Data privacy legislation has become widely adopted due to concern over security breaches and exploitation of personal data. This page sets forth Telchemy's role in processing the personal data of Telchemy customers and our policy for the protection of such data.
According to the EU General Data Protection Regulation (GDPR):
- 'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- 'Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
Telchemy customers are often acting in the role of Controller and may collect and store personal data, in part using Telchemy products. Telchemy's customer is acting as both Controller and Processor.
- Certain Telchemy products may be used by Telchemy customers to store collected personal data.
- Such data is stored by the Telchemy product owned and managed by Telchemy's customer. Telchemy does not store such collected personal data within systems owned or operated by Telchemy, or process such data on behalf of the customer.
- Telchemy makes commercially reasonable efforts to ensure that any such personal data is stored in encrypted or privacy protected form. Telchemy is willing to co-operate with security or data privacy auditors employed by Telchemy customers in order that the sufficiency of such protection can be verified.
- Such products implement access control functionality that exceeds current commercial requirements, however the configuration of said access control functionality is performed by Telchemy's customer.
- Within the meaning of GDPR legislation, Telchemy is neither a Controller or a Processor.
- Telchemy customers sometimes share specific items of collected data in order that Telchemy can diagnose field problems. Telchemy does not need to know specific personal data in order to perform such diagnosis.
- Screenshots may be redacted to obscure names, email addresses and phone numbers.
- Packet captures (traces) may contain personal data. Telchemy has made a free tool, tscramble, available to customers. This will remove any personal data from traces, including modifying IP addresses, anonymizing telephone numbers and removing the speech payloads from captured voice streams.
- Telchemy does store names, business email addresses and business telephone numbers of Telchemy customer contacts (i.e. contacts within Telchemy's direct customer, not Telchemy's customers' customer). Such data is stored on internal servers and in some cases on externally accessible portals. Telchemy only uses such data for the purpose agreed with the customer, for example responding to support requests and following up with sales enquiries. For this type of data, Telchemy is acting in the role of Controller.
- Any such data is stored in a password protected server.
- Any such data is stored in encrypted or privacy protected form.
- Telchemy does not outsource processing of such data.
- Telchemy does not share any such data with any third party.
Based on this description of Telchemy's role in handling personal data, Telchemy does not need to execute an agreement with a Telchemy customer wherein Telchemy is assigned the role of Processor in handling customer's data.