GoZupees GDPR Compliance Statement

Introduction

The European Union's General Data Protection Regulation (GDPR) represents the most comprehensive overhaul of data privacy legislation in decades. This regulation establishes a modern framework for data protection that addresses the realities of today's digital landscape. The GDPR introduces enhanced individual rights, stricter accountability requirements for organizations, and significant penalties for non-compliance, all designed to give people greater control over their personal data.

Our Commitment

At GoZupees, we take data privacy very seriously. We have built our data protection program around the principle that protecting personal data is not just a legal requirement, but a fundamental responsibility to our Customers whose data flows through our platform. Our approach emphasizes transparency, security, and accountability at every stage of data handling.

We do not own, control, or direct the use of any of the Customer Data stored or processed by a Customer or Authorized User via the Service. GoZupees operates as a data processor under the GDPR framework, meaning we handle personal data exclusively on behalf of our Customers, who serve as data controllers. As a processor, we do not make independent decisions about why or how personal data is processed. We recognize that as a processor serving Customers across multiple jurisdictions, we must be prepared to meet a variety of legal requirements and customer expectations related to data protection.

Preparation and Implementation

Our data protection framework has been structured to address GDPR requirements:

• Data Processing Addendums (DPAs): We have DPAs available on request that clearly define our role as a processor, specify the types of data we handle, outline security measures, and establish procedures for data subject requests and breach notifications.
• Incident Response: We maintain 24/7 monitoring and rapid response capabilities to detect, assess, and report any data breaches to affected controllers within the required timeframes.
• Data Retention: We have clear procedures for retaining Customer Data within the timeframes mentioned in our Privacy Policy.
• International Transfers: When data crosses borders, we ensure appropriate safeguards are in place, including using Standard Contractual Clauses (SCCs) as the transfer mechanism.

Controller Support Systems

We have built tools and processes specifically designed to help our Data Controller Customers meet their GDPR obligations:

• Data Subject Request Assistance: Our platform includes features that help data controllers locate, export, modify, or delete personal data in response to requests from data subjects.
• Data Protection Impact Assessment (DPIA) Support: We can assist data controllers by providing technical information about our processing activities and security measures for their DPIAs.
• Privacy Controls: To help ensure that sensitive information is protected, we have implemented key features such as Pause Transcription and Redaction Settings (including Credit Card Protection, Personal Information Protection, and Strict Redaction).

Sub-Processor Management

Any third parties we engage to assist with data processing are carefully vetted and bound by the same data protection standards we maintain. We enter into DPAs with our sub-processors, including SCCs. Data Controllers are notified of the addition of new sub-processors via email and have the right to object.

Privacy by Design

Our product development process includes data protection impact assessments for new features, especially those involving high-risk processing like our AI features. This ensures data protection considerations are built into our systems from the ground up.

Data Subject Rights Support

As a data processor, GoZupees assists data controllers in fulfilling their obligations to respond to data subject requests. Please note that GoZupees does not directly handle data subject requests; all such requests are directed to the relevant data controller.

International Data Transfer

GoZupees is based and hosted in the United States, and all call recordings and related personal data are stored in US-based data centers that employ industry-standard security measures. As our processing infrastructure is located outside the European Economic Area, we ensure that appropriate safeguards are implemented for all international data transfers, including the use of Standard Contractual Clauses.

Technical and Organizational Measures

GoZupees maintains a comprehensive security and governance framework that protects Customer Data through multiple layers of technical and organizational measures. Our security infrastructure employs current TLS encryption standards for all data transmissions, industry-standard encryption for data at rest, role-based access controls, and continuous monitoring systems. All processing activities are overseen by our Data Protection Officer. Every employee with access to personal data receives regular data protection training and is bound by strict confidentiality obligations.

Contact Information

If you have any questions about this Statement, or our privacy or security practices, please contact us at legal@gozupees.com.