GDPR / Personal Data Handling & Processing - Communication 🔐
Last update: 3 July 2020
In this page, the data that we collect, store and process is outlined, with detailed information about the purpose of collecting each piece of data, when third-parties are involved, they will be listed as well.
To begin with, basma.ai platform consists of three parts:
- Landing website (basma.ai)
- Dashboard (dashboard.basma.ai)
- Customer view (video.basma.ai/company_handler)
Our landing site (basma.ai) is informational, and does not collect any personally identifying information on purpose, we use the following third-parties, which collect, store and process data about the visitors:
- Freshchat: Collects analytical data similar to the data collected by Google Analytics, when the use clicks the chat button and starts a conversation, the conversation is stored on Freshchat's servers. Freshchat is GDPR compliant, more information about how Freshchat handles and stores the data may be found at the GDPR communication page.
- Calendly: Unless the user clicks on "request a demo" link, in its various formats. When the user interacts with the Calendly plugin integrated in our website, the data inputed by the visitor will be stored and handled by Calendly, more information about how Calendly handles the data can be found at their GDPR FAQ.
Unless the visitor purposefully provided us with personal data, via either "request a demo" links or via the live chat, we do not collect any personally identifying information in the background.
The dashboard is a web app used by the system admins, agents, and staff to receive calls, initiate call requests, and manage the instance (1). We record various personally identifying information for security and audit purposes. All the login sessions are logged along with the user's IP, useragent, and user account information. All actions performed by all users are logged, this data is available to the admin users' (3) in the dashboard in the Audit Log page. We store this data and make it available to the admin users' as part of our security measures, and to comply with cyber security standards.
In addition to the data we collect and store, we use Google Analytics (refer to the Landing Website section for more information).
The customer view is a web app accessed by the customers, to initiate a call, or to join a call initiated by an agent (call request), in the customer view, we use Google Analytics (refer to the Landing Website section for more details).
In addition to the non-personally identifying analytical data, all the data inputed by the user are stored, and made available to the agent, admin users' of the instance involved and other users given permission by an admin.
outline: Twilio, Recordings, Processing region, who has access to the recordings
For the video calls, we use Twilio Programmable Video as a third-party service, which handles the video streaming and (if enabled by the instance admin) recording. If the recording option is not enabled (which is the default setting) the video streaming is usually peer to peer (1), Twilio handles the handshake process, and initiates the initial connection between the two parties, while the streaming is peer to peer, when the recording option is enabled, in addition to the peer to peer connection, the video streams of all parties will be streamed to Twilio's servers, where initial processing will take place, then they will be transferred to basma.ai servers where further processing will take place and then it will be finally stored on our servers, and then deleted from Twilio's servers.
The instance admin, and users authorized by the system admin will have access to the video recording.
We use various third parties for sending SMS notifications, (for call requests), those third parties being:
- Amazon Web Services
For more information about how those third parties handle the data, please refer to their privacy policies.
- Instance: a basma.ai account (company account)
- Peer-to-peer: Data is communicated/transferred between the two involved devices, ie: agent device and customer device, with no server in between.
- Admin User: An account in an instance given the admin permission, which gives the user full authorization and control over the instance.