This notice will explain to you, Plivo’s customers and visitors to Plivo’s website, how Plivo manages and protects your personal data. We want to make sure that you fully understand what personal data we need from you in order to serve you better, how we use and protect your personal data and why we need your personal data when you are interacting with us.
We have implemented strict personal data protection practices that ensure your data is safe while in our care. Plivo wants you to know that we care about your privacy at all times and we are constantly looking for better ways to protect you and serve you better.
What is personal data?
It is important to understand what we mean when we discuss personal data. Personal data refers to any information related to someone that can be identified through it either directly or indirectly. This means that, in some cases, a single element of information may not identify you but several pieces together will and, if they do, then they are considered personal data. Examples of personal data include your name, identification numbers, location, factors specific to your physical, mental, economic, or social identity, among others.
What personal data protection and privacy regulations does Plivo comply with?
Because we serve customers globally, we comply with different data protection and privacy regulations around the world such as the EU General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) and others. And because we understand we live in a fully interconnected world; we want to assure you that Plivo commits to protecting all of our customers and visitors to our website personal data regardless of where they are located. We respect your privacy rights at all times.
Is Plivo a data controller or a data processor?
Some data protection regulations differentiate between a data controller and a data processor. A data controller is an organization that determines how to collect and process personal data, whereas a data processor is an organization that collects and processes personal data on a data controller’s behalf and under the data controller’s instructions.
Plivo is both a data controller and a data processor.
As a controller, Plivo collects and processes personal data from visitors to the Plivo’s website and from customers that sign up for our services. In this context, Plivo determines how this personal data is collected, processed and shared.
As a data processor, Plivo collects and processes personal data from end users of Plivo’s registered customers and only does so as per customer’s requirements. Even if we are not making decisions about how personal data is being processed, we continue to protect the personal data collected by us at all times.
How does Plivo collect and process your personal data?
In order to provide you with an optimal web experience and also great products and services, we need to collect and process your personal data.
The following table explains what personal data we collect from you, how we process it, how we classify your personal data, and, according to personal data protection regulations, what is the legal basis for the processing of your personal data.
We classify your personal data as Account data, Usage data and Content data.
Account data is all the personal data we collect from you to manage your Plivo account, including providing you support and charging you for our services.
Usage data is all the personal data we collect from you when you use our services such as when you make a call, the length of your call, if you are using voice or text, among others.
Content data is all the personal data we collect from you within the service, including the details of text messages or voice calls or voice call audio.
Visitor data is all the personal data we collect from you when you visit our website and when you sign up for communications from Plivo.
|Personal data collected||Personal data processing||Type of personal data||Legal basis for processing|
|Contact data (name, address, email, company, phone number, IP address)||This data is used throughout your relationship with Plivo, including opening an account, managing your account, giving you support, providing you with discussion boards, and communicating with you.||Account data||We process your information to fulfill our obligations to you as part of your engagement with Plivo.|
|Your feedback about our service||In order to continuously improve our products and services, we collect your feedback through surveys, remarks, and ratings for the calls and messages on your account.||Account data||We process your information to fulfill our obligations to you as part of your engagement with Plivo.|
|Sending and receiving phone numbers and text content||We use this data to be able to provide you with SMS and MMS texting services||Usage data|
|We process your information to fulfill our obligations to you as part of your engagement with Plivo.|
|IP address||We collect this data when your application makes Voice API or Messaging API requests to Plivo. We use this to understand who is using our services and how, and to detect, prevent, and investigate fraud, abuse, or security incidents.||Account Data|
|This is a legitimate interest on our part to ensure that we use this information to detect and control fraud or abuse.|
|Your current phone numbers||If you want to transfer (port) your number to Plivo, we need your phone numbers to perform this transfer for you.||Account data||We process your information to fulfill our obligations to you as part of your engagement with Plivo.|
|Voice recording||As part of our services, we store voice recordings for you, we provide you with the option to turn text into speech, and we provide you with other services such as call forwarding, call conferencing and IVR.||Usage data|
|We process your information to fulfill our obligations to you as part of your engagement with Plivo.|
|Payment management||In order to pay for our services, we need information about your payment method. We also keep history of your usage and payments for you to be able to verify our charges and, if necessary, dispute any billing.||Usage data|
|We process your information to fulfill our obligations to you as part of your engagement with Plivo.|
|Email address, name||If you are interested in hearing from us, you may sign up for our newsletter.|
Also, if you want to download any of our white papers, you may share your contact information with us so that we can follow up with you based on your interests.
You may opt out of these communications at any time.
|Visitor data||This is a legitimate interest on our part to ensure that we are giving you the right information and to engage with you.|
You may opt out of cookies at any time.
|Visitor data||This is a legitimate interest on our part to continuously improve our website content and navigation as well as the relevance of ads you may find on other sites.|
How does Plivo share your personal data?
