Introduction
Squaretalk Ltd (hereinafter referred to as “Squaretalk”) is a European and Israeli -based company specializing in the field of CCaaS (Contact Center as a Service). In delivering contact center solutions to clients worldwide, Squaretalk acts as a data processor, handling personal information on behalf of its customers (hereinafter referred to as “Customers”). This data processing is conducted in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC, commonly known as the “General Data Protection Regulation” or “GDPR.”
Furthermore, Squaretalk also assumes the role of a data controller in specific instances, where it determines the objectives and methods of data processing, such as for billing and tax-related purposes. Squaretalk is fully dedicated to adhering to all relevant Privacy and Data Protection laws and regulations in order to safeguard the personal information entrusted to it by its Customers. In pursuit of this commitment, Squaretalk has established comprehensive Policies, Procedures, Standards, and Guidelines, which are subject to regular review and updates.
This privacy notice encompasses the handling of personal data by Squaretalk, both as a data controller and as a data processor. Data subjects whose personal data is processed by a Customer of Squaretalk acting as a data controller should refer to the privacy policies of that respective Customer. To enhance clarity, this notice addresses identical topics from the perspectives of both the Controller and Processor:
- What personal information is collected?
- How Squaretalk collects your data.
- Why is personal information processed?
- How long is personal information retained?
- What are the data subject rights?
- How can a data subject/person exercise their rights?
- To whom may personal information be transferred?
- Where is information stored?
- How is information protected?
- Personal Information from Children.
- California User Consumer Rights (applicable only when Squaretalk acts as a data controller).
Squaretalk as a Controller
What personal information do we collect?
At Squaretalk, we gather information that aligns with relevant needs, ensuring it remains proportional, appropriate, and essential for the outlined purposes. In doing so, we adhere to the legislative requirements of the jurisdiction in which we operate, proceeding in compliance with prevailing privacy and data protection standards.
How does Squaretalk gather your information?
Direct Collection
Squaretalk accumulates personal information that users willingly share during various interactions:
- Registration on Squaretalk’s main site, our knowledge hub, Squaretalk Academy, or our community forums.
- Demonstrating interest in gaining insights about Squaretalk’s products, services, or events.
- Engaging with our social media campaigns across various platforms.
- Enrolling for events hosted by Squaretalk.
- Applying for job openings.
- Opting to download e-books or accessing resources from our site.
- Directly reaching out to Squaretalk via our official communication channels like phone, chat, or email.
The type of information we collect includes identification details (like first and last name), contact specifics (business email and phone number), and professional data (role, company name, and country). For job applicants, we also collect the details present in their resumes, cover letters, and LinkedIn profiles.
Additionally, any data that you opt to share when contacting us via our official channels is stored.
Data from External Sources
Squaretalk may leverage business-related contact data sourced from third parties, including data shared by your employer, our partner resellers, trusted strategic partners, and professionally curated contact databases. We undertake thorough privacy and security assessments to ensure the legitimacy of these data collections, guaranteeing their alignment with pertinent laws and regulations. This also involves confirming that the data is collected transparently and ethically, with proper notice and, where mandated, the consent for sharing with third parties like Squaretalk.
This data typically includes identification information (names), contact details (business emails and phone numbers), and professional specifics (roles, company names), as well as LinkedIn profiles.
Data from Public Domains
Squaretalk might also source information about you from publicly available resources, including platforms like LinkedIn. The collected information usually comprises identification and contact details, including email addresses and phone numbers, as well as job-related specifics and skills to bolster our recruitment efforts.
For a more detailed explanation or inquiries, our Data Protection Officer can be reached via email at privacy@squaretalk.com.
Why do we process personal information?
Squaretalk processes personal data for various objectives, such as:
- Engaging with you based on your interactions, such as when you wish to see a product demo or consult with a Squaretalk specialist.
- Overseeing recruitment and employment.
- Facilitating our sales ventures, including obtaining feedback from business engagement processes.
- Circulating marketing content about our offerings and services (focused on B2B interactions).
- Nurturing customer relationships, which might encompass payment details.
- Delivering support to our clientele.
- Orchestrating business dealings with potential clients, vendors, suppliers, affiliates, or partners.
- Coordinating registrations for events like webinars, meet-ups, discussions, Opentalk, etc.
- Granting access to our premises.
- Allowing entry to the Squaretalk academy and its resources.
