Kalvo Data Processing Addendum
Last updated: May 4, 2026
This Data Processing Addendum ("DPA") forms part of the Agreement between Kalvo ("Processor") and the Customer ("Controller") for Personal Data processed on behalf of the Customer in connection with the Services.
1. Roles
For Personal Data about Recipients and leads that the Customer uploads or processes, the Customer is Controller and Kalvo is Processor. For account and billing data Kalvo collects directly from you, Kalvo is Controller (see Privacy Policy).
2. Processor obligations
Kalvo processes Personal Data only on documented instructions unless law requires otherwise; ensures confidentiality of authorized personnel; implements appropriate technical and organizational measures (Annex C to be provided on request); assists with data subject requests and Articles 32–36 GDPR; deletes or returns data after service end unless law requires retention; allows one audit per 12 months on 30 days' notice, subject to confidentiality and your expense unless material non-compliance is found.
3. Subprocessors
The list at /subprocessors applies. Kalvo gives 30 days' notice of changes; you may object as described there.
4. International transfers
EEA: EU Standard Contractual Clauses (2021/914), Module 2, incorporated by reference. UK: UK International Data Transfer Addendum B1.0. Switzerland: SCCs read to include FADP. Canada: PIPEDA accountability and contractual safeguards.
5. Security incidents
Kalvo notifies you without undue delay and within 48 hours of becoming aware of a Personal Data Breach affecting your data, with information required under Article 33(3) GDPR where applicable.
6. Liability
Subject to the Terms of Service limitation of liability.
7. Precedence
SCCs prevail over this DPA; this DPA prevails over conflicting Terms provisions.
Annex A: SCC Module 2 selections (available on request).
Annex B: Description of processing — categories include account identifiers, call metadata, lead/contact fields you upload; purposes are providing the dialer; duration per Privacy Policy retention.
Annex C: Security measures summary — TLS, access control, encryption at rest where used, logging.
CONTACT: legal@kalvo.io