- Solutions
- Solutions primary
- BY TEAM
- BY INDUSTRY
- BY USE
- BY SIZE
- Solutions secondary
- Let’s talk!
- Explore our business calling software
- Book a demo today
- Discover our integrations
- Turn CloudTalk into a much more powerful tool.
- Learn more
- Let’s talk!
- Solutions primary
- AI
- Features
- Integrations
- Integrations primary
- MOST POPULAR
- NEW
- first column
- second column
- Integrations secondary
- Let’s talk!
- Explore our business calling software
- Book a demo today
- Discover our integrations
- Turn CloudTalk into a much more powerful tool.
- View all integrations
- Let’s talk!
- Integrations list
- Integrations primary
- Pricing
- Resources
- Resources primary
- first column
- second column
- Resources secondary
- Book a demo today!
- Discover & access advanced features
- Schedule a demo
- Book a demo today!
- Resources primary
- Careers
CloudTalk Sub-Processors and Affiliates
At CloudTalk, we utilise the expertise of a select group of third-party data processors, known as Sub-processors, to assist in delivering our services. A Sub-processor is a third-party data processor engaged by CloudTalk, who either currently accesses or processes, or potentially will access or process, personal data on behalf of CloudTalk (each, a “Sub-processor”). This page is dedicated to providing crucial information about the identity, location, and specific roles of each Sub-processor in our network. Additionally, you can find a list of CloudTalk intra-group affiliates that may be involved in processing personal data on your behalf.
We carefully select each Sub-processor to ensure they uphold strict security, privacy, and confidentiality standards. This is part of our commitment to the General Data Protection Regulation (GDPR) compliance and reflects our responsibility towards our customers’ data privacy. Additionally, the selection and engagement of our Sub-processors are in strict adherence to the applicable data protection (privacy) laws and the Data Processing Agreements (DPAs) concluded between CloudTalk and its customers.
The integrity and security of your personal data are paramount to us. On this page, you can learn more about these entities and understand how they contribute to the seamless provision of CloudTalk’s services while maintaining the highest standards of data protection.
FAQ
Who Are Considered subprocessors Under CloudTalk’s Operations?
The entities that qualify as its Subprocessors can be characterized as follows:
1. Third-Party Data Processors: These are external organizations or entities that CloudTalk engages to process personal data on its behalf. They play a role in supporting or enhancing the services provided by CloudTalk.
2. Entities with Access to Personal Data: Any organization that has, or potentially will have, access to or processes personal data managed by CloudTalk. This indicates that the data they handle could include customer information, employee details, or other types of personal data.
3. GDPR Compliant: All of CloudTalk’s Subprocessors comply with the General Data Protection Regulation (GDPR), ensuring they adhere to strict standards of data privacy and security.
4. Entities Bound by Data Processing Agreements (DPAs): These Subprocessors have formal agreements with CloudTalk, detailing their roles, responsibilities, and obligations in terms of data processing, in compliance with the applicable data protection laws.
5. Entities Assisting in Service Delivery: Subprocessors engaged by CloudTalk are selected for their ability to assist in providing the company’s services effectively and securely.
In summary, any entity that processes data on behalf of CloudTalk, has access to personal data, adheres to GDPR standards, is bound by a formal DPA, and contributes to the delivery of CloudTalk’s services would qualify as a Subprocessor for the company.
How does CloudTalk select its third-party subprocessors?
CloudTalk selects its subprocessors based on a rigorous evaluation process, ensuring each one adheres to stringent security, privacy, and confidentiality practices. Key factors in this selection process include:
1. Compliance with GDPR: Every subprocessor must be fully compliant with the General Data Protection Regulation, demonstrating a strong commitment to data protection and privacy.
2. Data Security Standards: Subprocessors are chosen based on their ability to maintain high levels of data security, protecting personal and sensitive information effectively.
3. Alignment with Data Processing Agreements (DPAs): Subprocessors must agree to and align with the terms set out in Data Processing Agreements, ensuring legal and operational compliance with data protection laws.
4. Capability to Enhance Service Delivery: The subprocessor must contribute positively to CloudTalk’s service provision, either by enhancing service quality, efficiency, or reliability.