- Enabling registration and participation in the Squaretalk B2B Communities.
- Navigating and utilizing the Squaretalk main website.
- Implementing cookies (a detailed policy is available on our site).
- Ensuring adherence to applicable statutes and rules, which encompasses regulations related to export control and sanctions, as well as upholding Squaretalk’s rights or mounting legal defenses.
Squaretalk is diligent in collecting only the minimum necessary information, strictly for the reasons mentioned. The foundation for each process is grounded in one or multiple of the following: contractual obligations, legitimate interests, or explicit consent.
When engaging in marketing or brand promotion activities, we either lean on a legitimate interest or obtain your approval, depending on the context. While we always seek your consent in alignment with legal requirements, there are instances where we might operate based on legitimate interest, especially when you’ve previously displayed an interest in our offerings.
If Squaretalk ever processes your data based on consent, it’s vital for us that this choice is genuinely voluntary. In any marketing or brand-related communications, we also offer an option to discontinue receiving such messages.
For processes that ensure compliance with export control and sanction laws, automated screenings against relevant sanctioned-party listings might be conducted. In potential match scenarios, we might request additional details.
Squaretalk commits to never utilizing personal data for unlisted objectives and guarantees not to sell or permit its associates to sell personal data (as “sell” is defined under the CCPA).
How do we retain personal information?
The duration for which we store personal data is influenced by its processing purposes. In alignment with governing laws, Squaretalk discloses data retention timelines during the collection of personal information. For a more comprehensive insight, one can contact our Data Protection Officer at privacy@squaretalk.com.
What rights do data subjects have?
The rights that data subjects possess can vary based on their geographical location. Commonly recognized rights include:
- Right of access: The privilege to ascertain whether personal data relating to the data subject is being processed, and if so, gain access to that data.
- Right to rectification: The privilege to correct any incorrect personal data about the data subject.
- Right to erasure or be forgotten: The privilege to request the removal of personal data concerning the data subject.
- Right to restrict processing: The privilege to limit the processing of one’s personal data, considering legal stipulations and Squaretalk’s contractual obligations.
- Right to data portability: The privilege to receive personal data in a standardized, commonly utilized, and machine-readable layout.
- Right to object: The privilege to oppose data processing based on individual circumstances.
- Right against automated decision-making: The privilege to not have decisions made purely based on automated processes.
- Right to retract consent: The privilege to rescind consent given for particular processing activities.
- Right to lodge a complaint: The privilege to raise concerns with the relevant overseeing body.
Regarding the handling, sharing, and usage of personal data, data subjects have the ensuing choices:
- Marketing Communications: Data subjects have the autonomy to consent to receiving promotional content regarding Squaretalk offerings, services, or job listings. They can halt email promotions by clicking the unsubscribe option in the email or by writing to privacy@squaretalk.com.
- Events: Squaretalk might spotlight events pertinent to the Contact Center industry. Data subjects can willingly register for these. Only essential data for registration and event-related communication will be collected by Squaretalk.
- Cookies and Related Tech: When exploring our site, individuals can opt out of cookies. A detailed explanation is provided in our cookie policy.
- Employment Avenues: Prospective employees can submit their details via the Careers portal. Squaretalk restricts its collection to necessary fields for recruitment and establishing contact. Furthermore, job seekers can voluntarily sign up for job alerts and discontinue them whenever they wish.
How can individuals enforce their rights?
Individuals can enforce their rights by reaching out to the Data Protection Officer at privacy@squaretalk.com.
To whom might we disclose personal data?
Squaretalk might share, transmit, or divulge personal data under specific scenarios to particular recipient groups:
1. Trusted third-party SaaS providers under Squaretalk’s directives and functioning as processors.
2. Squaretalk’s affiliated resellers and strategic partners aiding our sales processes in compliance with privacy standards.
3. Event co-sponsors or partners promoted by Squaretalk, observing privacy regulations.
4. Affiliates of Squaretalk, abiding by our security and privacy standards and local jurisdictional regulations.
5. Governmental bodies when legally mandated to share data or when fulfilling legal demands.
6. Prospective stakeholders related to potential corporate transitions like mergers or acquisitions.
Squaretalk upholds a strict code when it comes to selecting its service providers and, where legally essential, divulges personal data to governmental authorities. Squaretalk strictly prohibits the sale of personal data, and this extends to our subprocessors, consistent with the definition of “sell” under the CCPA.
