World-class support

How can we help you today?

Privacy Policy

It is important that you read and understand this document.

By subscribing to babblevoice services you are agreeing to the following privacy policy.

Babblevoice handles high volumes of phone calls on behalf of our customers. This means we store and transmit data on your behalf. You remain the controller of the data we hold, retain ownership of and control over it. Babblevoice is a processor.

Babblevoice uses certain subprocessors (external companies to whom we subcontract out certain functions).

Currently these are:

  • Amazon Web Services
  • Zendesk
  • Nutshell
  • Google

We vet all subprocessors to ensure they reach our standards, and we will inform you if these are changed.

Please be aware that we and your reseller (if you have one) will have access to your account with us and any data held within that account. This is for the purposes of managing your account and providing you with updates regarding babblevoice.

Data Storage

  • Configuration data (does not contain any personal information)
  • Fully anonymised statistical data (does not contain any personal information)
  • Phone call records which include phone numbers - may be used in conjunction with other data to identify an individual
  • Call recordings and voicemail (potentially contain personal information)
  • Contact information; email, phone, business contact details (treated as personal information)
  • User information; name, email address.
  • Call lists and Phonebooks stored for babblevoice users.

Using personal data

We don't sell or give any data to 3rd parties (except those listed as sub contracted / sub processors for the specific purposes they are contracted to perform).

We don't store credit card details.

Call recordings, call records

All call recordings and call records are encrypted at rest.

If our staff need to access relevant data from a call i.e. when an issue is reported by you regarding a specific phone call, our staff will ask for permission from you to access the relevant data to help in the diagnosis of any potential issue. This is recorded in our case management system (Zendesk).

Each time a call recording is accessed we maintain a record of the user accessing that record. Our staff are not authorised to send call recordings and voicemail via email or in any other way and we audit their call recordings access.

Call recordings can be deleted using the call recordings widget on the vibes board, by those users with the appropriate permissions. Alternatively this can be requested with our helpdesk. We currently do not support data erasure of call records but are working towards implementing this

Transmitting data

Actual telephone calls (like all telephone calls over the Public Switched Telephone Network) are insecure. However, all our call record data (i.e. phone call recordings or call records) is transmitted using SSL to encrypt the transmission. This data can be accessed via Vibes (or any other mechanism we provide) and again this data is encrypted via SSL (HTTPS in a browser).

Where is the data stored

All data is stored in Amazon EC2/S3 storage in the EU region Dublin, Ireland or the UK.

DPIA

The processing performed by babblevoice is the storage of call recordings. We do not systematically monitor it, use innovative technology, track it on a large scale or carry out/use any sort of profiling.

Our customers may need to complete this process independently against their own requirements as they may perform further processing on this data which contains personal information. If you would like assistance with this then please contact us on dpo@babblevoice.com.

Compliance with the national data opt-out policy

Taken from the national data opt-out policy:

"The national data opt-out policy was introduced on 25 May 2018, enabling patients to opt out from the use of their data for anything other than their individual care and treatment, for example research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs."

Babblevoice stores, on behalf of its clients, records which could potentially contain PII data. Babblevoice makes this information available only to the surgery responsible for that data with no other processing occurring. As babblevoice does not pass on data to any 3rd party for any purpose then babblevoice conforms to this requirement.

End of contract provision

The data controller can download all call recordings and call logs at the end of their contract with Babble Ltd.

Call recordings can be deleted by the controller or will automatically be deleted once they stop paying for storage.

Google Data

Babblevoice uses some Google services:

Google Auth - Single Sign on from Google

We receive your unique user id and email information from Google. We do not share this with any third parties. It is used to manage users within the babblevoice system.

Google Calendar

We query free/busy information in calendars that you supply the URL for. This is only used to aid routing telephone calls on your behalf. This data is cached for the purposes of faster lookups but not kept.

Google Speech to Text

Where configured by you, we pass audio from telephone calls to Google to be converted into text. The text response from Google is then used to decide how to route telephone calls as configured by you.

NHS Care Identity Authentication (CIA)

Please note that if you access our service using your NHS Care Identity credentials, the identity access and management services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get a national digital identity and authenticate your claim to that identity, and uses that personal information solely for that single purpose. For any personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, view the NHS Care Identity Service 2 page. This restriction does not apply to the personal information you provide to us separately which is managed in accordance with our Privacy Policy.

Cookies

Our web site uses Cookies. They serve 2 purposes.

  1. To manage authentication, when you log into any of our services we uses Cookies to track you as a user
  2. To see how our users are using our web site for the purpose of improving our website

We do not pass information to any other service or involve ourselves in advertising.

Contact information

We use contact information to contact our customers (or potential customers) who have agreed to engage in a conversation (whether it be sales or support).

Compliance/Accreditations

Babblevoice is registered and up to date with the NHS DSPToolkit. Our registration code is 8JH16.

We are ISO 27001 accredited and externally audited by QMS.

Our Information Security Policy is available to view here.

Queries & concerns:

We will assist the controllers of the data to meet their obligations to the ICO to:

  • Keep personal data secure
  • Notify personal data breaches to the ICO
  • Notify personal data breaches to data subjects
  • Carry out DPIAs when required; and
  • Consult the ICO where a DPIA indicates there is a high risk that cannot be mitigated.

To discuss any data queries or if you have any concerns about your data then please contact our Data Protection Officer at dpo@babblevoice.com.

To contact our Caldicott Guardian, please email us on support@babblevoice.com using the subject header: FAO Caldicott Guardian.

For any other queries please contact us.

Updated 06/06/2023