Why is personal information collected?

The purposes for which personal information is processed includes:

• Recruiting management;
• Sales and marketing (including telemarketing) – B2B perspective;
• Customer relationship management) – this may include payment information;
• Events registrations (including webinars, meet-ups, and others);
• Access to our offices;
• Usage of our site;
• Cookies usage (specific policy shared on site).

 

What personal information is collected?

Talkdesk collects information according to applicable data privacy legislation and the information collected is registered in the list of processings.

Talkdesk collects personal information that you voluntarily provide to us when you register on Talkdesk website, when you express an interest in obtaining information about Talkdesk or Talkdesk products and services, or when you apply for job offers. 

The personal information collected is namely Identification and contact data. Since Talkdesk is a B2B company, the contact data collected is business contact data – with exception of job offers.

When applying for a job offer, Talkdesk collects the information provided in the resume and cover letter uploaded by the Data Subject.

More details can be provided through the Data Protector Officer email [email protected].

 

How long is personal information retained?

Data retention periods depend on the purposes of the processing. Under applicable legislation, Talkdesk provides more information on the data retention periods when personal information is collected. More details can be obtained through the Data Protection Officer’s email [email protected].

 

What are the data subject rights?

Data subject right depends on the jurisdictions where they are and typical data subjects rights include:

• Right of access: Right to obtain confirmation as to whether or not personal information concerning the data subject is being processed, and, where that is the case, access to that personal information.
• Right to rectification: Right to obtain rectification of inaccurate personal information concerning the data subject.
• Right to erasure or to be forgotten: Right to the erasure of personal information concerning the data subject.
• Right to restrict processing: Right to restrict the processing of the personal information to the extent permitted by law and in accordance with Talkdesk contractual and legal commitments.
• Right to data portability: Right to receive the personal information provided and concerning the data subject, in a structured, commonly used and machine-readable format.
• Right to object: Right to object to the processing of your data for reasons related to your own personal situation.
• Right not to be subject to automated decision-making: Right not to be subject to a decision based solely on automated processing.
• Right to withdraw consent: Right to remove consent for specific processing.
• Right to complaint: Right to send a complaint to the proper authority.
• Right to prevent your information from being sold: Right to state that you do not have your personal information to be sold to anyone.
• Right to non-discrimination: Right to not receive discriminatory treatment for the exercise of the data subject rights.

 

How can a data subject/person exercise its rights?

The exercise of data subject rights can be requested to the Data Protector Officer email [email protected]. 

 

To whom is personal information transferred?

Information collected is also processed by third-parties (sub-processors) and according to Talkdesk instructions. Talkdesk does not sell and does not allow its sub-processors to sell personal information (as the term “sell” is defined under the CCPA).

A list of Talkdesk sub-processors can be provided if requested [email protected].

 

Where is information stored?

Personal data, when held physically, is stored in the same location as where it was produced.

Personal data, when held digitally is mainly stored in the US and transfer of information from European Economic Area (EEA) and Switzerland is made based on:

• Adequacy Decision: Countries designated by European Commission as having an adequate level of protection for personal information.
• Privacy Shield: Talkdesk complies with the EU–U.S. Privacy Shield and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union and Switzerland to the United States, respectively. Talkdesk has certified to the Department of Commerce that adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Talkdesk certification, please visit https://www.privacyshield.gov.
• Standard Contractual Clauses: Talkdesk relies on the European Commission’s model contracts for the transfer of personal information to third countries (i.e. the standard contractual clauses) pursuant to Decision 2010/87/EU.

 

How is information protected?

Talkdesk has implemented an Information Security and Privacy Information Management Systems (ISMS and PIMS) and BCMS (Business Continuity Management System) as a framework for continuous improvement of security, privacy and business continuity. The ISMS, PIMS, and BCMS include Policies, Awareness on Security and Privacy, adequate processual and technical controls, audit logging, and third-party due diligence, among others.

Talkdesk performs regular due diligence on third parties for security and privacy.

 

Personal Information from Children

Talkdesk will never knowingly collect any personal information from children under the age of 13. If we obtain actual knowledge that we have collected personal information from a child under the age of 13, that information will be immediately removed from any access. Because we do not collect such information, we have no such information to use or to disclose to third parties. We have designed this policy in order to comply with the Children’s Online Privacy Protection Act (COPPA).

 

Privacy Shield Independent Recourse Mechanism

In compliance with the EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield, Talkdesk is committed to resolving complaints about your privacy and our collection or use of your personal information. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact us at: [email protected].

If necessary, we have further committed to refer unresolved privacy complaints under the EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield to JAMS, an alternative dispute resolution provider located in the United States. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.

As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission. The Federal Trade Commission has jurisdiction over Talkdesk’s compliance with this policy and the EU–U.S. and Swiss–U.S. Privacy Shield Frameworks. In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield, Talkdesk is potentially liable.

In compliance with the Privacy Shield Principles, Talkdesk commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Talkdesk at:

Privacy Team/DPO

[email protected]kdesk.com 

Talkdesk has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Talkdesk discloses personal information as stated in this privacy policy. Nevertheless, Talkdesk may also disclose personal information as may be required or permitted in response to lawful requests by public authorities, including to meet national security law enforcement requirements. 

 

California User Consumer Rights

This section only applies when Talkdesk is a controller.

In accordance with California Civil Code Section 1789.3, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at 916-445-1254 or 800-952-5210; or by email to [email protected]. For more information about protecting your privacy, you may wish to visit: http://www.ftc.gov.

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes. With respect to us, this privacy policy applies only to their activities within the State of California. To make such a request or if you have questions about this privacy policy, please send an email to [email protected].

