0800 282 717 Support Client Login

PRIVACY NOTICE REGARDING PERSONAL DATA PROCESSING IN CALL CENTER SERVICES

Section I. INTRODUCTION

Dear business partners and clients,

The Mood Media Group of Companies (hereinafter referred to as “Mood Media”, “Joint Controllers”, “we,” “us,” “our”) hereby informs you of the processing of personal data as Joint Controllers for the audio recordings within the Mood Media Group, as well as of the rights you have according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR), and under the applicable data protection laws and regulations.

The Mood Media Group of Companies is present both in the EU and outside the EU; the entities engaged in the processing of personal data for the calls recorded by Mood Media are listed at the end of this Privacy Notice.

Based on this Privacy Notice, we help you to understand how we process your personal data within our Call Centre Services, what categories of information we process, why we process them, how long we keep them and who can access those data, including your rights and how you can exercise them.
The personal data that are the subject of this document will be processed by the means and for the purposes jointly established by the Joint Controllers, as described below.

Section II. BASIC INFORMATION ON PERSONAL DATA PROCESSING

a) Data Subjects
Clients’ representatives/customer data
Employees of the Joint Controllers: Call Center Operators/Agents

 b) Categories of Personal Data
The personal data we process in the Call Center activities are those resulting from the audio recording (voice) and the data provided during the phone conversation and include:
Last and first name
Job title
Department
Location
E-mail address
Telephone number
Any other Personal data provided incidentally during the phone call by the data subject.

The Joint Controllers do not record or process in any way “special categories of data” as mentioned in the General Data Protection Regulation.

c) How we collect your personal data?
Call Recording and Live Monitoring the calls

  • For calls that we receive from you, before the telephone connection is established, the welcome message will mention that the call is recorded and that it might be live monitored. You will be asked to press 1 if you consent. Should you state your refusal to have the conversation recorded and/or live monitored by pressing 2, the recording and monitoring is to be automatically interrupted.
  • With regard to the outbound calls (i.e. calls initiated by the Agents), the calling Agent will seek the client’s approval for the call recording. If the client does not consent to the audio recording:
    • the agent will manually stop the recording and will continue the identification of the client and further will proceed to the troubleshooting process;
    • at the end of the call, the Agent will notify the management team and the IT department of the call to be deleted;
    • Management will proceed to deletion of the audio file related to the beginning of the call.

The calls may be “live monitored” (i.e. listened in real-time) through Talkdesk Live which is a live monitoring dashboard of the Talkdesk users’ accounts activity, but such live monitoring can only by performed by Quality Assurance Specialists and Supervisors within the Joint Controllers (generally referred to as “Authorized Users”). Talkdesk Live alerts managers and supervisors of items that need attention at any given moment, allowing them to make informed decisions. Additionally, Agents can receive invaluable assistive feedback during times they need it most, ensuring customers continue to be provided the high level of service they expect at all times.
Live monitoring the calls is made only under specific circumstances related to the quality of services, probation period of the Agent or the performance of the employment contract.
Please note that Mood Media doesn’t live monitor the calls made by EU Clients.

d) How we use the personal data we collect. Purposes.
Personal data will be used by Mood Media for the purpose of ensuring the clients’ service quality control, as well as for assessing the performance of the employees. The data may also be made available within the Joint Controllers’ group of companies for the purpose of training the employees in order to improve the overall quality of the clients’ service across the Mood Media Group. In particular, the activity of the employees providing support phone calls to EU and non-EU Clients is analysed by the supervisors within the Mood Media Group. The analysis is made based on certain key performance indicators communicated to the employees during their induction training within the Company.

In order to achieve the purpose above, the processing operations consist mainly of:

  • accessing the personal data by the personnel of the Joint Controllers,
  • storing such personal data in the physical archive (transcripts) or in electronic format, on the infrastructure of the Joint Controllers or of the processors of the Joint Controllers, if appropriate,
  • transferring personal data within Mood Media Group, as well as to the third parties mentioned at letter i) below.

e) Legal ground of the processing
The legal ground of the processing is art. 6 (1), letter a) from the GDPR – the data subject has given their consent for the processing of personal data. The client is informed of the recording and monitoring of the call when a conversation is initiated and they have the option to exercise the right to object at any time. The use of personal data aforementioned for another purpose not related with the ones stated under letter d) above may be carried out only with the consent of the data subjects.

