controller in:

  • Responding to data subject requests
  • Managing data breaches
  • Conducting Data Protection Impact Assessments (DPIAs) where required

9. Deletion or Return of Data

Upon termination, Kallglot will delete or return customer personal data in accordance with the applicable agreement, customer instructions, and legal retention requirements. Deleted data may remain in encrypted backups until those backups expire or are overwritten under the normal backup lifecycle.

10. Audits

Upon request, we will provide documentation necessary to demonstrate compliance. On-site audits may be performed with 30 days' notice, at the Controller's expense, and no more than once per year.

11. International Transfers

Where data is transferred outside the EU/EEA, we use:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements where required
  • Transfer Impact Assessments (TIAs) to evaluate risks

12. Telecom Compliance Documents

When you request phone numbers in regulated jurisdictions, you authorize us to process and transmit necessary company documents to telecom providers.

13. Duration

This DPA remains in effect for the duration of the service agreement. Obligations regarding data deletion and confidentiality survive termination.

14. Liability

Each party's liability under this DPA is subject to the limitations set out in the Terms of Service.

15. Contact

Email: legal@kallglot.com