As part of the products and services that Plivo offers to you, we need to share your personal data with our employees and some other third-parties that help Plivo deliver our products and services. We always make sure that we share your personal data when it is absolutely necessary to give you the best products and services, and we ensure that we do so in a safe and controlled way.
The following table explains who the parties are that we share your personal data with and the purposes why they need access to your personal data.
|Telecom carriers||Carriers require your personal data including your phone number and the content of your message or call.|
|Plivo’s sub-processors||These are companies that provide services to Plivo such as storage and infrastructure, payment services, support processing, data analysis.|
Refer to our sub-processor page for a list of these service providers.
|Compliance with legal obligations||To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or other legal process or where we need to protect a legitimate business interest such as fighting against fraud that harms our rights.|
Plivo will use reasonable efforts to notify you of the disclosure requirement, unless prohibited by law or if disclosure is required under exigent circumstances. Exigent circumstances are when there is a request for disclosure from a government or law enforcement agency, where there is a threat of death or serious bodily injury to a person and Plivo may have the required information to prevent it. We will review these requests in line with the applicable law and our policies, before disclosure.
|Third-party advertising companies||We share cookie and pixel information with third-party advertisers that are used for their own marketing efforts. You may always opt-out of this sharing by using our cookie consent tool.|
We share encrypted email addresses with third-party advertisers for our own marketing efforts. You may opt-out of this sharing by emailing us at email@example.com
Except for the information specified above, we do not share any other data to any third-party advertisers including but not limited to phone numbers, opt outs, consents or any mobile information.
How does Plivo protect your personal data?
Plivo takes the protection and security of your personal data very seriously. We use physical, organizational, technical, and administrative measures to safeguard your personal data, and regularly re-assess and revise our policies and practices to improve security measures to protect personal data, and seek to partner with organizations that do the same.
Please remember that no data transmission over the Internet, whether wired or wireless, is 100% secure, therefore we cannot fully guarantee the security of information transmitted to Plivo and cannot be responsible for the actions of any third-party that may intercept any such information. Once we receive your data, we commit to making all reasonable efforts to protect it to ensure it resides securely in our systems.
If you believe that your personal data may have been compromised by Plivo or by using Plivo’s website, products or services, please contact our support team immediately. We will be happy to assist you.
Where does Plivo store your personal data?
The personal data that Plivo receives from you resides in different locations around the globe. Plivo is currently certified under the EU-US Privacy Shield framework, which means that the EU authorities allow us to transfer your personal data into our locations in the US.
For personal data stored in the US at any of our third-party providers, Plivo ensures that we solely work with US third-party providers that comply with the EU-US Privacy Shield Framework.
For personal data stored in other regions, we ensure that we have the appropriate international transfer mechanism in place, such as Standard Contractual Clauses.
And keeping in line with our commitment to protect your personal data, Plivo ensures that all third-party providers we work with sign a Data Processing Agreement to ensure that they will protect your personal data according to Plivo’s expectations.
Rights over your personal data
Privacy and data protection regulations such as the GDPR and the CPRA grant you with rights that you can exercise over the personal data that organizations like Plivo collect and manage about you. At Plivo we believe in providing these rights to all of our customers regardless of where they are located in the world. Every Plivo customer has the same rights over their personal data.
Unless there are clear exceptions because of legal or regulatory requirements, we will work to ensure that your requests are addressed within 30 days. These are the requests you may contact Plivo about:
You have the right to access the personal data that Plivo maintains about you, including the categories of data and how Plivo collects, processes, and shares your personal data.
You have the right to request deletion of your personal data, update or correct your data, object to processing of your data, ask us to restrict processing of your data, or request portability of your data. On each particular case we will inform you of the consequences of your request and if there are any exemptions to honoring your request based on legal, regulatory, or contractual requirements.
If Plivo has collected and processed your personal data based on your explicit consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing Plivo conducted prior to your withdrawal.
You have the right to be notified about a data breach that may impact the integrity, availability or confidentiality of your personal data. Refer to our data breach notification section for more details.
You have the right to complain to a data protection authority about Plivo’s collection and processing of your personal data. However, we would appreciate it if you give us the opportunity to deal with your complaint internally before contacting a data protection authority.
You have the ability to access, update or delete your personal data if you log into your account. Furthermore, you also have the ability to withdraw your consent to any marketing communications you have signed up for.
In order to exercise any of the rights you have over your personal data or if you are not able to complete your request directly through your account, please send an email to firstname.lastname@example.org. Once we receive your request, we will contact you to provide acknowledgement and request further information if required. We will never discriminate against you for exercising your personal data rights.
Plivo has implemented automated decision-making rules to monitor payments and account activity to minimize the possibility of fraud. If we find suspicious activity that we believe is fraudulent, we will suspend the payment or the account and will notify you. You will be able to exercise your right to object, where we will explain to you the rationale that we followed for our decision.
