DPA Appendix – Instruction

Nature and purpose of the processing

Processor will collect, access, transmit and store certain personal data in order to provide the Services and to fulfill its obligations under the Agreement.

Categories of personal data (“Relevant Personal Data”)

The categories of personal data processed on behalf of Controller are:

Regarding Authorized Users:

• First name, last name, email address, phone number, access log information including timestamps and IP addresses, user-id and authentication credentials.

Regarding Controller’s end-customers:

• Telephone numbers
• First and Last names
• Personal device identifiers
• IP addresses of personal device
• Personal data provided as user input to mediaservice
• Speech data related to voice calls
• Call recording files
• Video data related to video calls
• Authentication credentials

Categories of data subjects

Authorized Users and Controller’s end customers

Retention period or criteria for data retention

Personal data regarding Controller’s end customers is stored temporarily in the Platform and is never stored longer than 14 days, unless,

• i) the data is part of Service provisioning where it may be deleted at any time by Controller or upon service termination,


• ii) or unless call recordings made by SIP Mediaserver or Alarmbridge where recording files are stored until deleted by Controller or upon service termination


• iii) temporary recordings for SIPRec service are automatically deleted after 7 days unless deleted earlier by Controller

Processor may process Relevant Personal Data no longer than during the term of the Agreement. Processor shall delete or return all Relevant Personal Data in accordance with Section 18.2 of the General Terms and Conditions.