At DIYAI, we are committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines how we collect, process, and protect your data in accordance with EU regulations.
We collect and process your personal data for the following purposes:
To provide and maintain our AI communication services, including call answering, chat support, and appointment scheduling.
To provide technical assistance, respond to inquiries, and resolve issues related to our services.
To analyze usage patterns, improve our AI capabilities, and enhance the overall user experience.
To send service updates, security alerts, and administrative messages related to your account.
We process your personal data in accordance with GDPR on the following legal grounds:
Processing necessary for the performance of our contract with you to provide our services.
Processing necessary for our legitimate business interests, such as improving our services and ensuring security.
Processing based on your explicit consent, which you can withdraw at any time.
Processing necessary to comply with our legal obligations under EU and member state law.
Under the GDPR, you have several rights regarding your personal data. We are committed to respecting these rights and have implemented processes to help you exercise them:
You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
You have the right to request that we correct any incomplete or inaccurate personal data we hold about you.
You have the right to request that we delete your personal data when there is no good reason for us to continue processing it.
You have the right to request that we suspend the processing of your personal data in certain scenarios.
You have the right to request that we transfer your personal data to you or to a third party in a structured, commonly used, machine-readable format.
You have the right to object to the processing of your personal data where we are relying on a legitimate interest and for direct marketing purposes.
You can exercise any of these rights by contacting our Data Protection Officer. We will respond to all legitimate requests within one month.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
All data in transit and at rest is encrypted using industry-standard encryption protocols (TLS 1.3, AES-256).
Strict access controls and authentication mechanisms to ensure only authorized personnel can access personal data.
Regular data backups with secure storage to prevent data loss and ensure business continuity.
Advanced intrusion detection and prevention systems to monitor and block suspicious activities.
We ensure that our staff understands the importance of data protection through:
We ensure that any third-party service providers who process personal data on our behalf:
All third-party processors are subject to data processing agreements that comply with GDPR requirements.
We conduct thorough due diligence on all third-party processors to ensure they maintain appropriate security measures.
We conduct regular audits of our third-party processors to ensure ongoing compliance with data protection requirements.
If you have any questions about our GDPR compliance or would like to exercise your data protection rights, please contact our Data Protection Officer:
Use this form to submit a GDPR-related request or inquiry:
We are committed to responding to all GDPR requests within the following timeframes:
Within 48 hours of receiving your request
Within 30 days of verifying your identity
Within 7 business days of receipt