Data Processing Agreement (DPA)
This DPA forms part of the Terms of Service between OnCallClerk Ltd (“Processor”) and the customer (“Controller”). By using the service, you agree to this DPA.
Last updated: September 12, 2025
Scope
OnCallClerk processes personal data on behalf of the Controller for the purpose of providing AI-powered phone answering and call management services.
Duration
This DPA remains in force while the Controller uses the service and until all personal data has been deleted or returned in accordance with Section 7.
Controller
You, the customer, act as the Data Controller. You determine the purpose and lawful basis for processing personal data and are responsible for providing notices and obtaining consents where required.
Processor
OnCallClerk acts as the Data Processor. We process personal data only on documented instructions from the Controller and in accordance with this DPA.
Types of Data
OnCallClerk may process the following categories of personal data on behalf of the Controller: Account Data (names, emails, phone numbers, billing details), Call Data (call recordings, transcripts, caller IDs, call duration, metadata), and Technical Data (IP addresses, device/browser identifiers, usage logs).
Data Subjects
Data subjects include the Controller’s employees, customers, prospects, and other individuals who participate in or are subject to recorded calls.
Processing
We process personal data only on documented instructions from the Controller.
Confidentiality
We ensure persons authorized to process personal data are bound by confidentiality obligations.
Security
We implement appropriate technical and organizational measures, including encryption, access controls, and monitoring, to protect personal data.
Assistance
We assist the Controller in responding to data subject requests, complying with security and breach obligations, and conducting data protection impact assessments.
Breach Notification
We will notify the Controller without undue delay if we become aware of a personal data breach.
Audit Rights
We will provide information necessary to demonstrate compliance and allow audits once per year with reasonable notice.
Authorization
The Controller authorizes OnCallClerk to engage subprocessors to deliver the service, such as cloud infrastructure and payment providers.
Safeguards
We impose data protection obligations on all subprocessors equivalent to those set out in this DPA.
List
A current list of subprocessors is available upon request or at oncallclerk.com/subprocessors.
Cross-Border Processing
Personal data may be transferred and processed outside the UK/EEA where required to deliver the service.
Safeguards
Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other lawful mechanisms under GDPR.
End of Service
Upon termination of the Agreement, OnCallClerk will delete or return all personal data within 30 days unless retention is required by law.
Deletion Requests
The Controller may request deletion of specific data at any time, and we will comply within 30 days unless legal obligations prevent deletion.
Requests
If OnCallClerk receives a request from a data subject under GDPR or CCPA, we will promptly notify the Controller. We will not respond directly except on documented instructions from the Controller.
Liability
Each party’s liability under this DPA is subject to the limitations of liability set out in the main Agreement (Terms of Service).
Governing Law
This DPA is governed by and construed in accordance with the laws of England & Wales.
This DPA ensures compliance with Article 28 of the GDPR and related data protection laws. By signing up to OnCallClerk, you agree to be bound by this DPA in addition to our Terms of Service and Privacy Policy.