For a detailed list of Squaretalk’s data processors, reach out to privacy@squaretalk.com.
Where do we keep the data?
Being headquartered in Israel and the EU and having a global footprint, personal data might be collected, transferred, processed, and stored by Squaretalk within the US and the EU, by our global affiliates, and the above-mentioned third-parties in both the US, the EU and abroad.
At present, Squaretalk has operational bases in countries such as Israel and Bulgaria. When data is physically held, its storage is at its place of origin. Digital data is primarily stored within the EU and the US. Transfers from the European Economic Area (EEA) and Switzerland to the US or other nations happen on the basis of:
- Adequacy Decision: Nations identified by the European Commission as having a sufficient standard of data protection.
- Standard Contractual Clauses: Squaretalk utilizes the European Commission’s standardized contracts for data transfers to non-EU nations based on Commission Implementing Decision (EU) 2021/914 dated 4 June 2021.
How do we safeguard the data?
Squaretalk has enacted an Information Security and Privacy Information Management System (ISMS and PIMS), along with a Business Continuity Management System (BCMS). This structure serves as a backbone for the enhancement of security, privacy, and business persistence. Within the ISMS, PIMS, and BCMS, there are guidelines, security and privacy training sessions, suitable procedural and technical measures, audit trails, and rigorous third-party assessments, among other elements.
We conduct routine evaluations of third parties to ensure they adhere to privacy and security regulations.
Personal Information and Minors
Squaretalk does not intentionally gather personal data from children below the age of 16. Should we become aware that we’ve inadvertently collected data from a child under 16, we will promptly delete such information. We do not use or disclose this kind of data to third parties. This statement adheres to the guidelines of the Children’s Online Privacy Protection Act (COPPA).
Rights of California Consumers
This section is applicable only when Squaretalk operates as a controller.
In line with California Civil Code Section 1789.3, residents of California can submit complaints to the California Department of Consumer Affairs located at 400 R Street, STE 1080, Sacramento, CA 95814. They can also contact by phone at 916-445-1254 or 800-952-5210, or via email at dca@dca.ca.gov. For further information on safeguarding your privacy, you might consider visiting: http://www.ftc.gov.
If you reside in California, under the California Civil Code Section 1798.83, you have the right to inquire about the sharing of your personal data by us to third parties for their direct marketing activities. This privacy notice pertains only to our operations within the State of California. For inquiries or questions about this privacy notice, feel free to email us at privacy@squaretalk.com.
In accordance with the California Consumer Privacy Act of 2018, consumers have several rights, including:
- The right to request the deletion of their personal data.
- The right to know about the personal data a business has collected on them and its usage and sharing patterns.
- The right to refuse the sale and distribution of their personal data.
- The right against any discrimination when they exercise their rights under the CCPA.
- The right to rectify any erroneous personal data held by a business.
- The right to restrict the utilization and dissemination of sensitive personal data about them.
Squaretalk is committed to respecting these rights and consumers can address their requests to exercise these rights to the Data Protection Officer via email at privacy@squaretalk.com.
Squaretalk as a (Sub-)Processor
Information Processed
While Squaretalk offers its cloud services, acting on the customers’ behalf means we may take on the role of either a processor or a subprocessor, contingent on the customer’s designated role. The data that our customers gather via Squaretalk products remains the customer’s responsibility, including defining the categories of the data subjects.
However, the types of information typically processed include:
- Contact Data: This usually refers to our customer’s end consumer or potential client (the responsibility rests with the customer to delineate the contact types for which Squaretalk’s service is rendered). This could encompass names, phone numbers, and email addresses.
- Agent Data: Often, this refers to a customer’s staff member who uses Squaretalk for receiving or making calls. This set can include names, emails, associated phone numbers, and potentially, specific agent traits like gender.
- Interaction Metadata: This comprises details like contact and agent phone numbers, call date, duration, context, and timing.
- Call Records: When set up, audio recordings of calls might also be cataloged.
- Content Details: Personal information that might be part of communications or emerge as an outcome of using Squaretalk services, managed by our customers. Content data could involve:
- Call Transcriptions: This contains data from transcribed calls, done as per our customers’ directive.
- SMS Details: This includes content data assimilated into a mode which offers asynchronous assistance for our clients who prefer text messaging support over calls.
