Data Processing Agreement (DPA)
Under Art. 28 GDPR, companies that have personal data processed by a service provider are required to conclude a Data Processing Agreement (DPA).
When do I need a DPA?
You need a DPA with NovaVoca if:
- Your AI assistant captures personal data from callers (name, email, phone number)
- Call transcripts are stored
- You use post-processing features (email, SMS, webhook) with personal data
In most business use cases, a DPA is required.
Concluding a DPA
1
Download the DPA
Download the DPA as a PDF: Download DPA → (opens in a new tab)
2
Fill out and sign
Fill in your company details and sign the agreement.
3
Send to NovaVoca
Send the signed DPA to: avv@novavoca.com
4
Countersignature
NovaVoca countersigns the DPA and sends a copy back to you.
Contents of the DPA
The DPA covers, among other things:
- Subject and duration of the processing
- Nature and purpose of the processing
- Categories of data subjects (callers, customers)
- Types of personal data (name, contact details, conversation content)
- Technical and organizational measures (TOM)
- Sub-processors and their approval
- Deletion and return of data after the contract ends
Technical and organizational measures (TOM)
NovaVoca implements extensive security measures:
- Encryption of all data in transit (TLS 1.3) and at rest (AES-256)
- Access control and authentication
- Regular security audits
- Backup and recovery concepts
- Incident response processes
Contact
For questions about the DPA:
Email: avv@novavoca.com Phone: Via novavoca.ai/kontakt (opens in a new tab)