Skip to content
CALLAIR

Legal

GDPR & Data Processing

Last updated: 17 June 2026.

1. Framework

CALLAIR SASU processes personal data in accordance with Regulation (EU) 2016/679 ("GDPR") and the French Data Protection Act (Loi Informatique et Libertés). This page summarizes our data processing posture and the structure of the data processing agreements ("DPA") we enter into with clients.

2. Roles

  • Controller (callair.ai visitors)

    CALLAIR is the data controller for personal data collected through callair.ai. See the Privacy Policy.

  • Processor (client engagements)

    When CALLAIR processes personal data on behalf of a client, CALLAIR acts as processor under a written DPA. The client remains the data controller.

3. DPA structure

  • Subject matter and duration

    Defined per engagement; aligned with the term of the underlying services agreement.

  • Nature and purpose

    Limited to the AI systems and operations scoped in the services agreement.

  • Categories of data and data subjects

    Specified per engagement (e.g. end-customer contact data, employee operational data).

  • Security measures

    Encryption in transit and at rest, access controls, audit logging, secret management, and documented incident response — sized to the risk profile of the engagement.

  • Sub-processors

    Disclosed, contractually flowed-down, with the client's right to object to changes.

  • Data subject rights

    Operational procedures to assist the controller in responding to access, rectification, erasure and other requests.

  • International transfers

    Adequacy decisions or Standard Contractual Clauses where applicable, with supplementary measures as required.

  • Audit rights

    Client right to audit (or appoint a third-party auditor), subject to reasonable confidentiality and scheduling.

  • Return or deletion

    Return or deletion of personal data at the end of the engagement, with proof of deletion on request.

4. Sub-processors

CALLAIR maintains a current list of sub-processors used for hosting, database, email, analytics and supporting infrastructure. The list is provided to clients on signature of the DPA and updated with material changes. Requests: privacy@callair.ai.

5. Incident response

CALLAIR maintains a documented incident response procedure. In the event of a personal data breach affecting a client's data, CALLAIR notifies the affected client without undue delay and assists in fulfilling notification obligations to supervisory authorities and data subjects.

6. Contact

For GDPR, DPA or sub-processor inquiries, contact privacy@callair.ai.