Data Processing Agreement

Information about how Ringlyn processes and handles customer data.

Last updated: April 21, 2025

Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Ringlyn ("Processor", "we", "us", "our") and the Customer ("Controller", "you", "your") and applies to the processing of Personal Data by Ringlyn on behalf of the Customer.

1. Definitions

For the purposes of this DPA:

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or otherwise making available.
  • "Data Subject" means an identified or identifiable natural person to whom the Personal Data relates.
  • "Controller" means the entity that determines the purposes and means of the Processing of Personal Data.
  • "Processor" means the entity that Processes Personal Data on behalf of the Controller.
  • "Sub-processor" means any Processor engaged by Ringlyn to Process Personal Data on behalf of the Customer.
  • "Applicable Data Protection Law" means all laws and regulations applicable to the Processing of Personal Data under the Agreement, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Processing of Personal Data

Ringlyn shall Process Personal Data only on behalf of and in accordance with the Customer's documented instructions, including with regard to transfers of Personal Data to a third country, unless required to do so by law. The Customer instructs Ringlyn to Process Personal Data for the following purposes:

  • Providing and maintaining the Ringlyn AI call agent services
  • Processing and handling calls on behalf of the Customer
  • Generating call transcripts, summaries, and analytics
  • Managing appointments and scheduling
  • Integrating with the Customer's existing systems (CRM, calendar, etc.)
  • Improving and optimizing the Ringlyn AI voice agent
  • Ensuring the security and integrity of the services
  • Complying with legal obligations

3. Confidentiality

Ringlyn shall ensure that all personnel authorized to Process Personal Data are subject to appropriate confidentiality obligations.

4. Security Measures

Ringlyn shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data during transmission and at rest
  • Regular testing and evaluation of security measures
  • Access controls and authentication requirements
  • Data backup and disaster recovery procedures
  • Regular security awareness training for personnel
  • Incident response and management procedures

5. Sub-processors

The Customer provides general authorization for Ringlyn to engage Sub-processors for the Processing of Personal Data. Ringlyn shall maintain a list of Sub-processors and provide the Customer with information about any intended changes concerning the addition or replacement of Sub-processors.

6. Data Subject Rights

Ringlyn shall assist the Customer in responding to requests from Data Subjects exercising their rights under Applicable Data Protection Law, taking into account the nature of the Processing.

7. Data Breach Notification

Ringlyn shall notify the Customer without undue delay after becoming aware of a Personal Data breach. Such notification shall include the details of the breach, the categories and approximate number of Data Subjects and Personal Data records affected, the likely consequences of the breach, and the measures taken or proposed to mitigate the breach.

8. Data Protection Impact Assessment

Ringlyn shall provide reasonable assistance to the Customer with any data protection impact assessments and prior consultations with supervisory authorities that may be required under Applicable Data Protection Law.

9. Return or Deletion of Personal Data

At the Customer's choice, Ringlyn shall delete or return all Personal Data to the Customer after the end of the provision of services relating to Processing and delete existing copies, unless storage is required by law.

10. Audit Rights

Ringlyn shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

11. International Transfers

Ringlyn shall not transfer Personal Data to a third country or an international organization unless it has implemented appropriate safeguards in accordance with Applicable Data Protection Law.

12. Contact Information

For questions or concerns about this Data Processing Agreement, please contact [email protected].