1. Our Role Under GDPR
SmartCallPro operates in two distinct capacities depending on the context of data processing:
Data Controller
SmartCallPro acts as a Data Controller in respect of:
- Personal data of our clients (business contacts, account holders, billing contacts)
- Personal data of website visitors
- Personal data collected through our direct marketing and sales activities
As Data Controller, SmartCallPro determines the purposes and means of processing personal data and is fully responsible for ensuring that processing is carried out lawfully, fairly, and transparently.
Data Processor
SmartCallPro acts as a Data Processor in respect of:
- Personal data of callers who contact our clients' businesses through the Smart Call Assistant service
As Data Processor, SmartCallPro processes caller data solely on the documented instructions of our clients, who are the Data Controllers in respect of their callers' personal data. SmartCallPro does not use caller data for any purpose other than delivering the contracted service.
2. Data Protection Principles
SmartCallPro is committed to processing all personal data in accordance with the seven principles set out in Article 5 of the GDPR:
Lawfulness, fairness and transparency — We process personal data only where we have a valid legal basis to do so. We are transparent about how we use data through our published policies.
Purpose limitation — We collect personal data only for specified, explicit, and legitimate purposes. We do not process data in a manner incompatible with those purposes.
Data minimisation — We collect only the personal data that is necessary for the purposes for which it is processed. We do not collect data speculatively or in excess of our needs.
Accuracy — We take reasonable steps to ensure that personal data we hold is accurate and kept up to date. Clients and individuals may request correction of inaccurate data at any time.
Storage limitation — We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our retention periods are set out in Section 7 of this policy.
Integrity and confidentiality — We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, alteration, or disclosure.
Accountability — We take responsibility for compliance with the GDPR and maintain records and documentation to demonstrate that compliance.
3. Legal Bases for Processing
SmartCallPro relies on the following legal bases under Article 6 of the GDPR:
Article 6(1)(b) — Performance of a contract
We process client personal data where necessary to perform our service agreement with that client, including account setup, service delivery, invoicing, and support.
Article 6(1)(c) — Compliance with a legal obligation
We process personal data where required by applicable law, including Czech accounting legislation, tax obligations, and regulatory requirements.
Article 6(1)(f) — Legitimate interests
We process certain personal data on the basis of our legitimate interests or those of our clients, including:
- Website analytics to improve our services
- Processing caller data on behalf of our clients to deliver the Smart Call Assistant service
- Security monitoring and fraud prevention
- Maintaining records of business communications
Where we rely on legitimate interests, we have assessed that our interests are not overridden by the rights and freedoms of the individuals concerned.
Article 6(1)(a) — Consent
Where we rely on consent as a legal basis, we obtain this freely, specifically, and unambiguously. Individuals have the right to withdraw consent at any time without detriment.
4. Special Categories of Personal Data
SmartCallPro does not intentionally collect or process special categories of personal data as defined in Article 9 of the GDPR, including data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or sexual orientation.
If a caller voluntarily discloses information falling within a special category during a call handled by the Smart Call Assistant, SmartCallPro will process that data only to the extent necessary to deliver the call handling service and will not retain it beyond the standard 90-day retention period.
Clients must not configure the Smart Call Assistant in a way that intentionally elicits or collects special category data from callers without appropriate safeguards and explicit consent mechanisms in place.
5. Data Subject Rights
SmartCallPro is committed to upholding the rights of all data subjects under the GDPR. The following rights apply:
Right of access (Article 15)
Individuals have the right to request confirmation of whether we process their personal data and, if so, to receive a copy of that data along with information about how it is processed.
Right to rectification (Article 16)
Individuals have the right to request correction of inaccurate personal data and completion of incomplete personal data without undue delay.
Right to erasure (Article 17)
Individuals have the right to request deletion of their personal data where:
- The data is no longer necessary for the purposes for which it was collected
- Consent is withdrawn and no other legal basis applies
- The data has been unlawfully processed
- Erasure is required to comply with a legal obligation
Erasure requests will be fulfilled unless an exception applies, such as a legal obligation to retain the data.
Right to restriction of processing (Article 18)
Individuals have the right to request that we restrict processing of their personal data in certain circumstances, including where the accuracy of the data is contested or where processing is unlawful but the individual does not request erasure.
Right to data portability (Article 20)
Where processing is based on consent or contract and is carried out by automated means, individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to object (Article 21)
Individuals have the right to object to processing of their personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override the individual's interests, rights, and freedoms.
Rights related to automated decision-making (Article 22)
SmartCallPro does not make decisions that produce legal or similarly significant effects on individuals based solely on automated processing.
How to exercise your rights
To exercise any of the above rights, please contact us at:
- Email: compliance@smartcallpro.cz
- Post: KF Consulting s.r.o., Žirovnická 3133/6, Praha 10, 106 00, Czechia
We will respond to all requests within thirty (30) days of receipt. In complex or high-volume cases, we may extend this period by a further two (2) months, in which case we will notify you within the initial thirty-day period and explain the reason for the extension.
We will not charge a fee for reasonable requests. Where requests are manifestly unfounded or excessive, we reserve the right to charge a reasonable administrative fee or refuse to act.
We may need to verify your identity before processing your request to protect against unauthorised access to personal data.
Callers please note: Where you have interacted with a Smart Call Assistant on behalf of one of our clients, that client is the Data Controller responsible for your personal data. We recommend contacting them directly to exercise your rights. If you are unable to reach them or require assistance, contact us at compliance@smartcallpro.cz and we will assist in directing your request appropriately.
