Is CallOrbit GDPR-ready?

CallOrbit provides GDPR-supporting measures such as a DPA, processor commitments, security controls, deletion support, export support, and data subject request assistance.

Who answers GDPR requests for callers or contacts?

The customer usually answers requests for customer-controlled data. CallOrbit answers requests for data it controls directly.

Does GDPR apply to call recordings?

Yes, call recordings and transcripts can contain personal data and must be handled with a lawful basis, proper notice, retention controls, and security safeguards.

Legal - Effective May 17, 2026

CallOrbit GDPR Disclosure

This GDPR Disclosure explains how CallOrbit supports GDPR requirements for EU and EEA personal data processed through VoIP, business phone system, call center software, business SMS, WhatsApp, AI phone system, recordings, transcripts, analytics, and telecom API workflows.

Effective date: May 17, 2026. Review cadence: Reviewed with EU privacy law, transfer, subprocessor, and product changes. Contact: privacy@callorbit.tech.

1. GDPR Roles
2. Lawful Bases
3. Data Subject Rights
4. How To Exercise Rights
Is CallOrbit GDPR-ready?
Who answers GDPR requests for callers or contacts?

Policy snapshot

Effective date: May 17, 2026
Review cadence: Reviewed with EU privacy law, transfer, subprocessor, and product changes
Contact: privacy@callorbit.tech

1. GDPR Roles

For customer communications data processed through CallOrbit, the customer usually acts as controller and CallOrbit acts as processor. The customer decides why and how to process caller, contact, employee, agent, and message recipient personal data. CallOrbit processes that data to provide the service and follow customer instructions.

CallOrbit acts as controller for its own website visitors, sales leads, account administrators, billing records, security logs, support records, marketing communications, and legal compliance records.

2. Lawful Bases

CallOrbit may rely on contract necessity, legitimate interests, consent, legal obligation, vital interests, or public interest depending on the processing activity. Customers must identify and document the lawful basis for their own calling, messaging, recording, AI, analytics, employee monitoring, marketing, and data import activities.

3. Data Subject Rights

Access to personal data.
Correction of inaccurate data.
Deletion where law requires or permits it.
Restriction of processing.
Objection to processing, including direct marketing.
Data portability where applicable.
Withdrawal of consent where processing is based on consent.
Complaint to a supervisory authority.

4. How To Exercise Rights

For data controlled by CallOrbit, email privacy@callorbit.tech. For data controlled by a CallOrbit customer, contact that customer directly. If you contact CallOrbit about customer-controlled data, we may forward the request to the customer or ask you to contact the customer because CallOrbit may not be able to verify or act on the request independently.

5. Processor Commitments

Process customer personal data on documented instructions.
Use confidentiality obligations for personnel with access.
Implement appropriate technical and organizational security measures.
Use subprocessors under appropriate contractual obligations.
Assist customers with data subject requests, security, breach notices, deletion, and compliance information where required and reasonably possible.
Delete or return customer personal data at the end of services subject to retention requirements.

6. International Transfers

Where EU or EEA personal data is transferred outside the EEA and a transfer mechanism is required, CallOrbit uses appropriate safeguards such as standard contractual clauses, adequacy decisions, contractual safeguards, or another lawful transfer mechanism.

7. Security And Breach Notice

CallOrbit maintains security measures designed to protect personal data processed through the platform. If CallOrbit confirms a personal data breach affecting customer personal data, CallOrbit will notify affected customers without undue delay so they can meet their own GDPR obligations.

8. Automated Processing And AI

CallOrbit may provide AI-assisted features, but customers are responsible for deciding whether AI use is lawful for their data subjects and use case. Customers should not use AI outputs for decisions with legal or similarly significant effects without human review, a lawful basis, transparency, and safeguards required by GDPR.

9. Marketing And Consent

Customers using CallOrbit for marketing calls, SMS, WhatsApp, email, prerecorded messages, autodialing, or lead follow-up must comply with GDPR, ePrivacy rules, national marketing laws, and consent requirements that apply to their audience.

Quick answers

Is CallOrbit GDPR-ready? - CallOrbit provides GDPR-supporting measures such as a DPA, processor commitments, security controls, deletion support, export support, and data subject request assistance.
Who answers GDPR requests for callers or contacts? - The customer usually answers requests for customer-controlled data. CallOrbit answers requests for data it controls directly.
Does GDPR apply to call recordings? - Yes, call recordings and transcripts can contain personal data and must be handled with a lawful basis, proper notice, retention controls, and security safeguards.