Why is personal information collected?

Personal data is collected to provide the service of Contact Center as a Service. 

 

What personal information is collected?

When acting as a processor, Talkdesk provides a cloud service and acts on behalf of its customers. Therefore, the information that is collected by Talkdesk’s customers when using Talkdesk product is of its own responsibility as it is the definition of the categories of data subjects 

Nevertheless, the information that is collected includes:

• Contact: typically, customer’s customer or prospect (it’s customer responsibility to define who the types of contacts for which Talkdesk service is provided) – Name, phone number and email.
• Agent: usually someone from the customer that uses Talkdesk for inbound or outbound calls: Name, e-mail and associated phone number. May also include characteristics of the agent such as gender.
• Interactions: call metadata such as a contact phone number, agent phone number, date, time and duration of call and call context.
• Call recording: if configured in such a way, call recordings will also be collected.

 

How long is personal information retained?

Since Customers are acting as controllers, they define the retention periods for the information they collect. Additionally, when Customer terminates its contract with Talkdesk, the information is removed up to 90 days after the contract termination or earlier if requested.

Talkdesk may keep anonymized information for longer periods (that will not identify directly or indirectly any agent, contact, or customer) for analysis of how service is used for the improvement of it.

 

What are the data subject rights?

Data subject right depends on the jurisdictions where they are and the jurisdictions where Talkdesk customers are. Nevertheless, typical data subjects rights include:

• Right of access: Right to obtain confirmation as to whether or not personal information concerning the data subject is being processed, and, where that is the case, access to that personal information.
• Right to rectification: Right to obtain rectification of inaccurate personal information concerning the data subject.
• Right to erasure or to be forgotten: Right to the erasure of personal information concerning the data subject.
• Right to restrict processing: Right to restrict the processing of personal information to the extent permitted by law and in accordance with Talkdesk contractual and legal commitments..
• Right to data portability: Right to receive the personal information provided and concerning the data subject, in a structured, commonly used and machine-readable format.
• Right to object: Right to object to the processing of your data for reasons related to your own personal situation.
• Right not to be subject to automated decision-making: Right not to be subject to a decision based solely on automated processing.
• Right to withdraw consent: Right to remove consent for specific processing.
• Right to complaint: Right to send a complaint to the proper authority.
• Right to prevent your information from being sold: Right to state that you do not have your personal information to be sold to anyone.
• Right to non-discrimination: Right to not receive discriminatory treatment for the exercise of the data subject rights.

 

How can a data subject exercise its rights?

When Talkdesk processes information on behalf of a customer, all data subject rights must be addressed directly to the customer. 

 

To whom is personal information transferred?

As a processor/service provider, Talkdesk only uses data to provide the service agreed and according to customer instructions and Talkdesk does not sell the information its customers collect while using Talkdesk service (as the term “sell” is defined under the CCPA).

Nevertheless, Talkdesk uses third-parties to provide its service and those providers follow the same security and privacy commitments as Talkdesk. 

A list of Talkdesk sub-processors can be provided to customers. Such request must be sent to [email protected].

 

Where is information stored?

Information is mainly stored in the US and transfer of information from European Economic Area (EEA) and Switzerland is made based on:

• Adequacy Decision: Countries designated by European Commission as having an adequate level of protection for personal information.
• Standard Contractual Clauses: Talkdesk relies on the Commission’s model contracts for the transfer of personal information to third countries (i.e. the standard contractual clauses) pursuant to Decision 2010/87/EU.
• Privacy Shield: Talkdesk complies with the EU–U.S. Privacy Shield and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union and Switzerland to the United States, respectively. Talkdesk has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Talkdesk certification, please visit https://www.privacyshield.gov.

Transfers between other jurisdictions may require specific and additional provisions that must be defined by the customer in conjunction with Talkdesk.

 

How is information protected?

Talkdesk adopts an Information Security and Privacy Information Management Systems (ISMS and PIMS) and BCMS (Business Continuity Management System) as a framework for continuous improvement of security, privacy, and business continuity. The ISMS, PIMS, and BCMS include Policies, Awareness on Security and Privacy, adequate processual and technical controls, audit logging, and third-party due diligence, among others.

Talkdesk performs regular due diligence on third parties for security and privacy.

 

Personal Information from Children

Talkdesk never knowingly collects any personal information from children under the age of 13. If we obtain actual knowledge that we have collected personal information from a child under the age of 13, that information is immediately removed from any access. Because we do not collect such information, we have no such information to use or to disclose to third parties. We have designed this policy to comply with the Children’s Online Privacy Protection Act (COPPA).

 

Privacy Shield Independent Recourse Mechanism

In compliance with the EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield, Talkdesk is committed to resolving complaints about your privacy and our collection or use of your personal information. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact us at: [email protected].

If necessary, we have further committed to refer unresolved privacy complaints under the
EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield to JAMS, an alternative dispute resolution provider located in the United States. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. 

As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission. The Federal Trade Commission has jurisdiction over Talkdesk’s compliance with this policy and the EU–U.S. and Swiss–U.S. Privacy Shield Frameworks. In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield, Talkdesk is potentially liable.

In compliance with the Privacy Shield Principles, Talkdesk commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Talkdesk at:

Privacy Team/DPO
[email protected] 

Talkdesk has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Talkdesk discloses personal information as stated in this privacy policy. Nevertheless, Talkdesk may also disclose personal information as may be required or permitted in response to lawful requests by public authorities, including to meet national security law enforcement requirements. 

 

Privacy Policy changes

This policy may be updated from time to time to reflect changes in regulatory or operational requirements. Future changes made to this policy are posted on our website. Any questions regarding this policy can be sent to [email protected].