Our Commitment
At Clicktocall.ai, data privacy is not an afterthought -- it is a foundational principle of how we design, build, and operate our platform. We recognize that the businesses using our global communication tools entrust us with personal data belonging to their customers, employees, and partners. We take that responsibility seriously.
We comply fully with the General Data Protection Regulation (GDPR) as well as applicable national implementations across the European Economic Area. Our practices extend to all personal data we process, whether you interact with us as a customer, a website visitor, or an end user of a service powered by Clicktocall.ai.
Our compliance program includes regular internal audits, documented data processing activities, privacy impact assessments for new features, and ongoing staff training to ensure every member of our team understands their obligations under data protection law.
Legal Basis for Processing
We only process personal data when we have a valid legal basis to do so. Depending on the context, we rely on one or more of the following grounds:
- Contract performance: Processing is necessary to deliver the services you have contracted us to provide -- for example, routing calls, managing your account, or generating usage reports.
- Legitimate interests: We may process data to improve our services, detect fraud, ensure network security, or conduct analytics, provided these interests do not override your fundamental rights and freedoms.
- Consent: Where required, we obtain your clear and informed consent before processing personal data -- for instance, before sending marketing communications or enabling optional AI-powered call transcription features.
- Legal obligation: In certain cases, we are required by law to process or retain personal data, such as for tax reporting, regulatory compliance, or responding to lawful requests from public authorities.
We document the legal basis for each processing activity in our internal Records of Processing Activities (ROPA), which we maintain and review on a regular basis.
Your Rights
Under the GDPR, you have a comprehensive set of rights regarding your personal data. We have designed our systems and processes to ensure you can exercise these rights easily and without undue delay.
Right of Access
You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request. This includes details about the categories of data processed, the purposes of processing, and any third parties with whom data has been shared.
Right to Rectification
If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay. You can update most account information directly through your Clicktocall.ai dashboard, or contact us for assistance with other records.
Right to Erasure
Also known as the "right to be forgotten," you may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing is unlawful. We will comply unless we have a legal obligation to retain the data.
Right to Data Portability
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (such as JSON or CSV). You may also request that we transmit this data directly to another service provider, where technically feasible.
Right to Object
You may object to the processing of your personal data where we rely on legitimate interests as our legal basis. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You can also object to direct marketing at any time, and we will stop immediately.
In addition to the rights listed above, you also have the right to restrict processing in certain circumstances and the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
Data Processing Agreements
When Clicktocall.ai processes personal data on behalf of our customers, we act as a data processor under the GDPR. In these cases, we enter into a Data Processing Agreement (DPA) with each customer that clearly defines:
- The subject matter, duration, nature, and purpose of the processing
- The types of personal data processed and the categories of data subjects
- The obligations and rights of the data controller (our customer)
- Our commitments regarding sub-processors, security measures, breach notification, and data deletion or return upon termination
- Provisions for audits and inspections to verify compliance
Our standard DPA is available upon request and can be executed as part of your service agreement. Enterprise customers may also negotiate custom terms through their account representative. We maintain a current list of approved sub-processors and notify customers in advance of any changes, giving them the opportunity to object.
International Transfers
As a global communications platform, Clicktocall.ai may transfer personal data across international borders. We ensure that all such transfers comply with GDPR requirements by relying on one or more of the following safeguards:
- Adequacy decisions: Where the European Commission has determined that a third country provides an adequate level of data protection, we transfer data on the basis of that decision.
- Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we use the European Commission's approved Standard Contractual Clauses, supplemented by additional technical and organizational measures where required by our transfer impact assessments.
- Binding Corporate Rules: Where applicable, we rely on approved Binding Corporate Rules for intra-group transfers of personal data.
We conduct transfer impact assessments to evaluate the legal framework and practices in each destination country, and we implement supplementary measures -- such as encryption in transit and at rest, pseudonymization, and access controls -- to ensure that personal data remains protected regardless of where it is processed.
Data Protection Officer
Clicktocall.ai has appointed a dedicated Data Protection Officer (DPO) who oversees our compliance with the GDPR and other applicable data protection laws. The DPO operates independently and reports directly to senior management.
Contact Our Data Protection Officer
Name: Data Protection Office, Clicktocall.ai
Email: dpo@clicktocall.ai
Postal address: Clicktocall.ai, Data Protection Officer, 1701 Rhode Island Ave NW, Washington, DC 20036
Our DPO is available to address any questions or concerns you may have about how we handle personal data, to assist with data subject requests, and to serve as a point of contact for supervisory authorities.
How to Exercise Your Rights
If you wish to exercise any of your rights under the GDPR, you can do so through any of the following channels:
Email: Send your request to privacy@clicktocall.ai. Please include sufficient information for us to verify your identity and specify which right(s) you wish to exercise.
Dashboard: Logged-in users can access data export, account deletion, and consent management tools directly from their account settings.
Postal mail: You may also send written requests to our Data Protection Officer at the address listed above.
We will acknowledge your request within 72 hours and aim to fulfill it within 30 calendar days. In cases where a request is particularly complex or we receive a high volume of requests, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for the delay.
There is no fee for exercising your rights. However, if a request is manifestly unfounded or excessive (for example, due to its repetitive nature), we may charge a reasonable administrative fee or decline to act on the request, in accordance with Article 12(5) of the GDPR.
If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. For individuals in Ireland, this is the Data Protection Commission (www.dataprotection.ie).