For the employees of Mood Media, who are subject of the recording operations, the legal ground is art. 6 (1) letter f) – the legitimate interest of Mood Media to assess the performance of the employees and provide feedback.

f) The data retention period of the records
The personal data is stored as follows:

  • the audio recordings are stored for a period of 30 days, excepting the cases when the legitimate interest of Mood Media requires a longer period;
  • after the expiry date, the audio recordings are automatically deleted;

g) Who can access the recordings?
The recorded calls can be accessed only by the Authorized Users assigned to verify and assess the calls, as listed in Mood Media’s internal policies and procedures, and/or by competent authorities. For avoidance of doubt, Mood Media ensures that persons authorized to process the personal data (such as: employees, agents, representatives, collaborators and contractors etc. of the Processors) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and have one of the purposes mentioned at letter d) above, in relation to that processing.

 h) Recipients or categories of recipients of personal data
Personal data are transmitted between Joint Controllers/ within Mood Media Group.
Excepting the Joint Controllers and Talkdesk Inc., in its capacity as Processor and Talkdesk’s Sub-processors, no other parties have access to or process the personal data.
The transfer is made with the observance of conditions meant to secure the data and the recipients undertake the necessary technical and organisational measures to protect the personal data and to comply with the rights of data subjects, according to the law and the contractual commitments concluded. The Joint Controllers shall disclose the personal data at the express request of bodies authorized by law, and the disclosure shall be documented and subject to a rigorous review regarding, on the one hand, the need for communication, and, on the other hand, the compatibility between the purpose of this communication is made for and the purpose for which such data were collected initially for processing. For avoidance of doubt, if a legal obligation imposes the disclosure of the personal data to the relevant authorities, the initial purpose of the data collection mentioned at letter d) above is deemed compatible with such mandatory disclosure under the law.

i) International transfers of personal data
In order to comply with the GDPR restrictions in respect of the international transfers provided by art. 44 et seq. from the GDPR, Mood Media is continuously reviewing and strengthening the protection measures regarding the international transfers, while keeping in mind the guidelines and recommendations of the EU authorities.
As such, in respect of the Mood Non-Eu Entities and Mood US Entities, the international transfer of personal data is regulated by the Standard Contractual Clauses approved by the EU Commission on June 4th 2021. The European Commission approved standard contractual clauses are available here.
In addition to using the Standard Contractual Clauses above, Mood Media is continuously taking steps towards ensuring additional protection measures of the data subjects rights, guaranteed under the GDPR and under the applicable data protection laws and regulations.

Section IV. RIGHTS OF DATA SUBJECTS

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Request access to your personal data, directly or indirectly collected from you. According to art. 15 of the GDPR, you have the right to receive a confirmation of the processing of personal data and, if necessary, to be informed about: the categories of data processed, the purpose of the processing, possible recipients, the storage period, as well as information regarding your rights. You can also request a copy of your personal data;
  • Request correction of your personal data in case you consider the data in question as incorrect or incomplete;
  • Request erasure of your personal data (the right to be forgotten involves the deletion of your personal data, without undue delay, with the exceptions provided by law). Data subjects have the right, at any time, to request the deletion of the personal that the Joint Controllers or their processors process for certain reasons. However, a claim grounded on the right might be disregarded by the Joint Controllers if, for example, the personal data are required to defend a right in court of the Joint Controllers;
  • Object to processing of your personal data. In respect of the employees for which the data is processed based on the Joint Controller’s legitimate interest, the employees have the right to object to the processing, on grounds relating to their particular situation, The Joint Controllers shall no longer process the personal data unless the they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Further information on the right to object to the processing can be found in art. 21 of the GDPR and Mood Media’s internal procedures on the exercise of the data subject’s rights;
  • Request restriction of processing your personal data for a limited period. Under certain conditions provided by law, the data subject has the right to restrict the personal data processing (for example, if the accuracy or correctness of the personal data is challenged by the data subject). In such situations, the processing can only be carried out with the consent of the data subject, with certain exceptions (for example, storage);
  • Request transfer of your personal data; You have the right to receive, in a structured format, currently used and automatically readable, the personal data that you have provided to Mood Media and the right to transmit such data to another controller. This right can only be exercised in compliance with certain legal requirements;
  • The right to withdraw your consent where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent;
  • The right to be informed. This Privacy Notice informs you how we process your personal data, in accordance with the provisions of art. 13 of the GDPR;
  • The right not to be subject to a decision based solely on automated means, including on profiling. In this regard, we hereby inform you that Mood Media does not carry out automated decision-making based on the processing of your personal data, such as profiling. Your personal data are not subject to an automated individual decision-making process, including profiling, as mentioned under article 22 paragraphs (1) and (4), in Regulation (EU) no. 679 of 27 April 2016;
  • The right to lodge a complaint with the Supervisory Authority for data protection issues, but also to address the issues to competent authorities. Residents of the EEA may file a complaint with a data protection authority. The data protection authorities will require you first attempt to resolve any complaint with us. To find the contact details of the Data Protection Authority in your country of residence, please visit link.

