Our commitment to privacy
Telestax, Inc. (“Telestax” or “we”) is a Cloud Platform as a Service (“CPaaS”) company that allows enterprises all over the world to communicate with their customers via various communication channels, such as Programmable SMS, Programmable Voice and email.
We only ask for personal data when we need it for business purposes or to provide you with relevant information. When partners, customers and end-users share personal data with us, we always handle that data in accordance with the applicable data protection regulations. We don’t use that data for any purposes other than those specifically issued by the individual or entity who provides the data.
Telestax provides certain services which may be subject to the EU General Data Protection Regulation (EU Regulation 2016/679), also known as “GDPR”. Telestax is committed to complying with GDPR.
Telestax collects and uses personal data which may be subject to the California Consumer Privacy Act (“CCPA”). This notice contains information required by the CCPA. Telestax is committed to complying with the CCPA.
A few definitions
End-Users of the Telestax Products include:
- Employees of the Resellers
- Employees of the Customers
- Recipients and senders of communication triggered by a Reseller or Customer using the Telestax Products.
Controller: As per GDPR and other data regulations, the Controller determines the purpose and the means of personal data sharing (e.g. to receive important information or sending invoices) and remains ultimately responsible for the correct handling of the subject’s data. The Controller is often the company that an individual provides their personal data to.
Processor: The Processor is the company that provides part of the service of the Controller, and needs specific personal data in control of the Controller in order to do so. For instance, when one of our customers sends a Programmable SMS to an individual, we need the phone number where that message needs to be sent. This phone number is personal data. The Processor only processes personal data according to the instructions of the Controller.
Depending on your relationship with Telestax and the function that Telestax performs, Telestax can be a Controller, a Processor or both.
Why we collect personal data
All the personal data we process is lawfully obtained and with a legal basis. The purpose of the information we collect is so that we can enable you to use our services. Personal data can also help us improve our products to fit the needs of our customers.
We process personal data based on a limited set of legal principles:
- explicit consent (e.g. ticking a box on our website)
- negotiating and signing a contract to use the Telestax Products
- legal obligation which requires us to do so (such as cooperating with formal disclosure requests or preventing misuse of our services)
We collect personal data for specific purposes, and we’ll always tell you what those are when we collect it. We’ll use the collected data for the specified purpose alone, as long as our relationship stays the same. If our relationship changes, we may need more information.
Here is a list of some of the purposes for which we’ll request or use your data:
- Sharing relevant information about our products and services
- Creating an account that is connected to your person and company
- Verifying your identity
- Provision of the services
- Finance and billing
- Analyzing usage of our products and services
- Providing Customer Support to potential or existing customers
- Detecting and combating fraudulent or unlawful activity
- Training and quality improvement
- Expanding business through our marketing and sales channels
- Fulfill financial obligations such as paying taxes and ensuring invoices are paid
- Keeping your account secure
What personal data we collect
The personal data that we collect falls into four main categories:
- Reseller Account Data: if your company is a Reseller and you are the holder of a Telestax account on behalf of your company, the Reseller Account Data is the personal data you provide to us to setup and maintain that account.
- Enterprise Customer Account Data: if your company is an Enterprise Customer and you are the holder of a Telestax account on behalf of your company, the Enterprise Customer Account Data is the personal data you provide to the Reseller to setup and maintain that account.
- End-User Data: this is the personal data of the End-Users that is collected by the Enterprise Customer to allow the End-User to receive and send messages through the Telestax Products.
- Website visitor data: this is the data that you will share with us while visiting the site, through cookies and forms. You will always be asked if you agree to share personal data on our site.
The types of personal data collected may include (but are not limited to):
- First name
- Last name
- Job title
- Company name
- Email address
- Phone number
- Telestax username
- Telestax password
- Usage and traffic data of services and website
- Customer support call recordings
- Communication content (e.g. the content of an SMS)
- Location information
- Cookie preferences
- IP addresses
Personal Data does not include information that is aggregated or otherwise does not identify an individual or does not permit us to associate such information with an individual.
How we collect the personal data
If your company is a Reseller, the Reseller Account Data is provided by you to us when we setup your Telestax account. You can provide this information to us by filling in a form online, by sending it to us by email or by sharing it with us by phone.
Enterprise Account data: either you enter it yourself in an online form or you provide it to the Reseller from whom you are buying the Telestax Product and the Reseller enters your data into our systems.
End-user data is either provided by you through the use of the Telestax Products or by the End-Users through the use of the Telestax Products.
Website Data is collected as you visit the Site, according to the preferences that you set.
With whom we share personal data
Whether we fulfill the role of Controller, Processor, or even as a mere conduit, we always make sure that the parties we work with adhere to similar Data Protection and Security Standards as we agreed upon with you.
Telestax engages three categories of recipients:
- The Reseller through whom you purchased the Telestax Product
- Third party service and technology providers as well as telecommunications services providers working on our behalf to provide you with products and services
- Government authorities, when required to do so by law
If you purchased the Telestax Products through a Reseller, the Reseller will have access to the Personal Data that you loaded into the Telestax Products.
Most of the products that Telestax offers require the Reseller to provide the carrier services for SMS, voice and email. Either the Reseller has the capabilities to perform such services in-house or they buy the services from a third party carrier. This is known as “Bring your Own Carrier” or BYOC. In this case, the communication of SMS message, voice and email is done through a telecommunication company (“Telco”) that is in contract with the Reseller. The communication of the Personal Data is done through the Telco and it is governed by the Privacy Policies from the Reseller and from the Telco. Our Reseller is contractually committed with us to adhere to the same Data Protection and Security Standards as we agreed with you and they have the responsibility to enforce similar standards with the Telco.
