Data Processing Agreement (DPA)
Last updated: June 18, 2026
1. Roles
- Customer = Controller
- Kallglot = Processor
2. Purpose and Scope
Kallglot processes personal data only to provide translation, telephony, transcription, and related features as instructed by the Controller. The categories of data processed include call audio, transcripts, caller/agent metadata, and account information.
3. Instructions
We process data only according to documented instructions from the Controller, unless required by EU or member state law.
4. Confidentiality
All personnel with access to personal data are bound by confidentiality obligations.
5. Technical and Organisational Measures
We maintain appropriate security measures, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access control
- Monitoring and logging
- Incident response procedures
- EU-hosted infrastructure (where applicable)
- Regular security reviews
6. Sub-processors
You authorize the use of sub-processors listed on the Sub-processor List. Subprocessor notice is provided in accordance with applicable agreements.
7. Data Breach Notification
If Kallglot becomes aware of a personal data breach affecting customer personal data for which it acts as processor, Kallglot will notify the Controller without undue delay and provide available information as the assessment progresses.
8. Assistance
We assist the Controller in:
- Responding to data subject requests
- Managing data breaches
- Conducting Data Protection Impact Assessments (DPIAs) where required
9. Deletion or Return of Data
Upon termination, Kallglot will delete or return customer personal data in accordance with the applicable agreement, customer instructions, and legal retention requirements. Deleted data may remain in encrypted backups until those backups expire or are overwritten under the normal backup lifecycle.
10. Audits
Upon request, we will provide documentation necessary to demonstrate compliance. On-site audits may be performed with 30 days' notice, at the Controller's expense, and no more than once per year.
11. International Transfers
Where data is transferred outside the EU/EEA, we use:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements where required
- Transfer Impact Assessments (TIAs) to evaluate risks
12. Telecom Compliance Documents
When you request phone numbers in regulated jurisdictions, you authorize us to process and transmit necessary company documents to telecom providers.
13. Duration
This DPA remains in effect for the duration of the service agreement. Obligations regarding data deletion and confidentiality survive termination.
14. Liability
Each party's liability under this DPA is subject to the limitations set out in the Terms of Service.
15. Contact
Email: legal@kallglot.com