Subprocessors
The following is a list of the managers/sub-managers named concerning the processing:
IDENTIFICATION OF RESPONSIBLE PERSONS (OR SUB-RESPONSIBLE PERSONS). | |
Amazon Web Services EMEA SARL | Manager's Address: Viale Monte Grappa 3/5, 24124, Milan (Italy) Purpose of Data Processing: AWS is entrusted, as a Cloud Service Provider, solely with ensuring the integrity and availability of the data stored on its servers. Therefore, AWS does not access Customer content except as necessary to provide and maintain the hosting services (e.g., for security and support) and subject to contractual safeguards; the data is protected by additional security measures, such as encryption. Categories of personal data: personal data related to the use of Imagicle Products and related Services, Call audio and related call metadata; text derived from call content (transcripts), Text provided for synthesis (which may include personal data) and generated audio output, where applicable. Country where processing will take place: cloud services are managed through Amazon Web Services (AWS). Customers can request that their production hosting be in any country-specific AWS location proposed by Imagicle or in another AWS region of their choice Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679) · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679) All the information provided by AWS regarding data processing at the following link: |
Salesforce UK Limited | Manager's Address: Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N4AY London. (United Kingdom) Purpose of Data Processing: this is a CRM software provider used for administration and business relationship management activities with customers/potential customers/end users only. Salesforce operators in the service and support phases of the product may, on an occasional basis and under the control of Imagicle personnel, access personal data Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user Country in which the processing activity will take place: worldwide Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679) · Other countries: Transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679). All the information provided by Salesforce regarding data processing at the following link: https://www.salesforce.com/eu/company/privacy
|
Atlassian | Manager's Address: 350 Bush Street, Level 13 San Francisco, California 94104 (USA) Purpose of Data Processing: this cloud storage (archiving) and file-sharing service allows you to store, synchronize and share documents and other files via the Internet. Imagicle uses it for sharing and storing files and documents that may contain personal data of customers/potential customers/end Users related only to administration and business relationship management activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user Country in which the processing activity will take place: worldwide Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679) · Other countries: Transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679) All the information provided by Atlassian regarding data processing at the following link: https://www.atlassian.com/it/legal/privacy-policy#what-this-policy-covers |
Microsoft Ireland Operations Limited Microsoft 365
| Manager's Address: Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland Purpose of the Data Processing: Microsoft 365 is a suite of enterprise collaboration software products. It is used by Imagicle for the management of various digital contents, among which texts, presentations, emails that may contain personal data of Customer and End User and data and Personal Data related to the use of Imagicle Products and in the fruition of related Services Categories of personal data: Customer and End User personal data and data related to the use of Imagicle Products and in the fruition of related Services Country where processing will take place: worldwide Frequency of transfer: continuous/daily Guarantees legitimizing the transfer · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries do not ensure an adequate level of protection: the transfer is permitted if the Commission has decided that the third country, a territory or one or more specific sectors within the third country, or the international organization in question ensure an adequate level of protection. In that case, the transfer does not require specific authorizations. The adequacy of the third country or organization is recognized by decision of the European Commission (Art. 45 of EU Regulation 2016/679) · Other countries: The transfer is made on the basis of the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or on the basis of the Binding Corporate Rules (BCRs), (Art. 46 of EU Regulation 2016/679) All the information provided by Microsoft on data processing at the following link: https://privacy.microsoft.com/it-IT/ |
Dropbox International Unlimited Company | Manager's Address: One Park Place, Floor 5 Upper Hatch Street, Dublin (Ireland) Purpose of Data Processing: this cloud storage (archiving) and file-sharing service allows you to store, synchronize and share documents and other files via the Internet. Imagicle uses it for sharing and storing files and documents that may contain personal data of Customers/Potential Customers/End Users related only to administration and business relationship management activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user Country in which the processing activity will take place: worldwide Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679) · Other countries: Transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679) All the information provided by Dropbox regarding data processing at the following link: https://www.dropbox.com/privacy |
Imagicle Ltd | Manager's Address: Pixash Lane, Keynsham, Bristol Purposes of Data Processing: this direct subsidiary of Imagicle Spa works with it to administer and manage the relationship with the customer/potential customer/end user Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user Country where processing activities will take place: United Kingdom Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). COMMISSION EXECUTIVE DECISION (EU) 2021/1773 of June 28, 2021, under Directive (EU) 2016/680 of the European Parliament and the Council on the adequate protection of personal data by the United Kingdom.
|
Imagicle Sas | Manager's Address: Parc des Barbanniers 5 - Promenade de la Bonnette - 92230 Genevilliers Purposes of the Data Processing: this is a direct subsidiary of Imagicle Spa that collaborates with it to administer and manage the relationship with the customer/potential customer/end user. Categories of personal data: · personal data processed to administer and manage the relationship with the customer/potential customer/end user · personal data related to the use of Imagicle Products and related Services Country in which processing activities will take place: France Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Not necessary, the transfer takes place within the territory of the European Union |
Imagicle DMCC | Manager's Address: Office 1307, JBC5, Cluster W, JLT - PO BOX 283982 United Arab Emirates Purposes of the Data Processing: this direct subsidiary of Imagicle Spa works with it to administer and manage the relationship with the customer/potential customer/end user and for support activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer /end user Country in which processing will take place: United Arab Emirates Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Transfer is made based on the EU Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR |
Imagicle Saudi Communication Technology and Information | Manager's Address: 7586 King Fahd Rd, 4119 Ar Rahmaniyah Dist, 12341 Riyadh, Kingdom of Saudi Arabia Purpose of Data Processing: this indirect subsidiary of Imagicle Spa works with it to administer and manage the relationship with the customer/potential customer/end user and for support activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user. Country where processing will take place: Saudi Arabia Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Transfer is made based on the EU Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR |
Imagicle Inc | Manager's Address: 333, Las Olas Way - Fort Lauderdale FL33130 - United States Purposes of the Data Processing: this direct subsidiary of Imagicle Spa, works with it to administer and manage the relationship with the customer/potential customer/end user and for support activities Personal data categories: personal data processed to administer and manage the relationship with the customer/potential customer/end user. Country in which processing activities will take place: United States of America Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: Transfer is made based on the EU Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR
|
Additional product specific sub-processors
Voice Analytics
IDENTIFICATION OF RESPONSIBLE PERSONS (OR SUB-RESPONSIBLE PERSONS). | |
OpenRouter, Inc.