In short, CloudTalk selects its subprocessors through a careful and thorough vetting process, prioritizing data protection, legal compliance, and the ability to enhance service delivery.
How do CloudTalk’s subprocessors uphold their obligations concerning the security and privacy of personal data?
CloudTalk ensures that each subprocessor is bound by contractual commitments that rigorously address the protection of personal data. These obligations are detailed in Data Processing Agreements (DPAs), which align with GDPR standards and stipulate stringent data security and privacy measures. Subprocessors are required to maintain high levels of data protection, ensuring that personal information is handled responsibly, securely, and in compliance with all relevant data protection laws. This includes implementing adequate technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, and destruction.
What is the extent of CloudTalk’s authority to appoint new subprocessors, or modify the existing subprocessor list?
Upon signing the Data Processing Agreement (DPA), our customers grant CloudTalk general permission to engage, add, or replace subprocessors as part of our operational framework. This authorization allows us to update our subprocessor list to maintain or enhance service quality and compliance with data protection laws. It is important to note that any changes we make are in strict adherence to GDPR standards and are aligned with the terms outlined in the DPA. In specific cases, where a customer has distinct requirements, alterations to this process can be negotiated and agreed upon between the customer and CloudTalk.
List of CloudTalk Sub-Processors
Infrastructure
Our infrastructure providers are pivotal in building and maintaining the robust foundation of our core services.
Company
Website
Purpose
Contact
Location of processing
Data Transfer Mechanism
Amazon Web Services, Inc.
Hosts our infrastructure, such as servers and storage.
aws-EU-privacy@amazon.com
Germany, USA, Singapore, Australia
EU-U.S. Data Privacy Framework
Standard Contractual Clauses
Confluent, Inc.
Transmits contact data, including names, email addresses, and phone numbers, to Kafka (a product of Confluent). This data is used for message relaying to other services and is stored in Kafka for one week. The data is contained in communications (call logs, SMS, contacts, agents) that our customers send through CloudTalk’s Webhook services.
privacy@confluent.io
USA
Standard Contractual Clauses
Snowflake, Inc.
Data warehouse. Storing, managing, and analyzing large volumes of data.
privacy@snowflake.com
USA
EU-U.S. Data Privacy Framework
MongoDB, Inc.
Database storage for part of our data.
privacy@mongodb.com
USA
EU-U.S. Data Privacy Framework
Cloudflare, Inc.
All information (including Service Data) contained in web traffic transmitted to and from the Services is transmitted through Cloudflare’s systems, but Cloudflare does not have access to this information.
privacyquestions@cloudflare.com
USA
EU-U.S. Data Privacy Framework
AI Features
These sub-processors provide our advanced AI Features, which are designed to enrich your understanding of customer interactions through innovative technology. These features are optional and activated only if you enable them.
Company
Website
Purpose
Contact
Location of processing
Data Transfer Mechanism
OpenAI, Inc.
OpenAI processes customer’s data (call transcripts) when Conversation Intelligence features are used.
privacy@openai.com
USA
Standard Contractual Clauses
Google LLC.
Google processes customer’s data (call recordings) when the Speech-To-Text feature is used.
Through Google admin
USA
EU-U.S. Data Privacy Framework
Integrations
Our Integration tools play a pivotal role in facilitating seamless connections between our services and various external applications or systems.
Company
Website
Purpose
Contact
Location of processing
Data Transfer Mechanism
Tray.ai, Inc.
Activated only when specific integrations are used. All information passed from MS Dynamics to CloudTalk is processed by Tray.ai, including any contact details that match the default attributes in CloudTalk. Transmitted information, including contact details, is stored in Tray.ai logs for 30 days after the transfer.
privacy@tray.ai
USA
EU-U.S. Data Privacy Framework
CloudTalk Group Companies (Affiliates)
Your CloudTalk contracting entity may engage the following intra-group affiliates for processing of personal data on your behalf. Intra-group transfers within CloudTalk’s Affiliates are governed by CloudTalk’s Intra-group Data Processing Agreement that incorporates the SCCs for the purposes of international data transfers.
Legal name
Country
CLOUDTALK.IO, INC
USA
CloudTalk s.r.o.
Slovakia
CloudTalk s.r.o.
Czechia
CLOUDTALK SPAIN, S.L.
Spain