EU-U.S. Privacy Shield Framework Privacy Statement

Effective Date/Last Revised: October 18, 2017


DialogTech, Inc. is a data processor that, at the request of our clients (acting as the Data Controllers) processes certain data from phone calls made by individual consumers to our clients and provides those clients with call attribution and related data. This Privacy Statement governs the manner in which we process, use, and retain personal information that our clients collect from the European Union (“EU”) or the European Economic Area (“EEA”) that is transferred to the United States. This Privacy Statement is available for reference and download at: https://www.dialogtech.com/EU-US_PrivacyShieldFrameworkPrivacyStatement.PDF and applies to DialogTech, and to all its affiliates which process personal information transferred to U.S. including Mongoose Metrics, Inc.

Adherence to the Privacy Principles of the EU-U.S. Privacy Shield Framework:

DialogTech participates in and has certified compliance with the EU-U.S. Privacy Shield Framework, as set out in documentation on the U.S. Department of Commerce website (http://privacyshield.gov) and as described further below when processing personal information. Consistent with this documentation, in certain circumstances DialogTech may apply the EU-U.S. Privacy Shield Framework’s Privacy Principles and supplemental principles (all together the “Privacy Principles”) in different ways, or may, when an exception applies and to the extent permitted, limit its adherence to the Privacy Principles based on DialogTech’s requirements as a Processor of data.

Subject to the above, DialogTech adheres to each of the EU-U.S. Privacy Shield Framework Privacy Principles and supplemental principles as follows:

Notice:

DialogTech does not collect personal information directly from individuals. DialogTech has the capability of gathering session data on callers and website visitors, which can be anonymized and aggregated, but will be used only in accordance with our contract with the Data Controller. DialogTech collects data for two main purposes: First, to help our customers understand the marketing activities they engage in that result in phone calls; and second, to understand the events that occur during the phone conversation, the nature of the conversation, the value to the business of the phone call, and in some cases to evaluate the performance of their own employees. DialogTech is committed to subject all personal data received from the EU or EEA to the Principles in reliance on the EU-U.S. Privacy Shield Framework and is recognized by the Department of Commerce as a participant of the EU-U.S. Privacy Shield Framework. DialogTech will provide information to individuals about how they can contact DialogTech with any inquiries or complaints, the types of third parties to which DialogTech discloses the information, and the choices and means individuals may use to limit DialogTech’s use and disclosure of information relating to those individuals.

Choice:

DialogTech will give individuals the opportunity to choose (opt out) whether their personal information may be (a) disclosed to a third party, or (b) used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual.

DialogTech will require our clients to provide individuals with reasonable mechanisms to exercise their choice to opt out of consenting to cookies, location data, and traffic data, in order to allow individuals to limit the use and disclosure of their personal data.

FOR WEBSITES, we require the data controller engage upfront cookie consent as is standard practice in the EU. We encourage the data controller to insert a hyperlink within the cookie consent that will allow the viewer to be directed to a separate web domain with a more detailed explanation of the information being gathered and notice that such information is being transferred out of country by a third party.

FOR PHONE CALLS, we require all data controllers to utilize an upfront Interactive Voice Response (“IVR”) system to capture caller consent by allowing caller to opt in/opt out of the call.

Onward Transfer (Transfer to Third Parties):

To disclose information to a third party, DialogTech will apply the Notice and Choice Principles set out above. Where DialogTech wishes to transfer information to a third party that is acting as an agent, DialogTech may do so only after ensuring that the third party subscribes to the EU-U.S. Privacy Shield Framework or is subject to the Directive or another adequacy finding by the European Commission. As an alternative, DialogTech will enter into a contract when disclosure is made to a third party that is acting as an agent to perform task(s) on behalf of and under the restrictions of DialogTech. For sensitive information, DialogTech will collect affirmative or explicit (opt in) consent from individuals if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose subsequently authorized by the individual. DialogTech, retains liability in cases of onward transfers to third parties. DialogTech is not liable under the Privacy Shield Principles when on behalf of another organization it merely transmits, routes, switches, or caches information.

