GDPR

The European General Data Protection Regulation (GDPR) set a new standard for how businesses must handle EU residents’ data. We, at Aircall, are dedicated to complying, and assisting our customers in their efforts to comply, with the GDPR regardless of the jurisdiction in which they operate.

What is the GDPR?

The GDPR regulates the collection, use, transfer, and sharing of personal data with the key purpose of protecting it.

What is personal data?

The GDPR provides a broad definition of Personal data which includes any information related to a resident of the EU that can directly or indirectly identify such resident. It can be a name, an email address, a photo, medical information, or an IP address.

Is the Aircall solution GDPR compliant?

Yes, currently the Aircall solution complies with the obligations set forth by the GDPR.

Can Aircall assist with my company’s GDPR compliance efforts?

Aircall’s modern business phone solution provides customers with many features that can assist in bolstering your compliance efforts with the GDPR. You should periodically be assessing your security processes. Below are a few examples of how Aircall can help you comply with certain key GDPR user rights:

Data minimization: Delete call recordings. If you need to delete call recordings, you can do it seamlessly by connecting to our API. Once deleted, the call recording will be removed from all of our databases.

Right to be forgotten: Delete contacts. If a customer of yours requests his information be deleted, you may do so directly through your dashboard. The customer’s data will be removed from the application however some information may remain in the call recordings or metadata.

Right of Portability: Exporting your contact list. You may easily export your contact list via our API. This will allow you to provide your customers with the data you have collected about them.

GDPR enables individuals to make requests about their data. Can Aircall assist my company with such requests?

In its relationship with your company Aircall is a data processor as defined by the GDPR. As such Aircall will assist you in replying to an individual’s request that you receive as a data controller. The Aircall platform offers certain features facilitating this process. The Aircall team will also be available to assist your company in complying with such requests.

How does Aircall secure my company’s data?

Aircall has established technical and organizational safeguards to protect customer data. Please see our page on information security here.

For how long is my company’s data stored?

Aircall stores customer data only as long as the company uses our services. However, customers may delete certain data points such as call recordings while remaining active customers.

Where is my company’s data stored?

We strive to provide our customers with the most secure, efficient and reliable services. Aircall is a global company and services customers around the world in multiple jurisdictions and as such data is stored in the data centers closest to our customer’s location. Our sub-processors that handle personal data, including our data center partners, are held to the strictest data privacy and information security standards.

What is the Privacy Shield and does Aircall adhere to the framework?

The EU-US Privacy Shield framework is a mechanism approved by the European Commission and the US Department of Commerce allowing for the lawful transfer of personal data between the EU and the US. Aircall adheres to the EU-US Privacy Shield. For more information about the Privacy Shield, please see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov/

Does Aircall offer a Data Processing Addendum?

Yes, Aircall offers a Data Processing Addendum (available here).