Section V. EXERCISE OF THE RIGHTS BY DATA SUBJECTS

For any requests you may have regarding the exercise of the aforementioned rights and in order to address any other questions regarding the processing of personal data by Mood Media, please contact us at [email protected].

Following the review of the request, you will receive a confirmation message that your request has been registered, as well as any other necessary information, as appropriate.
We will try to respond to the request within 30 days. However, the deadline can be extended depending on different aspects, such as the complexity of the request, the large number of requests received or the inability to identify you in a timely manner.
In case it is impossible to identify you, we may request the submission of documents certifying your identity as a data subject or copies thereof. If you do not provide the additional information, we cannot respond to the request.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Section VI. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

a) Protection of personal data and security of information
Mood Media constantly maintains adequate technical and organizational security measures for protecting the personal data against accidental or unlawful destruction or accidental loss, deterioration, alteration, disclosure or unauthorized access especially when the processing involves sending data through a network, as well as against any other unlawful processing forms.
Mood Media implemented physical, electronic and procedural protection measures, in order to ensure the protection of personal data. Mood Media restricts the authorized access to personal data to the persons who have a legitimate purpose which is consistent or compatible with the processing purpose mentioned at section II, letter. d) above.

b) Protection of minors
The personal data do not include data from minors (below 16 years old). Mood Media shall not process the personal data of a natural person regarding whom they are aware that is below sixteen (16) years old. Mood Media does not knowingly request or collect personal data from children below sixteen (16) years old. However, should Mood Media find out that it received Personal data from an individual mentioning, or about whom the company has reasons to believe that is below sixteen (16) years old, then Mood Media shall erase such information from its systems. The relevant minor’s parent or legal guardian may also request that the personal data regarding the child are erased from the files of Mood Media by sending an email containing such request at [email protected].

 c) Security measures for the personal data processed for the recorded phone calls
To secure the data, Mood Media undertook the following technical and organizational measures:

  • Access to personal data is granted only to a limited number of Authorized Users;
  • The authorized personnel undertake the obligation to keep the confidentiality regarding any type of personal data processing, by means of a document attesting this fact;
  • The authorized personnel have been trained with regard to security requirements, to the internal policies of the company and to the applicable laws regarding the fulfilment of duties and obligations incumbent on them in relation to personal data processing and the consequences of infringing upon such requirements;
  • Each authorized user has a personal and unique identification code;
  • The user ID is not and may not be assigned to another person;
  • The information systems and the physical media on which personal data are stored are kept in a secured physical environment;
  • The information systems are fit out with antivirus software and devices for detecting intrusions, in order to protect them against attacks, or other unauthorized actions targeting information systems. The antivirus software and the systems of detection of intrusions are regularly updated;
  • The software, firmware and hardware used within the information systems are regularly checked, in order to detect and remove vulnerabilities and deficiencies of information systems;
  • Audio recordings are AES 256 encrypted;
  • It is not allowed to copy, download, erase or alter any recorded file, at one’s own initiative/without authorization granted for a specific purpose consistent or compatible with the purposes of the personal data processing mentioned in section II, letter d).

d) The description and technical specifications of the web-based platform
The recording and transmission of the Data Recordings are made through a browser-based platform licensed by Talkdesk Inc., and accessed through website https://moodmedia.mytalkdesk.com/.

The technical and organizational measures undertaken for the protection of the personal data subject matter herein are extensively described in the Standard Contractual Clauses concluded between Mood Media and Talkdesk Inc. Talkdesk Inc. adopts an Information Security Management System (ISMS) as a framework for continuous improvement of security and using a risk-based approach. This ISMS includes (but is not limited to):

Policies
Talkdesk has and periodically reviews the Information Security Policies as the major guidelines for security practices. This includes Risk Management, Data Classification, Access Control, Software Development and Data Breaches.

Awareness
Awareness on security and compliance is fundamental and provided to all users. Some users may have additional specific awareness, relevant for their function.

Access control
Access is granted on a need-to-know basis and only a small number of users can access production systems where information from Customers is stored. Authentication to production systems is made with 2-factor Authentication as a standard. 

Audit logging
Relevant audit logs are maintained, including access to sensitive information (including personal data). The logs are kept in separate infrastructure and only accessed by the Security team.

Data Breaches
Processes are defined to handle data breaches. These processes include notification to relevant stakeholders, according to the type of incident and applicable legislation.

Network security
Talkdesk implemented several security measures to protect our infrastructure from external and internal threats. This includes encryption, firewalls, IDS and other cloud provider specific. Access to production systems is made in secure mode and encryption in transit is a default. Sensitive information is also encrypted at rest.

Physical Security
Talkdesk uses data centers managed by cloud providers and delegates all physical security to them, after a due diligence.

