6.1  Overview and Applicability

This Data Processing Agreement (“DPA”) forms part of the agreement between Dialinger (Velox Tech Pte. Ltd.) and the business customer (“Customer” or “Controller”) and applies wherever the Customer uses Dialinger’s Services to process personal data of their own customers or employees (“Data Subjects”).

This DPA is incorporated by reference into Dialinger’s Terms and Conditions. In the event of a conflict between the DPA and the Terms, the DPA shall prevail with respect to data processing matters.

6.2  Roles and Responsibilities

• The Customer is the Data Controller: The Customer determines the purposes and means of processing personal data through the Dialinger platform.
• Dialinger is the Data Processor: Dialinger processes personal data only on the instructions of the Customer, as necessary to provide the Services.
• For Subscription Data and Usage Data relating to the Customer’s own account, Dialinger acts as an independent Controller (not a processor), and such data is processed in accordance with the Privacy Policy (Section 1).
  
  

6.3  Dialinger’s Obligations as Processor

Dialinger agrees to:

• Process Customer personal data only on documented instructions from the Customer, including for international transfers
• Ensure that all Dialinger personnel with access to Customer personal data are bound by appropriate confidentiality obligations
• Implement appropriate technical and organisational security measures to protect Customer personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure
• Notify the Customer without undue delay (and within 72 hours where possible) upon becoming aware of a personal data breach involving Customer data
• Assist the Customer in responding to Data Subject rights requests (access, rectification, erasure, etc.)
• Make available to the Customer all information necessary to demonstrate compliance with this DPA
• Delete or return all Customer personal data within 90 days following the end of the contract (see Section 2.3), unless retention is required by law
  
  

6.4  Sub-Processors

Dialinger uses third-party sub-processors to deliver its Services (e.g., cloud hosting providers, payment processors). Dialinger maintains a list of its current sub-processors, which is available upon request at legal@dialinger.com. 

Dialinger will provide at least 30 days’ notice before adding new sub-processors. If the Customer objects to a new sub-processor on reasonable grounds, the parties will work in good faith to find an alternative.

6.5  Data Transfers

Where Dialinger transfers Customer personal data outside the Customer’s home jurisdiction (for example, from the EEA to Singapore), Dialinger will implement appropriate safeguards such as Standard Contractual Clauses or equivalent transfer mechanisms as required by applicable law.

6.6  Customer’s Obligations

The Customer is responsible for:

• Ensuring it has a lawful basis for collecting and processing the personal data of its own customers and end users
• Providing appropriate privacy notices to its own customers and end users regarding the use of Dialinger’s Services
• Ensuring it complies with applicable call recording consent laws in the jurisdictions in which it operates