DialogTech shares the caller ID of callers with “reverse lookup” providers that use databases to locate the geographic location and/or use cell tower data to locate a mobile phone’s latitude and longitude. Additionally, some of this data is hosted in cloud provider (IaaS providers) sites. In some cases, calls are sent to third party human transcription services for transcription

Security:

DialogTech takes reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal data. We use a “defense in depth” approach to securing our systems, applications, and data. We use aggressive firewall rules and OS hardening techniques to ensure that the publicly exposed aspects of our system are as small as possible to provide the services our customers rely on. All our servers are housed in SSAE 16 certified data centers with the highest levels of security measures in place. We limit access to production systems to only those individuals who have a need to perform their duties. When we develop our applications, we use code reviews, automated tools, and manual testing by third parties to ensure that we maintain the highest levels of security.

Data Integrity and Purpose Limitation:

When directed to process personal information, DialogTech will use personal data only in ways that are compatible with the purposes for which it was collected or authorized by the individual. DialogTech will take reasonable steps to ensure that personal information is relevant to its intended use, is accurate, complete, and current to the extent that DialogTech has control.

Access:

Individuals have the right to access their personal information. Upon request, and with consent of our clients, DialogTech will grant individuals access to personal information about them that DialogTech holds in order to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

Recourse, Enforcement, and Liability:

DialogTech will implement audit procedures for verifying that the commitments that DialogTech makes to adhere to the EU-U.S. Privacy Shield Framework have been implemented.

Any questions or concerns regarding the use or disclosure of personal information should first be directed to the owner of the website in question (our client). Any questions or concerns from our Client should be directed to DialogTech through the means provided below so that DialogTech may investigate and attempt to resolve complaints and disputes.

In order to ensure compliance with the EU-U.S. Privacy Shield Framework, DialogTech will participate in a readily available and free independent recourse mechanism through JAMS so that each individual’s complaints can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide.

DialogTech is committed to cooperate with European Union data protection authorities (“DPAs”) investigation and resolution of complaints brought under the EU-U.S. Privacy Shield Framework. As a last resort, EU individuals may seek redress from the Privacy Shield Panel in binding arbitration.

Limitation on Application of Principles:

Adherence by DialogTech to the EU-U.S. Privacy Shield Framework may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to comply with national security, public interest or law enforcement obligations; (c) to the extent expressly permitted by an applicable law, rule or regulation; and (d) to the extent that DialogTech has limited or no control over the actions of its Clients regarding use of personal information that they have collected.

Questions, Complaints & Federal Reporting:

Questions or complaints regarding this Policy should be submitted via the Customer Support form at http://DialogTech.com/contact.php, by telephone at 1-877-295-5100, or by mail at DialogTech, Inc., Attn: Legal Department 300 West Adams Street, Suite 900, Chicago, Illinois 60606.

For complaints that cannot be resolved between DialogTech and the complainant, DialogTech has engaged JAMS, www.JAMSADR.com, as an independent recourse mechanism for complainant and DialogTech to engaged in dispute resolution.

Complainants may also file complaints with the U.S. Department of Commerce and/or the Federal Trade Commission, who regulates DialogTech.

Changes to this EU-U.S. Privacy Shield Framework Privacy Statement:

This Privacy Statement may be amended from time to time, consistent with the requirements of the EU-U.S. Privacy Shield Framework. A notice will be posted on the DialogTech website for 60 days whenever this EU-U.S. Privacy Shield Framework Privacy Statement is changed in a material way.

Please note that, with respect to customer data processed by DialogTech that falls under the scope of this EU-U.S. Privacy Shield Framework Privacy Statement. This Privacy Statement supplements the privacy policies posted on the respective DialogTech website.

APPROVED BY:

Jonathan A. Hattenbach

Vice President, General Counsel and Chief Privacy Officer

EFFECTIVE DATE: SEPTEMBER 28, 2016

LAST UPDATED: OCTOBER 18, 2017

For a downloadable PDF, click here.