TheVoĉo Cloud-PBX Privacy Policy Agreement
Your continued use of TheVoĉo Cloud-PBX means you are herein consenting to the following data procedures expressed within this agreement.
This policy only describes how TheVoĉo treats your information, not how other organizations treat your information. If you are using TheVoĉo services in a workplace or on a device or account issued to you by your employer or another organization, that company or organization likely has its own policies regarding storage, access, modification, deletion, and retention of communications and content which may apply to your use of any TheVoĉo service. Content that would otherwise be considered private to you or to a limited group of people may, in some cases, be accessible by your administrator. Please check with your employer or administrator about the policies it has in place regarding your communications.
Nature and purposes of processing
TheVoĉo Cloud-PBX is a hosted telephony platform providing communication and collaboration services for Customer. TheVoĉo Cloud-PBX processes the personal data of the individuals who participate in these communications.
Information we process
Through your usage of TheVoĉo Cloud-PBX, TheVoĉo processes different kinds of information. Some of it is personally identifiable and some are non-identifying or aggregated. Here are the types of information we collect or receive:
• Personal Information – This includes all the information associated with your Extension. It includes names and full contact details for the individual or business that created the account. This is vital for PBX administrative purposes and basic call functions.
• Trunk – This is the telephone numbers of the trunks you created and used by the system for basic call functions.
• Call Detail Records (CDRs) – This is a record of the communication that has traversed the P-Series. It typically includes source/destination name, source/destination number and other metrics. CDRs allow you to check call detail records.
• Call Recordings – Call recordings are disabled by default and are opt-in only. The stored information includes phone numbers of the call parties, IP address, and all the recorded conversation. The system also supports uploading custom prompt to notify both parties that the call is being recorded. What’s more, call parties can stop/interrupt a recorded call to protect personal data from being stored. The recording files are encrypted and stored in the TheVoĉo Central Management server but can only be accessed from the PBX Management Portal or via API.
• Voicemail – This includes the called party’s name, phone number, and all data left in the voicemail. This feature can be disabled if you do not want the system to store the above voicemail data. The system also supports uploading custom prompt to notify the party who left the voicemail about the personal data processing.
• Voicemail Transcription – The feature requires authentication with Google Cloud Speech-to-Text API. When integrated, Google STT will be used to transcribe a voicemail to text.
• Speed Dial – This includes the called party’s phone number. You can choose not to use this feature.
• Conferencing – This includes the name and phone number of all participants in the conference call. You can choose not to use this feature. If Call Recording is enabled and opted-in, all recorded conversation will also be included.
• Yeastar Linkus for Google Chrome Extension – The extension can be downloaded from Chrome Web Store is used to capture phone number on the screen for quick dial out through Linkus Desktop Client or Web Client and can also performs call-related operations. This extension does not store any data and abides by Chrome Developer’s User Data Privacy.
• SMTP Server – An SMTP server is required for sending out email notifications as designated by PBX administrator and other emails as needed. TheVoĉo or the Service Provider provide a default SMTP server. The SMTP server will not store any email data. You can disable the default server or choose to use a Custom Email Server.
• Event Notifications – When Event Notification is enabled, the PBX will notify relevant contacts via email or phone number as designated by PBX administrator.
• Call Reports – Based on call activities, agent activities (login/logout, pause/unpause), the PBX provides visual reports on the performance of your PBX system.
• System Logs – When Debug log is enabled, System Log will capture call parties name and number for debugging purpose. Debug log is disabled by default.
• Operation Logs – This includes all the operation performed in the Web Management Portal and the results.
• Troubleshooting – When Ethernet Capture Tool is started, the tool will capture call parties name and number for debugging purpose.
• Company Contacts – The feature Company Contacts includes no contacts by default. Administrator can add, edit and delete external contacts’ information here, and grant privilege to extensions to view and manage the Company Contacts. Each Contact will include information like Name, Company, Email, Business Number, Fax Number, Mobile Number, Home Number, and Address.
• Personal Contacts – The feature Personal Contacts includes no contacts by default. Extensions can add, edit, and delete external contacts’ information here; the administrator and other extensions will have no access to the extensions’ Personal Contacts. Each Contact will include information like Name, Company, Email, Business Number, Fax Number, Mobile Number, Home Number, and Address.
