top of page

GDPR Rules

Data Protection and GDPR Compliance

 

At A&L Intelligence GmbH  (and our Austrian entity), we recognize the paramount importance of data protection, privacy, and security for our clients, partners, and their tenants. As a technology provider operating within the European Union, we are fully committed to complying with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

Our approach is built on the core principles of accountability, transparency, and minimizing data usage to only what is strictly necessary for our Voice AI Agent service.

 

1. Our Role and Data Processing

 

Under the GDPR, companies have different roles regarding data. Our primary role is defined as follows:

2. Data We Process and Purpose

 

Our Voice AI Agent is designed to minimize the collection of personal data, focusing only on the information required to execute its service functions: 

3. Security Measures and Location

 

We employ state-of-the-art technical and organizational measures to ensure the security and confidentiality of the data we process:

  • Data Hosting: All customer operational data and call processing occur on EU-based servers (within the European Economic Area) to ensure data sovereignty and compliance with strict EU standards.

  • Encryption: Data is encrypted both in transit (using TLS/SSL) and at rest (using AES-256 encryption or equivalent standards).

  • Access Control: Access to production data is strictly limited to authorized personnel who require it to perform their duties and is governed by multi-factor authentication and strict internal protocols.

  • Data Minimization: We only retain data for as long as is strictly necessary to fulfill the service contract or as required by law, after which it is securely deleted or anonymized.

 

4. Data Subject Rights

 

Under the GDPR, individuals (Data Subjects, i.e., the tenants/callers) have clear rights regarding their personal data. As the Data Processor, we are fully committed to assisting our Data Controller clients in fulfilling these rights:

    

 

5. Transfers of Personal Data (Third Parties and Sub-Processors)

 

We will not transfer personal data outside the European Economic Area (EEA) unless explicitly agreed upon with the Data Controller and only under specific legal safeguards (such as Standard Contractual Clauses, or SCCs).

Any sub-processors (third-party vendors like cloud hosting providers) we use are carefully selected and bound by contractual obligations to meet the same high standards of data protection and security as A&L Intelligence GmbH under the GDPR. A list of our approved sub-processors is available upon request to our Data Protection Officer.

 

6. Contact for Data Protection

 

If you have any questions regarding our GDPR compliance, data processing practices, or wish to report a potential data breach, please contact our designated Data Protection Officer (DPO):

A&L Intelligence GmbH

Attn: Data Protection Officer

Email: [Insert Dedicated DPO/GDPR Email Address Here, e.g., support@lexalex.ai]

Address: [Insert Austrian Company Address Here]

This GDPR page is for informational purposes and does not constitute a full legal document. The definitive terms of our data processing relationship with clients are set out in the signed Data Processing Agreement (DPA).

Screenshot 2025-10-09 at 13.44.12.png
Screenshot 2025-10-09 at 13.49.26.png
Screenshot 2025-10-09 at 13.50.16.png
bottom of page