QuickCall
QuickCallAI

GDPR Compliance

Information about our GDPR compliance and your data rights

Your Data, Your Rights

Under the GDPR, you have comprehensive rights over your personal data. We are committed to respecting these rights and making it easy for you to exercise them.

GDPR Compliant

Your Rights Under GDPR

Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days.

Right to Rectification

You can request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You can request deletion of your personal data (also known as the 'right to be forgotten').

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You can request your data in a machine-readable format to transfer to another service.

Right to Object

You can object to processing of your personal data for direct marketing or legitimate interests.

Exercise Your Rights

To exercise any of your GDPR rights, you can submit a request through our data rights portal or contact us directly. We will respond to your request within 30 days.

Our Commitment to GDPR

QuickCallAI is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). We have implemented comprehensive measures to ensure that your personal data is processed lawfully, fairly, and transparently.

Legal Basis for Processing

We process your personal data based on the following legal grounds: • **Contract Performance**: To provide our services as agreed • **Legitimate Interests**: To improve our services and prevent fraud • **Legal Obligation**: To comply with applicable laws • **Consent**: Where you have given explicit consent for specific processing

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at: **Email**: dpo@quickcallai.com **Address**: Data Protection Officer, QuickCallAI, Inc., 100 Market Street, Suite 500, San Francisco, CA 94105

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place: • Standard Contractual Clauses (SCCs) approved by the European Commission • Adequacy decisions where applicable • Binding Corporate Rules for intra-group transfers We do not transfer data to countries without adequate protection unless proper safeguards are implemented.

Data Processing Agreements

We have Data Processing Agreements (DPAs) in place with all our sub-processors. A list of our sub-processors is available upon request. We will notify you of any changes to our sub-processors.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected: • **Account Data**: Retained while your account is active, plus 30 days • **Call Recordings**: Retained according to your settings (default: 90 days) • **Analytics Data**: Retained for up to 26 months • **Legal Records**: Retained as required by law

Security Measures

We implement appropriate technical and organizational measures to protect your data: • Encryption of data in transit (TLS 1.3) and at rest (AES-256) • Access controls and authentication mechanisms • Regular security assessments and penetration testing • Employee training and confidentiality agreements • Incident response and breach notification procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms: • We will notify the relevant supervisory authority within 72 hours • We will notify affected individuals without undue delay • We will document all breaches and our response actions

Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For users in the EU, this is typically the data protection authority in your country of residence.

Our lead supervisory authority is the Irish Data Protection Commission (DPC).