Log InArticle 1 – Introduction and Purpose
Voice Logica I.K.E. (G.E.MI. No. 183940301000, registered office at Katsantoni and Olympias 2, Metamorfosi 144 52, Athens; hereinafter the “Company”) operates the VoiceLogica.ai platform, which provides automated voice assistants (Voice-AI) for inbound and outbound calls, as well as related services including call summaries via SMS or Email, API access, and additional functionalities.
This Policy describes the categories of personal data we process, the purposes and legal bases of such processing, the data retention periods, the rights of data subjects, and the security measures we implement, in accordance with Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC as transposed into Greek Law 3471/2006, and any other applicable legislation.
Article 2 – Definitions
- “Data Controller” means the natural or legal person that determines the purposes and means of the processing of personal data.
- “Data Processor” means the third party that processes personal data on behalf of the Data Controller.
- “Telephony Data” means call recordings, calling and called numbers, and any metadata generated in the course of a communication.
- “Account Data” means customer identification details, billing information, and the details of authorized users.
- “Technical Data” means IP addresses, device identifiers, cookies, and API access tokens.
Article 3 – Data Collected
The Company processes Telephony Data, which include call audio recordings where call recording has been enabled, the corresponding call logs, the calling and called numbers, the call duration, and the reason for call termination.
In addition, the Company processes Account Data, such as company name, G.E.MI. number, tax identification number (VAT/TIN), registered office address, and the details of administrator users, as well as Technical Data, such as IP addresses, browser information, and functional or analytical cookies, which are installed only with the data subject’s consent where required by law.
Article 4 – Purposes and Legal Bases of Processing
The Company processes personal data for the provision and billing of its services, relying on the legal basis of performance of a contract pursuant to Article 6(1)(b) of the GDPR.
Personal data are also processed for support, security, and fraud prevention purposes, based on the Company’s legitimate interest in accordance with Article 6(1)(f) of the GDPR.
The Company retains and processes personal data in order to comply with tax, telecommunications, and accounting obligations, pursuant to Article 6(1)(c) of the GDPR.
Newsletters and marketing communications are sent only with the data subject’s prior consent, in accordance with Article 6(1)(a) of the GDPR and Greek Law 3471/2006.
Finally, the Company uses anonymized or pseudonymized data for statistical analysis and algorithm improvement, relying on its legitimate interest.
Article 5 – Processors and Third-Party Providers
The Company cooperates with a limited number of service providers, such as Yuboto for call termination services, as well as international providers of speech-to-text, large language models, and text-to-speech technologies, including Google, Microsoft, Speechmatics, Deepgram, and OpenAI.
All such partners are bound by data processing agreements in accordance with Article 28 of the GDPR and, where applicable, implement appropriate safeguards for the transfer of personal data outside the European Union.
Article 6 – International Data Transfers
Transfers of personal data outside the European Economic Area (EEA) take place only where an equivalent level of data protection is ensured, through adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), participation in the EU–US Data Privacy Framework, or any other lawful transfer mechanism provided for in Articles 46 to 49 of the GDPR.
Article 7 – Data Retention Period
Call recordings and call logs are retained for a period determined by the customer through the platform’s dashboard, with an indicative retention period of thirty (30) days.
Call metadata are retained for as long as required for optimization and security purposes, with a minimum retention period of six (6) months prior to anonymization.
Billing information and accounting records are retained for ten (10) years, in accordance with Greek tax legislation.
Cookies are deleted after a period not exceeding thirteen (13) months, or earlier, depending on the user’s preferences.
Upon expiry of the applicable retention period, personal data are permanently deleted or irreversibly anonymized, and any related backups are updated within a reasonable timeframe.
Article 8 – Data Subject Rights
Data subjects have the right to access their personal data, to request their rectification, erasure where permitted by law, restriction of processing, and data portability in a commonly used and machine-readable format. They also have the right to object to processing based on the Company’s legitimate interest or to automated decision-making, as well as the right not to be subject to a decision based solely on automated processing, including profiling, where such decision produces legal effects concerning them or similarly significantly affects them, without human intervention.
Requests for the exercise of these rights may be submitted by email to
If a data subject considers that their request has not been duly satisfied, they have the right to lodge a complaint with the Hellenic Data Protection Authority via its website at www.dpa.gr.
Article 9 – Information Security
The Company implements TLS encryption version 1.2 or higher for data in transit and AES-256 encryption for data at rest. It applies appropriate technical and organizational measures to ensure the logical segregation of each customer’s data from that of other customers, including role-based access control, event logging, and periodic vulnerability testing.
In the event of a personal data breach, the Company assesses the incident, takes measures to contain and remediate it, and notifies the competent supervisory authorities and affected customers within seventy-two (72) hours from the time the breach is identified, in accordance with applicable data protection legislation.
Article 10 – Cookies and Tracking Technologies
Only strictly necessary cookies are used for session maintenance and security purposes. Analytical cookies for statistical analysis are used solely upon the user’s explicit consent.
Users may modify or withdraw their cookie preferences at any time through the relevant consent management mechanism or via their browser settings (see the applicable Cookies Policy).
Article 11 – Automated Decision-Making and Profiling
Responses provided by the voice agents are generated using machine learning models. The Service does not make decisions that produce legal effects or otherwise significantly affect data subjects without the possibility of human intervention.
Data subjects may request human review, express their point of view, or contest a decision, in accordance with applicable data protection legislation.
Article 12 - Policy Updates
This Policy may be amended from time to time. In the event of material changes, users will be notified at least thirty (30) days in advance via email and in-platform notification, unless immediate adoption is required for security reasons or legal compliance.
The current and applicable version of the Policy will always be made available on the platform’s personal data / privacy page.
Article 13 – Contact
The Data Controller is Voice Logica I.K.E., with registered address at Katsantoni and Olympias 2, Metamorfosi 144 52, Athens, Greece.
For any matter relating to personal data protection, you may contact us at
