Log InArticle 1 – Introduction and Purpose
Voice Logica P.C. (G.E.MI. 183940301000, registered at Katsantoni & Olympias 2, Metamorfosi 144 52, Athens; hereinafter the “Company”) operates the VoiceLogica.ai platform, which provides automated voice assistants (Voice-AI) for inbound and outbound calls, as well as related services such as summaries via SMS or email, APIs, and additional features. This policy outlines the personal data we process, the purposes and legal bases for processing, the retention periods, the rights of data subjects, and the security measures we implement, in accordance with Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC as incorporated in Greek Law 3471/2006, and other applicable provisions.
Άρθρο 2 – Ορισμοί
- Controller: The entity that determines the purposes and means of data processing.
- Processor: A third party processing data on behalf of the Controller.
- Telephony Data: Includes call recordings, phone numbers, and all metadata generated during communication.
- Account Data: Includes customer identification details, billing information, and data of authorized users.
- Technical Data: Includes IP addresses, device identifiers, cookies, and API access tokens.
Article 3 – Data Collected
-
The Company processes:
- Telephony Data, including audio recordings (where recording is enabled), call logs, caller and recipient numbers, call duration, and termination reason.
- Account Data, including business name, G.E.MI. number, VAT number, registered address, and administrator user details.
- Technical Data, such as IP addresses, browser information, and functional or analytics cookies (installed only with user consent, where required).
Article 4 – Purposes and Legal Bases of Processing
-
The Company processes personal data:
- To provide and bill services, under the legal basis of contract execution (Art. 6(1)(b) GDPR).
- For support, security, and fraud prevention, based on its legitimate interest (Art. 6(1)(f) GDPR).
- To comply with tax, telecommunications, and accounting obligations (Art. 6(1)(c) GDPR).
- To send newsletters only upon consent (Art. 6(1)(a) GDPR and Law 3471/2006).
- To perform statistical analysis and improve algorithms, using anonymized or pseudonymized data, based on legitimate interest.
Article 5 – Processors and Third-Party Providers
The Company cooperates with a limited number of providers, including Yuboto for call termination and international vendors for speech-to-text, large language models, and speech synthesis, such as Google, Microsoft, Speechmatics, Deepgram, and OpenAI. All partners are bound by data processing agreements under Article 28 GDPR and provide appropriate safeguards for international data transfers.
Article 6 – International Data Transfers
Transfers outside the European Economic Area occur only when an equivalent level of protection is ensured, either through adequacy decisions, Standard Contractual Clauses (SCCs), participation in Binding Corporate Rules (BCRs), the EU-US Data Privacy Framework, or other lawful mechanisms under Articles 46–49 of the GDPR.
Article 7 – Retention Periods
- Call recordings and transcripts are retained for a duration set by the customer via the dashboard, typically around 30 days.
- Call metadata is retained as long as necessary for optimization and security, with a minimum of six months before anonymization.
- Billing and accounting data is retained for ten years in accordance with Greek tax law.
- Cookies are deleted after a maximum of thirteen months or earlier, depending on the user’s preference.
Upon expiration, data is either permanently deleted or anonymized, and backup copies are updated in a timely manner.
Article 8 – Data Subject Rights
-
Data subjects have the right to:
- Access their data, request rectification or deletion (where permitted by law),
- Restrict processing, request portability in a commonly used format,
- Object to processing based on legitimate interest or automated decision-making,
- And not be subject to a decision made solely through automated means without human intervention when such a decision produces legal or significant effects.
Requests can be made via email at
Article 9 – Information Security
-
The Company applies:
- TLS encryption (version ≥1.2) for data in transit,
- AES-256 encryption for data at rest,
- Logical tenant isolation, role-based access control, event logging, and regular vulnerability testing.
In the event of a personal data breach, the Company evaluates, contains, remediates, and notifies authorities and customers within 72 hours of detection.
Article 10 – Cookies and Tracking Technologies
Only strictly necessary cookies are used for session maintenance and security. Analytics cookies are used only for statistical processing and only with explicit consent. Users may modify or revoke their preferences at any time via the cookie selection tool or their browser settings.
Article 11 – Automated Decision-Making and Profiling
Responses from voice agents are generated by machine learning models. The service does not make decisions that produce legal or otherwise significant effects without the possibility of human review. Users may request human intervention, express an opinion, or contest the decision.
Article 12 – Submitting a Complaint
Any data subject may lodge a complaint with the Hellenic Data Protection Authority at www.dpa.gr, contact us for an amicable resolution, or seek redress through competent courts.
Article 13 – Policy Revisions
This policy may be modified. In the event of substantial changes, users will be notified at least thirty days in advance by email and via in-platform notification, unless immediate implementation is required for legal or security reasons. The most recent version is always available on the platform’s privacy page.
Article 14 – Contact
The Data Controller is Voice Logica P.C., located at Katsantoni & Olympias 2, Metamorfosi 144 52, Athens. For any data protection issue, please contact