Personal data breach notification
Plivo, as part of our security and data protection measures, has implemented processes to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Should we learn of a security breach that affects your personal data, we will notify you in order to explain how this breach may affect you and to provide you with any advice on how to protect yourself. We will contact you through the email address we have on file or by posting a notice on our website.
Plivo’s personal data retention period
Due to telecommunications and other regulations, we generally retain all the data that you generate as part of your relationship with Plivo for seven (7) years after you close your account, unless otherwise required by legal, security, or other requirements in accordance with the applicable law.
Plivo’s Data Processing Addendum
In our role as a processor, we are happy to provide you with a Data Processing Addendum (or DPA) where we commit to safeguarding the personal data that we will process on your behalf, will support you on any request you may receive from individuals or Data Protection Authorities and will ensure that we process personal data according to personal data protection regulations such as the General Data Protection Regulation in the EU.
Plivo’s Contact information
If you have any further questions about how Plivo collects, uses, discloses or protects your personal data or if you have any questions about this privacy notice, including any requests to exercise your personal data rights, you may contact our appointed Data Protection Officer using the details set out below.
Data Protection Officer
General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Plivo has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
- by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
UK General Data Protection Regulation (GDPR) - UK Representative
Pursuant to Article 27 of the UK GDPR, Plivo has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
- by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
- by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
California Privacy Notice
This section of the Privacy Notice encompasses specific requirements for California residents, and it complies with the California Privacy Rights Act of 2020 (CPRA).
Categories of Collected Personal Information
Plivo, for the purpose of our business or for the purpose of your interactions with our website, collects and uses the following categories of personal information:
|Online identifiers||IP address, account number, cookie ID|
|Contact||Name, address, country, phone number, email address, company name|
|Digital identity||Workstation type, browser, SIP trunk|
|Financial||Invoices, payment type, credit card details|
|Online activity||Browsing history, search history, website navigation and interaction|
Plivo collects these categories of personal data from the following sources:
- Directly from the individual the information is about.
- Indirectly from an individual’s interaction with our website or our products.
We use and disclose personal information according to the purposes established in the sections How does Plivo collect and process your personal data and How does Plivo share your personal data.
Disclosures of personal information
Plivo has shared your personal information in the last twelve months on all categories identified and for the purposes described in this Privacy Notice.
Sale of personal information
Plivo may have collected publicly available personal information about you or obtained your information from third party providers. This information includes the industry, size, and other general information about your company such as URLs, in order to help Plivo understand our customers better. If you want to opt-out, you may email us at email@example.com.
Plivo has implemented automated decision making process as described in the Section Automated decision-making above.
California Privacy Rights
The CPRA provides California residents with rights over their personal information. As a California resident, you have the following rights with respect to your personal information:
- You have the right to request to know about personal information that has been collected, disclosed, or sold.
- You have the right to rectify any personal information that we hold about you that, in your opinion, is not correct.
- You have the right to request the deletion of personal information.
- You have the right to portability, which means that you may request that we provide you a copy of specific pieces of personal information we have collected about you in the past 12 months in an electronic format.
- You have the right to request that we limit the disclosure of your sensitive personal information unless the disclosure is required for the provision of our services to you or for any other regulatory or legal requirements.
- You have the right to opt-out of the sale of your personal information at any time.
Once we receive a request from you to disclose how your personal information has been collected, used and shared by Plivo over the last twelve months, we will verify your identity and will share with you the following information:
- Categories of personal information Plivo collected about you
- The sources where we obtained your personal information from
- The purposes of use of your personal information
- The third-parties we shared your personal information with
- Whether we sold or shared your personal information for Plivo’s benefit
We aim to respond to your requests within the established 45 days from receipt. If we require more time to respond, we will let you know within this period. We will deliver our response by mail or electronically, depending on your preference.
We will not discriminate against you for exercising your personal information rights.
You may designate an authorized agent to make requests on your behalf. We will require verification that you did, in fact, authorize the agent. Unless the law requires otherwise, your authorized agent must provide contact details for you. We will contact you to confirm that you authorized the agent. Once you confirm, we will promptly respond to the rights request.
Exercising your privacy rights
To exercise your rights, you may contact us at firstname.lastname@example.org]. In order to fulfill your request, we may require additional personal information for purposes of verifying your identity. If you make a request through an authorized agent, we may require additional information to verify your authorization of the agent.
EU-US Data Privacy Framework
In compliance with the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF, Plivo commits to resolve DPF Principles-related complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF should first contact our DPO here.
Plivo has further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF to the American Arbitration Association / International Centre for Dispute Resolution (AAA / ICDR), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of AAA / ICDR are provided at no cost to you.
The Federal Trade Commission has jurisdiction over Plivo’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2