It is important that you read and understand this document.
Babblevoice handles high volumes of phone calls on behalf of our customers. This means we store and transmit data on your behalf. You remain the controller of the data we hold, retain ownership of and control over it. Babblevoice is a processor.
Babblevoice uses certain subprocessors (external companies to whom we subcontract out certain functions).
Currently these are:
- Amazon Web Services
We vet all subprocessors to ensure they reach our standards, and we will inform you if these are changed.
Please be aware that we and your reseller (if you have one) will have access to your account with us and any data held within that account. This is for the purposes of managing your account and providing you with updates regarding babblevoice.
- Configuration data (does not contain any personal information)
- Fully anonymised statistical data (does not contain any personal information)
- Phone call records which include phone numbers - may be used in conjunction with other data to identify an individual
- Call recordings and voicemail (potentially contain personal information)
- Contact information; email, phone, business contact details (treated as personal information)
- User information; name, email address.
- Call lists and Phonebooks stored for babblevoice users.
Using personal data
We don't sell or give any data to 3rd parties (except those listed as sub contracted / sub processors for the specific purposes they are contracted to perform).
We don't store credit card details.
Call recordings, call records
All call recordings and call records are encrypted at rest.
If our staff need to access relevant data from a call i.e. when an issue is reported by you regarding a specific phone call, our staff will ask for permission from you to access the relevant data to help in the diagnosis of any potential issue. This is recorded in our case management system (Zendesk).
Each time a call recording is accessed we maintain a record of the user accessing that record. Our staff are not authorised to send call recordings and voicemail via email or in any other way and we audit their call recordings access.
Call recordings can be deleted using the call recordings widget on the vibes board, by those users with the appropriate permissions. Alternatively this can be requested with our helpdesk. We currently do not support data erasure of call records but are working towards implementing this
Actual telephone calls (like all telephone calls over the Public Switched Telephone Network) are insecure. However, all our call record data (i.e. phone call recordings or call records) is transmitted using SSL to encrypt the transmission. This data can be accessed via Vibes (or any other mechanism we provide) and again this data is encrypted via SSL (HTTPS in a browser).
Where is the data stored
All data is stored in Amazon EC2/S3 storage in the EU region Dublin, Ireland or the UK.
The processing performed by babblevoice is the storage of call recordings. We do not systematically monitor it, use innovative technology, track it on a large scale or carry out/use any sort of profiling.
Our customers may need to complete this process independently against their own requirements as they may perform further processing on this data which contains personal information. If you would like assistance with this then please contact us on email@example.com.
Compliance with the national data opt-out policy
Taken from the national data opt-out policy:
"The national data opt-out policy was introduced on 25 May 2018, enabling patients to opt out from the use of their data for anything other than their individual care and treatment, for example research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs."
Babblevoice stores, on behalf of its clients, records which could potentially contain PII data. Babblevoice makes this information available only to the surgery responsible for that data with no other processing occurring. As babblevoice does not pass on data to any 3rd party for any purpose then babblevoice conforms to this requirement.
End of contract provision
The data controller can download all call recordings and call logs at the end of their contract with Babble Ltd.
Call recordings can be deleted by the controller or will automatically be deleted once they stop paying for storage.
Babblevoice uses some Google services:
Google Auth - Single Sign on from Google
We receive your unique user id and email information from Google. We do not share this with any third parties. It is used to manage users within the babblevoice system.
We query free/busy information in calendars that you supply the URL for. This is only used to aid routing telephone calls on your behalf. This data is cached for the purposes of faster lookups but not kept.
Google Speech to Text
Where configured by you, we pass audio from telephone calls to Google to be converted into text. The text response from Google is then used to decide how to route telephone calls as configured by you.
NHS Care Identity Authentication (CIA)
- To see how our users are using our web site for the purpose of improving our website
We do not pass information to any other service or involve ourselves in advertising.
We use contact information to contact our customers (or potential customers) who have agreed to engage in a conversation (whether it be sales or support).
Babblevoice is registered and up to date with the NHS DSPToolkit. Our registration code is 8JH16.
We are ISO 27001 accredited and externally audited by QMS.
Our Information Security Policy is available to view here.
Queries & concerns:
We will assist the controllers of the data to meet their obligations to the ICO to:
- Keep personal data secure
- Notify personal data breaches to the ICO
- Notify personal data breaches to data subjects
- Carry out DPIAs when required; and
- Consult the ICO where a DPIA indicates there is a high risk that cannot be mitigated.
To discuss any data queries or if you have any concerns about your data then please contact our Data Protection Officer at firstname.lastname@example.org.
To contact our Caldicott Guardian, please email us on email@example.com using the subject header: FAO Caldicott Guardian.
For any other queries please contact us.