Data Processing Agreement
1. Roles and scope
This DPA applies where Flyvoice processes personal information on the Customer’s behalf in providing the Service. The Customer determines the purposes and means (Controller); Flyvoice processes only on the Customer’s documented instructions (Processor), which include these Terms and use of the product’s configuration.
2. Details of processing
| Subject matter | Provision of AI voice calling, qualification, booking, feedback, and analytics. |
|---|---|
| Duration | The term of the Customer’s subscription, plus limited retention per clause 8. |
| Nature & purpose | Placing/receiving calls; recording and transcribing; scoring; storing lead, booking, and response records; reporting. |
| Types of data | Contact details, call audio and transcripts, call metadata, enquiry details, and any information volunteered on a call. |
| Data subjects | The Customer’s leads, customers, and other individuals it calls or that call it. |
3. Flyvoice’s obligations
- process personal information only on the Customer’s documented instructions and as needed to provide the Service or comply with law;
- ensure personnel are bound by confidentiality;
- implement reasonable technical and organisational security measures (access controls, encryption in transit, role-based permissions);
- assist the Customer, taking into account the nature of processing, to respond to individuals’ access/correction requests and to meet its security and breach-notification obligations; and
- make available information reasonably necessary to demonstrate compliance with this DPA.
4. Customer’s obligations
The Customer warrants it has a lawful basis and any required consent to provide the personal information and to have Flyvoice process it, including consent for call recording and AI disclosure. The Customer is responsible for the accuracy and legality of its instructions, scripts, and data.
5. Sub-processors
The Customer authorises Flyvoice to engage sub-processors (including voice/AI, telephony, and hosting providers) listed at [sub-processors URL]. Flyvoice imposes data-protection terms on sub-processors no less protective than this DPA and remains responsible for their performance. Flyvoice will give notice of new sub-processors and the Customer may reasonably object.
6. Overseas transfers
Where processing occurs outside Australia, Flyvoice takes reasonable steps to ensure an equivalent level of protection consistent with APP 8. Locations: [countries].
7. Security incidents
Flyvoice will notify the Customer without undue delay after becoming aware of a data breach affecting the Customer’s personal information, and will provide information reasonably available to help the Customer meet its Notifiable Data Breaches obligations.
8. Return and deletion
On termination, Flyvoice will, at the Customer’s choice, return or delete Customer personal information within [N] days, except where retention is required by law. The product provides self-service export and deletion controls.
9. Audit
On reasonable prior notice and no more than [once per year] (or after a breach), Flyvoice will provide reasonable information to allow the Customer to verify compliance, subject to confidentiality and security constraints.
10. Precedence
If this DPA conflicts with the Terms of Service on the processing of personal information, this DPA prevails to the extent of the conflict.
11. Contact
Data protection: [privacy email].