• Instant Messaging Service – Instant Messaging Service (IM Service) is disabled by default. It includes messages, graphics, documents, or any other materials submitted by using this IM Service. All information is the sole responsibility of the person from whom such Data originated. You are wholly responsible for all download, uploaded or otherwise transmitted via the IM Service. TheVoĉo neither store nor is responsible for the Data that you submit to the IM Service.
• Web Audio/Video Call – Based on WebRTC, the feature supports 1-to-1 audio or video call from a browser. All communication is transmitted over an encrypted connection (secure web traffic using HTTPS) and the transmitted media streams are encrypted via Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). The video communication is only visible to participants on the call, and is not recorded or stored on any server. Recording of the audio follows the Call Recordings privacy rule.
• Video Conferencing – The feature is provided through TheVoĉo and is hosted by Agora who are compliant with GDPR. A unique URL will be generated for all participants to join the meeting via a browser. All communication is transmitted over an encrypted connection (secure web traffic using HTTPS) and the transmitted media streams are encrypted via Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). Participants can choose whether to enable microphone and camera for the browser. Other information processed include Name (extension name for internal participant and display name generated by external participant), participant’s microphone and camera information, and technical logs if the participant click Upload Log (will only contain information such as Log ID, UID, but no personal data). All communication is only visible to participants, and is not recorded or stored on any server.
• Asterisk Manager Interface (AMI) – The feature is disabled by default. With the AMI, 3rd-party Application with an authorized IP address and correct credentials will be able to access the call data, e.g. names and phone numbers. The Application is solely responsible for how the acquired data is secured, operated and stored.
• Application Programming Interface (API) – The feature is disabled by default. With the API, authorized 3rd-party Application will be able to access the CDR and call recording files. The Application is solely responsible for how the acquired data is secured, operated and stored.
• Database Grant – The feature is disabled by default. With the feature enabled, 3rd-party Application with an authorized IP address and correct credentials will be able to access the CDR. The Application is solely responsible for how the acquired data is secured, operated and stored.
• CRM Integration – The feature requires authentication with the CRM. When a supported CRM (e.g. Zoho CRM) is integrated with the system, Linkus Web Client will display a known contact’s number on the call pop-up window. After the call ends, the contact’s phone number will be recorded in the CDR. Users can decide whether to synchronize CRM contacts to the PBX’s phonebook, which will also show a contact’s name in the call pop-up window and record it in the CDR.
• Popup URL – The feature is disabled by default. When enabled, the incoming caller’s name and number will be passed to the configured 3rd party popup URL.
How we use your information (process your data), TheVoĉo uses your information for the following:
• Provide communication services – To deliver telephony and communication services, the processing of Personal Data constitutes a natural part of TheVoĉo Cloud-PBX.
• Email messages – TheVoĉo may send you notification and administrative emails, such as when you forgot your password, etc.
Data Retention
• Call Recordings – Call Recordings can be deleted permanently via the Web Management Portal.
• Call Detail Records (CDRs) – CDRs can be deleted permanently via the Web Management Portal.
• Voicemail – Voicemails and transcribed text can be deleted permanently via the Web Management Portal.
Sharing and Disclosure
There are times when communications and related content and other user information may be shared by TheVoĉo. With consent, to comply with legal process, or to protect TheVoĉo and our users. When we have your consent or if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public, any person, or TheVoĉo; or to detect, prevent, or otherwise address fraud, security or technical issues. If we receive a law enforcement or other third party request for information we will provide prior notice to the subject of the request where we are legally permitted to do so.
Security
TheVoĉo takes reasonable steps to protect the information you provide to us as part of your use of the TheVoĉo service from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store and the current state of technology. When you enter sensitive information (such as sign-in credentials) we encrypt the transmission of that information using secure socket layer technology (SSL) and encrypt all data at rest. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it.
Changes to this Privacy Policy
TheVoĉo may change this policy from time to time. If you continue to use TheVoĉo after those changes are in effect, you agree to the revised policy. If the changes are material, we may provide more prominent notice or seek your consent to the new policy.