Business Continuity
Talkdesk has several technical implementations to assure business continuity of its service. Those include backups, resilient and redundant infrastructure and Disaster Recovery Plans.

Development
Development is made using a secure development methodology that includes peer review and secure coding and testing.

Continuous improvement and review
Talkdesk security posture is based on a continuous improvement process that includes periodic review of security controls effectiveness.
The technical and organizational measures undertaken for the protection of the personal data subject are extensively described in the Standard Contractual Clauses concluded between Mood Media and Talkdesk Inc.

Section VII. ADDITIONAL INFORMATION ON PERSONAL DATA PROCESSING

a) Source of personal data
Personal data may be initially collected by one or several Joint Controllers. Subsequently, they are transmitted to one or several Joint Controllers, for meeting the purposes described in Section II, letter d) above in the context of group reporting and analysis.

b) Automated decision-making and profiling
The above-mentioned personal data will not be the object of an automated decision-making process, such as profiling.

Section VIII. CONTACT DETAILS OF MOOD MEDIA REGARDING PERSONAL DATA PROCESSING

a) Contact details
If you have any questions about this Privacy Notice or how we handle your personal information, please contact us at [email protected].

b) Identification details of the Joint Controllers/Mood Media entities
See the list below.

Referred to as Legal corporate name Registered headquarter Country
1.     Mood Media Austria Mood Media GmbH Kristein 2, 4470 Enns, Oberösterreich Austria
2.     Mood Media Belgium Mood Media Belgium SA Lange Lozanastraat 142, 2018 Antwerpen Belgium
3.     Mood Media CZ Mood Media Group CZ sro Lazarská 13/8, 120 00 Praha 2 Czech Republic
4.     Mood Media France Mood Media SAS 22 Quai Gallieni, 92150 Suresnes France
5.     Mood Media Germany Mood Media GmbH Wandalenweg 30, 20097 Hamburg Germany
6.     Mood Media Netherlands Mood Media Netherlands BV Transistorstraat 22, 1322 CE Almere The Netherlands
7.     Mood Media Europe Mood Media Europe BV
8.     Mood Media Hungary Mood Media Hungary KFT Hegyalja út 7-13, 1016 Budapest Hungary
9.     Mood Media  Poland Mood Polska Sp.  Z.o.o. ul. Targowa 24, 03-728 Warszawa, Poland
10.  Mood Media Romania S.C. Mood Media Romania S.R.L. Bucharest, George Constantinescu Street no. 3, Entrance A and D, ground floor and 3rd floor, District 2

 

Romania

 

11.  MMC Romania Mood Media Comercial SRL Bucharest, George Constantinescu Street no. 3, Entrance A and D, ground floor and 3rd floor, District 2, 020339
12.  Mood Media Spain Instore Márketing Solutions, SAU Calle La Volta, nº4, Planta 1ª, Local 7 – 08150 Parets del Valles Spain
13.  Mood Media Denmark Mood Media A/S Alsikevej 14, 8920 Randers NV Denmark
14.  Mood Media Greece New Audio Visual Solutions and Applications Ltd 95C Pentelis Avenue – Chalandri 15234 Greece
15.  Mood Media Ireland Mood Media Ireland Limited Unit 1-2, 19 the Rear Courtyard, Castle St, Dalkey, Co Dublin Ireland
16.  Mood Media Sweden Mood Media Aktiebolag (AB) c/o Accountor AB – Sankt Eriksgatan 113 – 113 43 Stockholm Sweden
17.  Mood Media Bulgaria Mood Media Bulgaria EOOD/ Virgina Records 9, Pop Bogomil str. 1202 Sofia, Bulgaria Bulgaria
18. City TV OU Paldiski mnt. 29, Tallinn Estonia
19. Easy New Media SRL Via Ippolito Nievo 25, 10153 Torino Italy
20.  Mood Media  UK Mood Media Limited  Unit 3 Airport Trading Estate Wireless Road, Biggin Hill, Westerham, TN16 3PS

 

UK

21.  PlayNetwork UK PlayNetwork Limited
22.  Mood Media US Convergence, LLC 2100 S IH 35 Frontage Rd., Suite 201, Austin, TX 78704

 

 

 

 

USA

DMX, LLC
Mood Media North America Holdings Corp.
Muzak LLC
ServiceNET Exp, LLC
Technomedia Solutions, LLC
PlayNetwork, Inc. 14720 NE 87th Street, Redmond, WA, 98052-3400

We will keep you informed if any changes or updates to the aforementioned list will occur.
This information is provided in addition to the Privacy Policy.

Non-English translations of this Privacy Notice are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.

The Joint Controllers will make available, upon request, a copy of the essential clauses to data subjects, unless the clauses contain confidential information, in which case such information may be removed.

Last update: August 2022