6. Data Retention
SmartCallPro retains personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law.
| Data Category | Retention Period | Legal Basis for Retention |
|---|---|---|
| Client account and contact data | Duration of contract plus 3 years | Legitimate interests / legal obligation |
| Client invoices and billing records | 10 years | Czech Accounting Act No. 563/1991 Coll. |
| Contract and service agreements | 10 years | Legal obligation |
| Call transcripts and summaries | 90 days | Legitimate interests of client |
| Caller telephone numbers | 90 days | Legitimate interests of client |
| Website analytics data | 26 months | Legitimate interests |
| Support and communication records | 3 years from last interaction | Legitimate interests |
| Marketing consent records | Until consent withdrawn plus 3 years | Legal obligation |
Upon expiry of the applicable retention period, personal data is permanently and securely deleted or anonymised. Clients may request a shorter retention period for caller data in writing at any time.
7. Data Security
SmartCallPro implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing personal data, in accordance with Article 32 of the GDPR.
Technical measures
- Encrypted data transmission using TLS/SSL protocols
- Access controls and role-based permissions limiting data access to authorised personnel only
- Secure data storage with encryption at rest
- Regular security assessments and vulnerability reviews
- Automatic session timeouts and authentication controls
Organisational measures
- Internal data protection policies and procedures
- Confidentiality obligations for all personnel with access to personal data
- Contractual data protection obligations with all third-party sub-processors
- Regular review of data processing activities and security practices
Personal data breach response
In the event of a personal data breach, SmartCallPro will:
- Contain the breach and assess the risk to affected individuals as quickly as possible
- Notify the Office for Personal Data Protection (UOOU) within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of individuals
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- Document all breaches, including those that do not require notification, in our internal breach register
8. Third-Party Sub-Processors
SmartCallPro uses third-party sub-processors to deliver its services, including providers of AI voice processing, telecommunications infrastructure, workflow automation, and AI language processing.
All sub-processors are bound by data processing agreements and are required to process data only on our instructions in full compliance with GDPR. Sub-processors located outside the European Economic Area (EEA) operate under Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46 of the GDPR.
A full list of sub-processors is available to clients upon request. To request the full sub-processor list, please contact us at compliance@smartcallpro.cz.
9. International Data Transfers
SmartCallPro is based in the Czech Republic and operates within the EU. Some of our third-party sub-processors process data outside the EEA.
All international transfers are carried out in compliance with Chapter V of the GDPR. Where Standard Contractual Clauses are used, these are the most recent versions approved by the European Commission. A copy of applicable transfer safeguards is available upon request by contacting compliance@smartcallpro.cz.
10. Data Processing Agreements
SmartCallPro is prepared to enter into a Data Processing Agreement (DPA) with any client that requires one under Article 28 of the GDPR. The DPA sets out the subject matter, duration, nature, and purpose of processing, the type of personal data processed, and the categories of data subjects, along with the full list of sub-processors engaged in delivering the service.
To request a Data Processing Agreement, please contact compliance@smartcallpro.cz.
11. Records of Processing Activities
SmartCallPro maintains records of all processing activities carried out as both Data Controller and Data Processor, in accordance with Article 30 of the GDPR. These records are available to the supervisory authority upon request.
12. Data Protection by Design and by Default
SmartCallPro embeds data protection into the design of its services and systems from the outset, in accordance with Article 25 of the GDPR. This means:
- We collect only the minimum personal data necessary for each purpose
- Access to personal data is restricted to those who need it to perform their role
- Retention periods are built into our systems and enforced automatically where possible
- Privacy settings default to the most protective option available
13. Supervisory Authority
The supervisory authority responsible for data protection in the Czech Republic is:
Office for Personal Data Protection
Úřad pro ochranu osobních údajů (UOOU)
Pplk. Sochora 27, 170 00 Praha 7, Czechia
Website: www.uoou.cz
Email: posta@uoou.cz
Telephone: +420 234 665 111
You have the right to lodge a complaint with the UOOU at any time if you believe that SmartCallPro has processed your personal data in violation of the GDPR. We would, however, appreciate the opportunity to address your concerns directly before you contact the supervisory authority. Please contact us first at compliance@smartcallpro.cz.
14. Policy Updates and Review
This GDPR Compliance Policy is reviewed annually and updated as required in response to:
- Changes in applicable EU or Czech data protection law
- Guidance issued by the European Data Protection Board (EDPB) or UOOU
- Changes to our services, systems, or data processing activities
- Incidents or audit findings that require policy updates
The version number and effective date at the top of this page will be updated to reflect any changes. Where changes are material, active clients will be notified by email.
15. Contact
For all GDPR-related enquiries, requests, and complaints, please contact us:
- SmartCallPro — operated by KF Consulting s.r.o.
- Email: compliance@smartcallpro.cz
- Website: https://smartcallpro.cz
- Registered address: Žirovnická 3133/6, Praha 10, 106 00, Czechia
- IČO: 09021680
16. Company Details
- KF Consulting s.r.o.
- Žirovnická 3133/6, Praha 10, 106 00, Czechia
- IČO: 09021680
- Email: compliance@smartcallpro.cz
- Website: https://smartcallpro.cz
SmartCallPro — operated by KF Consulting s.r.o. | GDPR Compliance Policy | Version 1.0 | May 2026