Not all Telestax Products are BYOC. In some cases, we bundle some carrier services from a third party Telco and sell the bundle to our Resellers.
When it comes to the contents of electronic communications transmitted by a Telco, the Telco qualifies neither as a controller nor as a processor under the EU’s GDPR insofar as it acts as mere conduits in transmitting the content. If the Telco processed content data for its own purpose (e.g. undertaking its own filtering or data retention activities), they act as controllers.
Third party service and technology providers
We can share personal data with third party service providers, like our hosting provider (Amazon Web Services) and our accounting services (for invoicing purposes), that perform services on our behalf. We never share information without prior vetting, or for specific purposes that can be fulfilled in-house.
Government requests and legal obligations
Telestax will respond to government requests only when we are legally obliged to do so. The request needs to i) be sent from a government agency, ii) be issued where we are subject to the respective jurisdiction, iii) be an enforceable subpoena, search warrant, court order or similar official instrument compelling us to disclose the information requested, and iv) state the categories of records sought and specific time period. Telestax will also respond, as necessary, (1) to protect the security or integrity of our products and services; (2) to protect the public from harm or illegal activities; and (3) to respond to an emergency which requires the disclosure of data to assist in preventing death or serious bodily injury. If Telestax responds to such Governmental Requests, or Legal Obligations, Telestax will notify you of such requests and responses, unless prohibited by law.
International transfer of data
As a global cloud based enterprise, the usage of our services often involves the transfer of personal data, both within and outside the European Economic Area (“EEA”). We always take care to ensure our partners have sufficient guarantees and safeguards in place to properly treat and protect your data in line with our data protection and information security standards.
Among others we make sure data transferred outside the EEA will only be done with the appropriate cross border transfer mechanisms in place. We always make sure we contractually agree on data protection to protect the rights and freedoms of all individuals, inside and outside the EU, and ensure compliance with our data protection standards and, when applicable, the GDPR. The Personal Data that we collect may be stored and processed on servers located in various countries, including servers located outside of your home country, which is necessary to provide our services.
Data security and compliance obligations
We do everything in our power to keep your data safe. We invest in state-of-the-art technology and thorough security screenings of our infrastructure and employees to minimize security risks.
Since all our accounts are password protected the only person with access to your account should be you. If your login information is stolen or used without your permission, it is imperative that you notify us immediately so we can secure your account. You can do so by sending an email to email@example.com.
Retention of Personal Data
If you would like to review, amend, transfer or request to delete personal data during the retention period, you can request us to do so. Please direct any such request regarding your personal data via the “How to Contact Us” section below. Please note that we are not always in a position to follow up on an these requests if they conflict with one of our legal retention obligations, or any other obligation.
After the required retention period expires, we might keep data in a non-identifiable form for archival, statistical and/or other legitimate purposes. None of it will be able to identify you as an individual.
Controlling your rights and choices related to Personal Data
Even though we collect your data to conduct business, your data stays your own. You control your personal data and can at any time choose what you want us to do with it. You can change your cookie settings as a website visitor, withdraw consent to our processing of your data when this applies, control and review your data, and object to and restrict the processing of data if you deem that necessary.
For any changes that you would like to make to your personal data, including erasures, and that you cannot make online through our interfaces, please contact us at firstname.lastname@example.org.
When your personal data is being processed to fulfill a legitimate interest to us, you’re able to object and unsubscribe. You can always exercise your right to restrict processing, and we’ll make sure to process your data in the way you specify. We will assess each request on a case-by-case basis according to the rules set out by the applicable data protection laws, often the GDPR. If we override your request, we need to demonstrate that we have compelling grounds to do so, or that there’s a legal claim which allows us to retain personal data.
You may have a right to data portability under applicable law. You may also access a copy of your Personal Data, request rectification or erasure of your Personal Data, object to processing of your Personal Data, request the restriction of the processing of your Personal Data, or otherwise exercise your rights afforded under applicable law by contacting us at the address provided below and by providing evidence of your identity. If the information requested does not identify you without us obtaining additional information, we may not be able to honor your request. Finally, you also have the right to lodge a complaint with a supervisory authority.
Our commitment to children’s online privacy
Our services and products are not directed to children under the age of 18. Telestax does not knowingly collect and/or process any personal data from children under this age directly. Telestax does not knowingly allow children under the age of 18 to become registered members of our sites, or buy products and services on our sites, or collect personal data about children under the age of 18. If we discover we’ve received personal data from a child without parental or legal consent, we will immediately take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about a child, please contact us at email@example.com with the subject: ‘Children’.
Links, third party websites and social networking sites
Our online services and communications may embed hyperlinks to websites that are not owned or controlled by Telestax. We’re not responsible for the privacy practices, policies, notices or content that are not on our website or domain, even if we’ve embedded a link to them. We encourage you to read and understand the privacy practices, policies, notices, and content of any linked sites that you visit.
How to contact us
If you have any questions or concerns regarding the processing of your personal data when you use our website and services, please do not hesitate to contact us by email at firstname.lastname@example.org or to the following address:
9600 Escarpment Blvd
Ste 745 PMB 243
Austin, TX 78749
Policy last revised on: October 29, 2020.