Between:
Embellics AI Limited (“Processor”)
and
Client (“Controller”)
1. Subject of Agreement
The Processor provides the AI automation system “Kara” to the Controller.
2. Nature & Purpose of Processing
Processor handles:
Call audio
Transcripts
CRM data
Booking details
Contact data
Lead information
Payment link data
Purposes:
Booking automation
Scheduling
Lead conversion
Client communication
Workflow execution
3. Duration
Processing continues for the duration of the service contract.
4. Type of Personal Data
Names
Phone numbers
Emails
Appointment and service data
CRM fields
Voice recordings
Transcripts
5. Categories of Data Subjects
Customers of the Controller
Leads contacted on behalf of the Controller
6. Processor Obligations
Processor shall:
Process data only under Controller instruction
Maintain confidentiality
Implement security measures
Notify Controller of data breaches within 48 hours
Assist with data subject requests
Delete or return data at end of service
7. Sub-Processing
Processor may use GDPR-compliant telephony, hosting, and AI infrastructure providers located in the EU or governed by SCCs.
A list of sub-processors is available upon request.
8. International Transfers
Where transfers occur, SCCs are used.
9. Data Subject Rights
Processor assists Controller in fulfilling GDPR rights.
10. Deletion or Return of Data
Upon termination, Processor will:
Delete all data
or
Return it upon request
11. Audits
Controller may request documentation demonstrating compliance.
12. Governing Law
Ireland.