Kallglot - Real-time Voice Translation for Customer Support and Sales Prospecting

1. Roles

Customer = Controller
Kallglot = Processor

2. Purpose and Scope

Kallglot processes personal data only to provide translation, telephony, transcription, and related features as instructed by the Controller. The categories of data processed include call audio, transcripts, caller/agent metadata, and account information.

3. Instructions

We process data only according to documented instructions from the Controller, unless required by EU or member state law.

4. Confidentiality

All personnel with access to personal data are bound by confidentiality obligations.

5. Technical and Organisational Measures

We maintain appropriate security measures, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Role-based access control
Monitoring and logging
Incident response procedures
EU-hosted infrastructure (where applicable)
Regular security reviews

6. Sub-processors

You authorize the use of sub-processors listed on the Sub-processor List. We will notify you at least 14 days before adding or replacing sub-processors, giving you the opportunity to object.

7. Data Breach Notification

In the event of a personal data breach, we will notify the Controller without undue delay and no later than 72 hours after becoming aware of it. The notification will include the nature of the breach, categories of data affected, likely consequences, and measures taken to address it.

8. Assistance

We assist the Controller in:

Responding to data subject requests
Managing data breaches
Conducting Data Protection Impact Assessments (DPIAs) where required

9. Deletion or Return of Data

Upon termination of the service, we will delete or return all personal data within 90 days, unless EU or member state law requires retention. Backups are purged on the same schedule.

10. Audits

Upon request, we will provide documentation necessary to demonstrate compliance. On-site audits may be performed with 30 days' notice, at the Controller's expense, and no more than once per year.

11. International Transfers

Where data is transferred outside the EU/EEA, we use:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all sub-processors
Transfer Impact Assessments (TIAs) to evaluate risks

12. Telecom Compliance Documents

When you request phone numbers in regulated jurisdictions, you authorize us to process and transmit necessary company documents to telecom providers.

13. Duration

This DPA remains in effect for the duration of the service agreement. Obligations regarding data deletion and confidentiality survive termination.

14. Liability

Each party's liability under this DPA is subject to the limitations set out in the Terms of Service.

15. Contact

Email: legal@kallglot.com

Data Processing Agreement (DPA)