Commitment to GDPR Compliance: TALKR.ai
The implementation of the **General Data Protection Regulation (GDPR)** has been a strategic priority for **Kwalys/TALKR.ai** since 2017. Our core philosophy is to deliberately place the **individual at the center** of our data processing concerns.
Enhancing Data Subject Rights
The GDPR significantly strengthens the rights of individuals whose personal data is processed, including new or reinforced rights such as:
- **Right to Data Minimisation:** Processing only the data strictly necessary for the purpose.
- **Right to Data Portability:** Obtaining and reusing their personal data for their own purposes across different services.
- **Right to Erasure (Right to be Forgotten):** Requesting the deletion of their personal data under certain conditions.
- **Right of Access and Rectification.**
- **Right to Object** to certain processing.
Our Compliance Framework and Governance
We are committed to achieving and maintaining the maximum application of GDPR recommendations. Our compliance efforts include:
- **Data Protection Officer (DPO) Appointment:** A qualified individual was appointed as a Correspondant Informatique & Libertés and officially became our DPO on **May 25, 2018**. The DPO, who operates externally to ensure independence, is responsible for overseeing compliance, establishing all necessary processes, and verifying our applications to ensure maximum data security.
- **Legal Expertise:** We are supported in our compliance efforts by a specialized law firm focusing on intellectual property, industrial property, new technologies, and life sciences.
- **Core Compliance Tools:** We leverage three main tools for continuous compliance:
- The **Record of Processing Activities** (Activity Log).
- The **Data Protection Impact Assessment (DPIA)** (Impact Assessment).
- The **Data Protection Officer (DPO)**.
Data Privacy by Design and Default
**TALKR.ai** takes privacy and the protection of your personal data extremely seriously. Discretion is paramount. We treat your data, including that obtained through address files, orders, and quotations, as **strictly confidential**. Your email address or personal data is **never given to third parties for commercial purposes**.
Processing of Mapped Customer Data
We maintain a precise list of processing activities carried out on personal data. On behalf of our customers, we primarily carry out three types of processing for our virtual assistants used across various private and public sectors:
- Sending of email alerts, SMS, and dialogues on different platforms to users.
- Collection and analysis of user interactions and conversations.
- Provision of detailed statistics on the use of Kwalys/TALKR.ai services.
Data Security Commitments and Audits
Our commitment to data security is integral:
- **Minimisation and Retention:** Our policy has always been to **reduce the amount of user data stored** on our platform and retain it only for the strictly necessary duration of the processing.
- **Security Audits:** In 2021, we conducted comprehensive security audits to identify vulnerabilities and implement improvements:
- **Physical Security Audit:** Testing for threats like phishing attempts and attempts to obtain confidential information from the team.
- **Virtual Security Audit:** Testing for attempted hacking via malware, cyber-attacks, account usurpation, malicious data disclosure, and loss of confidentiality.
- **Outcome:** The audits resulted in specific recommendations for improvements to our systems, all of which have been implemented.
TALKR.ai Personal Data Management and Privacy Policy
Effective Date: December 2023.
1. Introduction and Scope
This Privacy Policy explains how **TALKR.ai**, managed by **Nova Solutions Group**, collects, uses, and protects your personal data when you use our website (www.TALKR.ai) or our services. By accessing our site or using our services, you consent to the terms of this policy.
2. Purposes and Legal Basis for Processing
We process your personal data based on the following **Legal Bases** and for the following **Purposes**:
| Purpose of Processing | Legal Basis (GDPR Art. 6) |
|---|---|
| **Communication and Information:** Contacting you via conversational agents (chatbot, callbot, SMS) to inform you about service capabilities. | **Consent** (Explicit consent given when collecting information like a phone number) and **Legitimate Interest** (Responding to service inquiries). |
| **Technical Administration, Hosting, and Security:** Ensuring the maintenance, stability, and protection of our services (security logs). | **Legitimate Interest** (Essential for service delivery and system integrity) and **Legal Obligation** (Protecting against security threats). |
| **Compliance:** Adhering to all applicable laws and regulations, including the GDPR. | **Legal Obligations.** |
Note: Nova Solutions Group is the sole manager of the bots. Your data is never sold to third parties for commercial purposes.
3. Categories of Data Collected
We collect the following types of data. Some data is mandatory (e.g., phone number for alerts), while others (e.g., certain cookies) are optional:
- **Contact Details:** Phone number for alerts and communications, email (if provided).
- **Technical Data:** Logs for security, maintenance, and system integrity.
- **Usage Statistics:** Cookies and trackers for audience measurement and service improvement (subject to user consent).
- **Contact Data:** Subject of user requests, response tracking, and related statistics.
4. Automated Decision Making
Some limited automated decisions may be made as part of our data processing (e.g., basic bot routing logic), but these do not typically produce legal effects or similarly significant effects concerning the data subject.
5. Data Recipients and Transfers
- **Recipients within TALKR.ai:** Only authorized **TALKR employees** who manage user requests and technical operations.
- **External Recipients:** Authorized technical service providers bound by **strict confidentiality agreements** (e.g., hosting providers).
- **International Transfers:** Personal data is primarily hosted within the European Union (EU) and Canada (which has an adequacy decision). Transfers outside the EU occur only in limited, controlled cases (e.g., voice-to-text conversion services) with appropriate safeguards. Our data centers are located in **France and Canada**.
6. Data Retention Period
We only retain your data for the duration strictly necessary for the purposes described:
- **Form Data (CRM):** Up to **5 years** after the last contact.
- **Logs and Conversations:** **1 month** for security and technical troubleshooting.
- **Anonymous Statistics/Cookies:** Duration specified on our dedicated Cookies page.
7. Your Data Protection Rights
In accordance with the GDPR, you have the following rights concerning your personal data:
- **Right of Access:** Obtain a copy of your personal data.
- **Right to Rectification:** Request the correction of inaccurate data.
- **Right to Erasure (‘Right to be Forgotten’):** Request the deletion of your data (under certain conditions).
- **Right to Object:** Refuse certain types of processing.
- **Right to Portability:** Retrieve your data in a structured, commonly used, and machine-readable format.
To exercise these rights, please contact our DPO directly at: **dpo@talkr.ai**.
8. Cookies Management
We use cookies and trackers to measure audience and improve our services. You have control over these. For example, to deactivate Google Analytics tracking cookies, please use this link: Google Analytics Opt-out.
9. Changes to this Policy
This policy may be updated at any time. Any changes will be posted on our website. We will notify you of any substantial changes. Your continued use of our services constitutes agreement to the modified terms.
10. Contact and Complaints
For any general questions or concerns about this policy, please contact us at: **contact@talkr.ai**.
If, after contacting us, you feel that your data protection rights have not been respected, you have the right to submit a complaint to the relevant supervisory authority, the **CNIL (Commission Nationale de l’Informatique et des Libertés)** in France.