| Manager’s Address: 936 W Alder St, Louisville, CO 80027, United States Purpose of Data Processing: AI model routing and API gateway service. OpenRouter routes API requests to various AI model providers for intent recognition and output generation. Processing is performed to provide the Service. Customer content is not used to train models.Zero Data Retention (ZDR) option available Personal data categories: personal data related to the use of Imagicle Products and related Services, including call transcripts and other text derived from call content, Customer prompts/instructions and knowledge content provided to enable the Service, and AI-generated outputs Country where processing will take place: United States Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by OpenRouter regarding privacy and data processing at the following links:
|
Soniox Inc
| Manager’s Address: 1045 Helm Ln, Foster City, CA 94404, United States Purpose of Data Processing: Speech-to-text transcription (STT) for AI-enabled voice analytics services. Customer content is not used to train models. Personal data categories: Call audio and related call metadata; text derived from call content (transcripts), where applicable. Country where processing will take place: United States, Europe, based on customer region service selection Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by Soniox regarding privacy and compliance at the following links: · Privacy Policy: https://soniox.com/policies/privacy-policy · Security & Privacy:https://soniox.com/docs/stt/security-and-privacy |
AI Virtual Receptionist and Smartflows
IDENTIFICATION OF RESPONSIBLE PERSONS (OR SUB-RESPONSIBLE PERSONS). | |
OpenRouter, Inc.
| Manager’s Address: 936 W Alder St, Louisville, CO 80027, United States Purpose of Data Processing: AI model routing and API gateway service. OpenRouter routes API requests to various AI model providers for intent recognition and output generation. Processing is performed to provide the Service. Customer content is not used to train models.Zero Data Retention (ZDR) option available Personal data categories: personal data related to the use of Imagicle Products and related Services, including call transcripts and other text derived from call content, Customer prompts/instructions and knowledge content provided to enable the Service, and AI-generated outputs Country where processing will take place: United States Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by OpenRouter regarding privacy and data processing at the following links:
|
Soniox Inc
| Manager’s Address: 1045 Helm Ln, Foster City, CA 94404, United States Purpose of Data Processing: Speech-to-text transcription (STT) for AI-enabled voice analytics services. Customer content is not used to train models. Personal data categories: Call audio and related call metadata; text derived from call content (transcripts), where applicable. Country where processing will take place: United States, Europe, based on customer region service selection Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, and/or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679), as applicable. · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by Soniox regarding privacy and compliance at the following links: · Privacy Policy: https://soniox.com/policies/privacy-policy · Security & Privacy:https://soniox.com/docs/stt/security-and-privacy |
ElevenLabs
| Manager’s Address: 169 Madison Ave #2484, New York, NY 10016, United States Purpose of Data Processing: Text-to-speech generation (TTS) for AI-enabled voice services (e.g., Virtual Receptionist). Customer content is not used to train models. Personal data categories: Text provided for synthesis (which may include personal data) and generated audio output; related request metadata. Country where processing will take place: United States Frequency of transfer: continuous/daily Guarantees that legitimize the transfer: · United States: the transfer is made based on the presence of an adequacy decision (art 45 GDPR) adopted on 10.07.2023 by the European Commission (EU-U.S. DATA PRIVACY FRAMEWORK - "DPF"). The member organizations of the DPFA can be consulted at the following link: https://www.dataprivacyframework.gov/s/participant-search · Other countries with guarantee an adequate level of protection: transfer is permissible if the Commission has decided that the third country, a territory or specific sector(s) within the third country, or the international organization in question guarantee an adequate level of protection. In such a case, the transfer does not require specific authorization. The third country or organization's adequacy is recognized by the European Commission's decision (Article 45 of EU Regulation 2016/679). · Other countries: transfer is made based on the standard data protection clauses adopted by the European Commission, with provision for additional safeguards where deemed necessary, or based on Binding Corporate Rules (BCRs) (Art. 46 of EU Regulation 2016/679).
All the information provided by ElevenLabs regarding privacy and data transfers at the following links:
|
Pinecone
| Manager's Address: New York, 1375 Broadway, Floor 11, United States Purpose of Data Processing: Use of Pinecone Vector Database to build knowledgeable AI Personal data categories: personal data related to the use of Imagicle Products and related Services, including vectorized representations (embeddings) derived from Customer-provided knowledge content and/or text derived from call content, where applicable Country where processing will take place: United States, Europe, based on customer region service selection. Frequency of transfer: continuous/daily Guarantees that legitimize the transfer:
All the information provided by Pinecone regarding privacy and security at the following links:
|