CallPro UK Limited – Data Processing Addendum (DPA v3.0)

Effective Date: October 2025
Company Number: 16801755
Registered Office: Fountayne House, London, N15 4QL
Website: www.callpro.uk
Governing Law: England & Wales

This Data Processing Addendum (DPA) forms part of the Terms & Conditions of Service between CallPro UK Limited (“Processor”, “we”, “us”, “our”) and the subscribing Client (“Controller”, “you”, “your”) — each a “Party”, together the “Parties”.

1. Purpose

This DPA sets out the terms on which CallPro UK processes Personal Data on behalf of the Client in connection with the provision of AI Receptionist and related digital services.

The DPA ensures compliance with:

• The UK General Data Protection Regulation (UK GDPR),
  
  

• The Data Protection Act 2018, and
  
  

• Any other applicable privacy laws in the United Kingdom.
  
  

2. Definitions

For the purposes of this DPA:

• Personal Data: any information relating to an identified or identifiable natural person.
  
  

• Processing / Processed: any operation performed on Personal Data, such as collection, storage, recording, transmission, or deletion.
  
  

• Controller: the entity that determines the purposes and means of processing Personal Data (the Client).
  
  

• Processor: the entity that processes Personal Data on behalf of the Controller (CallPro UK).
  
  

• Sub-processor: any third party engaged by the Processor to assist in processing Personal Data.
  
  

• Data Subject: the individual whose Personal Data is being processed.
  
  

3. Roles of the Parties

• The Client acts as Data Controller, responsible for determining how and why personal data is collected.
  
  

• CallPro UK acts as Data Processor, processing data only on documented instructions from the Client.
  
  

4. Nature and Purpose of Processing

The Processor provides AI Receptionist, call answering, message capture, appointment booking, and lead delivery services for the Client.

Personal Data processed may include:

• Caller name and contact information,
  
  

• Call audio recordings and transcriptions,
  
  

• Messages, booking requests, or payment details,
  
  

• Business and trade-related metadata.
  
  

Processing occurs for:

• Handling inbound and outbound communications,
  
  

• Delivering call summaries and reports,
  
  

• Improving AI voice recognition and accuracy,
  
  

• Maintaining service quality and security.
  
  

5. Duration of Processing

Processing shall continue for the duration of the Client’s subscription or service agreement.
Upon termination, data will be retained for 30 days for export, after which it will be securely deleted or anonymised unless otherwise required by law.

6. Data Ownership

All Personal Data processed by CallPro UK on behalf of the Client remains the sole property of the Client.
CallPro UK acquires no rights to such data beyond what is necessary to deliver and maintain the service.

7. Processor Obligations

CallPro UK agrees to:

1. Process data only on documented instructions from the Client.
   
   

2. Ensure that personnel handling data are subject to confidentiality obligations.
   
   

3. Implement appropriate technical and organisational measures to protect data (see Section 8).
   
   

4. Inform the Client promptly of any data breach or suspected breach.
   
   

5. Assist the Client in fulfilling its GDPR obligations, including responding to Data Subject Access Requests (DSARs).
   
   

6. Maintain records of all processing activities carried out on behalf of the Client.
   
   

7. Delete or return all Personal Data upon termination (after the 30-day export period).
   
   

8. Security Measures

CallPro UK maintains a data protection framework that includes:

• Encryption of data in transit and at rest.
  
  

• Secure UK/EU data hosting (AWS or equivalent ISO 27001–certified providers).
  
  

• Access controls, strong authentication, and audit logs.
  
  

• Regular vulnerability testing and patch management.
  
  

• 24/7 infrastructure monitoring for anomalies.
  
  

• Role-based access and staff confidentiality agreements.
  
  

9. Data Breach Notification

In the event of a confirmed personal data breach:

• CallPro UK will notify the Client without undue delay (within 48 hours).
  
  

• The notification will include details of the nature of the breach, likely consequences, and measures taken or proposed.
  
  

• CallPro UK will cooperate fully with the Client and relevant supervisory authorities to mitigate the impact.
  
  

10. Sub-processors

The Client authorises CallPro UK to engage the following categories of Sub-processors for operational purposes:

• Cloud hosting providers (e.g., Amazon Web Services, Google Cloud)
  
  

• Telephony & communications providers (e.g., Twilio, Vonage)
  
  

• CRM & automation systems (e.g., Go High Level, HubSpot)
  
  

• Payment processors (e.g., Stripe, GoCardless)
  
  

• Email and support tools (e.g., Zoho, Gmail Business)
  
  

CallPro UK ensures that all Sub-processors are bound by written agreements that meet or exceed the data protection obligations in this DPA.

11. International Data Transfers

CallPro UK stores and processes data primarily in the United Kingdom or the European Economic Area (EEA).
Where transfers outside the UK/EEA occur, they are conducted under:

• UK International Data Transfer Addendum (IDTA), or
  
  

• Standard Contractual Clauses (SCCs) approved by the ICO or European Commission.
  
  

12. Client Responsibilities

The Client is responsible for:

• Providing clear lawful instructions to CallPro UK,
  
  

• Ensuring all caller or customer data shared is lawfully obtained,
  
  

• Maintaining appropriate notice and consent mechanisms under UK GDPR,
  
  

• Using the data responsibly once received from the Service.
  
  

13. Audit Rights

Upon reasonable notice, the Client may request evidence of CallPro UK’s data protection controls (e.g., policy summary or certification).
CallPro UK may provide documentation in lieu of on-site audit to maintain operational security.

14. Liability

Each Party’s liability under this DPA is subject to the limitation of liability set out in the Terms & Conditions of Service.
The Client acknowledges that data transmitted via the internet and telephony systems cannot be guaranteed 100% secure and that CallPro UK cannot be held liable for events beyond its reasonable control.

15. Force Majeure

Neither Party shall be liable for failure or delay in performance caused by acts of God, natural disasters, cyberattacks, telecom failures, or other events beyond reasonable control.

16. Term and Termination

This DPA remains in effect for as long as CallPro UK processes Personal Data on behalf of the Client.
Upon termination, all Personal Data will be deleted or returned (unless legally required to retain it).

17. Governing Law and Jurisdiction

This DPA is governed by the laws of England & Wales.
Any dispute arising from this DPA shall be subject to the exclusive jurisdiction of the courts of England & Wales.

18. Contact Information

Data Protection Officer (DPO)
CallPro UK Limited
Fountayne House, London, N15 4QL
📧 [email protected]

By continuing to use CallPro UK’s services, the Client acknowledges and agrees to this Data Processing Addendum, which forms part of the Terms & Conditions of Service.