Privacy Notice

Effective Date: 17 March 2025

At Telavox (”Telavox” or ”we”), we are deeply committed to protecting personal data and upholding the privacy rights of our employees, customers, partners, and suppliers. We ensure all personal data is processed in strict compliance with applicable data protection laws, including the EU General Data Protection Regulation 2016/679 (GDPR). We value these fundamental rights and strive to reinforce trust in Telavox through responsible data handling.

This privacy notice describes why and how we collect and use personal data and provides information about your rights and how to exercise them. It also applies to the personal data you have provided for us, either directly by your own choice or indirectly that we collect from other parties. We may use personal data that you provide for us for any of the purposes described in this privacy notice and as otherwise stated at the point of collection.

1. Who We Are:

Telavox AB, with registration number 556600-7786, and registered address at Stora Varvsgatan 6, SE-211 19 Malmö, Sweden, is the data controller responsible for the processing of your personal data.

This privacy notice applies to services provided by Telavox, including services under the brand name Telavox and Flow UC.

2. Personal Data We Collect:

Direct Collection:

• Contact Information: Name, email address, phone number, postal address, company name, and job title.
• Identifying Information: Unique identifiers such as customer IDs, account numbers, or other data used to verify your identity.
• Account Information: Usernames, passwords, and other authentication credentials.
• Usage Data: Information about how you use our Services, including call logs, message content, website activity, and device information.
• Marketing and Communication Data: Your preferences for receiving marketing communications and your communication preferences.
• Recorded Calls: Audio recordings of calls, which may be stored for service quality assurance, compliance with regulatory requirements (e.g., MiFID II, GDPR), training purposes, and dispute resolution. Access is restricted to authorized personnel.
• Customer Support Data: Information you provide when contacting our customer support.
• Financial Data: Billing information, payment details, and purchase history (if applicable).

Indirect Collection:

• Traffic Data: IP address, browser type, operating system, and other technical information.
• Information Provided by Third Parties: If you integrate third-party services with Telavox, we may receive information from those services.
• Cookies and Tracking Technologies: We use cookies and similar technologies to collect information about your browsing behavior. More information on Cookies and tracking technologies here [Link to Cookies].
• Office CCTV After Working Hours: Video recordings from office surveillance cameras outside of regular working hours for security and safety purposes. More information available on Camera Surveillance here.

More information on the data processing here.

3. How We Use Your Personal Data:

We use your personal data for the following purposes:

• Providing and Improving Our Services: To provide, maintain, and improve our Services, including troubleshooting, data analysis, testing, research, and statistical purposes.
• Account Management: To create and manage your account, verify your identity, and provide customer support.
• Communication: To communicate with you about our Services, including sending service notifications, updates, and marketing communications (where permitted).
• Marketing and Advertising: To personalize and deliver marketing and advertising content based on your preferences and interests.
• Billing and Payment: To process payments and manage your billing information.
• Security and Fraud Prevention: To protect our Services and users from fraud, security breaches, and other harmful activities.
• Legal Compliance: To comply with applicable laws and regulations.
• Business Operations: To support our business operations, including mergers, acquisitions, and other corporate transactions.
• Technical Support: To diagnose and resolve technical issues, ensure service reliability, and provide assistance with troubleshooting and system performance.
• Internal Operations: To manage internal processes such as IT infrastructure, workforce management, internal audits, and operational efficiency improvements.

More information on the data processing here.

4. Legal Basis for Processing:

As Data Controller, we process your personal data based on the following legal bases:

• Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.  
• Legitimate Interests: Processing is necessary for our legitimate interests, such as providing and improving our Services, marketing, and security.  
• Consent: We may process your personal data based on your consent, such as for marketing communications or cookies.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

As Data Processor, we process personal data on behalf of the Data Controller for the purpose of our contractual obligations and the instructions from the Data Controller.

More information on the data processing here.

5. Sharing Your Personal Data:

We may share your personal data with the following categories of recipients:

Internal Recipients:

• Affiliates and Subsidiaries: Our affiliates and subsidiaries for business operations and marketing purposes.

External Recipients:

• Service Providers: Third-party service providers who assist us with providing our Services, such as hosting, payment processing, and customer support.
• Business Partners: Partners who offer integrated services or collaborate with us on joint marketing initiatives.
• Legal Authorities: When required by law or to protect our rights or the rights of others.
• In Connection with Business Transfers: In the event of a merger, acquisition, or sale of assets.

More information on the Data Sharing here.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA). We implement appropriate safeguards to ensure that your personal data is protected in accordance with applicable data protection laws, such as Standard Contractual Clauses, the EU – USA Data Privacy Framework (DPF), or other lawful mechanisms.

Telavox is committed to maintaining customer trust by ensuring data privacy and security at all operational levels. As part of this commitment, we conduct necessary assessments, including Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (TIAs), to evaluate potential risks associated with the processing and transfer of personal data. These assessments help us identify and mitigate any exposure to high-risk data privacy concerns, ensuring compliance with GDPR and other applicable regulations.

By implementing stringent safeguards and continuously monitoring data protection practices, Telavox ensures that all international data transfers meet the highest security and privacy standards.

More information on international Data transfers here.

7. Data Security

We take strong measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. In line with Article 32 of the GDPR, we use safeguards like encryption, pseudonymization, and regular security assessments to ensure data security.

Building customer trust is our top priority. At Telavox, we align Data Protection operations with our ISO 27001 certification and Information Security Management System (ISMS) ensure effective risk management and compliance with security standards. These measures allow us to provide a secure and reliable environment for your personal data.

8. Data Retention:

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. At the end of the retention period, unless data must be archived for legal or regulatory reasons, we securely delete or destroy it to ensure compliance with data protection standards.

More information on Telavox data retention times can be found here.

9. Your Rights as a Data Subject

If you have any questions or need clarification about how Telavox processes your personal data, please reach out to us at privacy@telavox.com to exercise your rights. As a data subject, you are entitled to the following rights under GDPR:

• Right to be informed (Articles 12-14) – You have the right to clear information about how your personal data is used, both when collected directly and indirectly
  (This Notice).
• Right of access (Article 15) – You have the right to request a copy of the personal data being processed, along with information on how it is used.
• Right to rectification (Article 16) – You have the right to have inaccurate or incomplete personal data corrected.
• Right to erasure (”Right to be forgotten”) (Article 17) – Under certain circumstances, you can request the deletion of your personal data.
• Right to restriction of processing (Article 18) – In some cases, you can request the restriction of processing of your data, such as during a dispute over its accuracy.
• Right to data portability (Article 20) – Under specific conditions, you can obtain your personal data in a structured format and transfer it to another service provider.
• Right to object (Article 21) – You have the right to object to the processing of your personal data, particularly for direct marketing or automated decision-making.
• Right not to be subject to automated decision-making (Article 22) – You have the right not to be subject to decisions based solely on automated processing, including profiling and AI models, that have legal or similarly significant effects.
• Right to withdraw consent (Article 7(3)) – You have the right to withdraw your consent at any time, and it must be as easy to withdraw consent as it was to give it. Once consent is withdrawn, processing based on that consent must stop unless there is another legal basis for processing.

These rights are designed to give you control over your personal data and ensure that data processing is conducted fairly and transparently.

10. Contact Us

If you have any questions or requests concerning your privacy rights, you can reach us at:

Email: privacy@telavox.com
Address: Telavox AB, Stora Varvsgatan 6A, 211 19 Malmö

We are dedicated to protecting your privacy and will address your inquiries as promptly as possible.

11. Updates to This Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be posted on our website, and where appropriate, we will notify you through other communication channels.