- Chat Logs: This refers to content data amalgamated into a platform allowing asynchronous aid for clients who choose voice or digital chat for communication.
- Email Logs: Data from an integrated platform that provides asynchronous support for clients choosing email communication for help.
- Screen Captures: These are content details derived from recordings of agent actions on the CCaaS platform, when our customers enable such a feature.
Squaretalk ensures that data collection is limited to what’s essential for delivering our services, and this data is processed in line with the initial collection purpose.
Purpose of Data Collection
Squaretalk gathers personal data to furnish the Contact Center as a Service, aiding in troubleshooting and supporting any issues presented by our clientele.
Duration of Data Retention
Customers, acting in the capacity of controllers, lay down the data retention timeframes for the information they gather. When a customer ends its agreement with Squaretalk, the data is purged according to the Master Service Agreement or sooner upon request. Squaretalk might retain anonymized data (which won’t identify any agent, contact, or client, directly or indirectly) for extended periods to analyze service usage and make enhancements.
Rights of Data Subjects
The rights of data subjects hinge on their locations and the jurisdictions where Squaretalk’s customers operate. Commonly recognized data subject rights entail:
- Right of Access: Confirm if their personal data is under processing and, if so, get access to it.
- Right to Rectification: Correct any personal data inaccuracies.
- Right to Erasure: Erase personal data concerning them.
- Right to Restrict Processing: Limit the processing of their personal data, subject to the bounds of the law and Squaretalk’s legal obligations.
- Right to Data Portability: Obtain their personal data in a commonly used, structured, and machine-readable format.
- Right to Object: Object to data processing for reasons related to personal circumstances.
- Right Against Automated Decision-making: Not be subjected to decisions solely based on automated means.
- Right to Withdraw Consent: Revoke consent for particular data processing.
- Right to Lodge a Complaint: File a grievance with the competent authority.
Exercising Data Subject Rights
When Squaretalk processes information for a customer, all rights requests from data subjects must be directed to that specific customer.
Data Transfer Recipients
Squaretalk, acting as a processor/service provider, strictly employs data to render the agreed-upon service, following the customer’s directives. Squaretalk neither sells this data nor permits its processors to do so (in the context of the CCPA’s definition of “sell”).
However, Squaretalk might engage third-party providers for service delivery, ensuring they uphold the same security and privacy commitments as Squaretalk.
For a list of Squaretalk’s subprocessors, customers can reach out to privacy@squaretalk.com.
Data might also be shared during business transitions like mergers & acquisitions or transferred to governmental entities when legally mandated.
Data Storage Locations
Though Squaretalk’s main headquarters and primary processing facilities are in the U.S., there are additional processing locations in other regions, such as Europe and Canada. Transfers from the European Economic Area (EEA) and Switzerland rely on:
- Adequacy Decision: Nations identified by the European Commission to have a sufficient personal data protection level.
- Standard Contractual Clauses: Squaretalk adheres to the Commission’s model agreements for personal data transfers to third countries, especially the Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
Data transfers among other jurisdictions might mandate additional provisions, jointly determined by the customer and Squaretalk.
Data Safeguard Measures
Squaretalk utilizes Information Security and Privacy Information Management Systems for ongoing enhancement of security, privacy, and business continuity. This framework includes policies, security and privacy awareness initiatives, processual and technical controls, audit logging, and third-party assessments.
Squaretalk regularly evaluates third parties for compliance with security and privacy standards.
Protection of Children’s Information
Squaretalk emphatically refrains from collecting personal data from children under 16. Upon realization that data from someone under this age has been collected, immediate removal actions are initiated. Given this strict stance, we neither use nor share such data. This disclosure is in alignment with the Children’s Online Privacy Protection Act (COPPA).
Changes to the Privacy Notice
This notice is subject to periodic revisions in line with our evolving practices, operational prerequisites, and to ensure adherence to pertinent privacy and data protection laws and regulations. Any modifications made to this notice will be made available on our website. Should you have any queries regarding this notice, please reach out to privacy@squaretalk.com.
Getting in Touch
Should you have queries, concerns, or grievances pertaining to this privacy notice or Squaretalk’s privacy practices, please contact us at privacy@squaretalk.com. Alternatively, you can reach us via our postal address provided below:
15 Tzeret street, Jerusalem, Israel, 9346313