| Controller | MULTICODE S.R.L. |
|---|---|
| Registered office | Iasi, Str. Garii, No. 9, bl. L15, ap. 19, Iasi County, Romania |
| Tax ID (CUI) | 46388165 |
| Trade Register No. | J22/2371/2022 |
| Website | https://autocalls.ai |
| Contact e-mail | [email protected] |
| DPO (Data Protection Officer) | [email protected] |
MULTICODE S.R.L. (hereinafter referred to as the "Company", the "Controller", or "we") operates the Autocalls.ai platform, a Software as a Service (SaaS) solution that enables the creation and management of artificial intelligence (AI) voice agents for the automation of telephone calls.
This Privacy Policy explains how we collect, use, store, disclose and protect your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR"), Law No. 190/2018 on measures implementing the GDPR, and any other applicable national or European legislation.
For the purposes of this Policy, the terms below shall have the following meanings:
Depending on your interaction with the Website and/or the Platform, the Company processes the following categories of data:
Our clients, acting as independent data controllers, use the Platform to initiate or receive automated telephone calls. In this context, the Company processes, as a processor, the data of persons contacted by clients:
The processing of personal data is carried out for the following purposes and on the following legal bases:
| Purpose | Legal basis (GDPR) | Data categories |
|---|---|---|
| Provision of Platform services and account management | Art. 6(1)(b) GDPR - performance of a contract | Identification, authentication, billing, usage data |
| Payment processing and invoicing | Art. 6(1)(b) and (c) GDPR - contract performance and legal obligations (tax) | Billing data, transaction data |
| Pre-contractual communications (demo, contact, offers) | Art. 6(1)(b) GDPR - pre-contractual measures at the request of the data subject | Name, e-mail, telephone |
| Sending marketing communications (newsletter) | Art. 6(1)(a) GDPR - consent | E-mail address |
| Improving the Website and Platform (analytics) | Art. 6(1)(f) GDPR - legitimate interest (service optimisation) | Browsing data, analytics cookies |
| Advertising and remarketing (Facebook Pixel) | Art. 6(1)(a) GDPR - consent (via cookie banner) | Browsing data, advertising identifiers |
| Platform security and fraud prevention | Art. 6(1)(f) GDPR - legitimate interest (security) | IP address, access logs, technical data |
| Fulfilment of legal obligations (tax, accounting, reporting) | Art. 6(1)(c) GDPR - legal obligation | Billing data, contractual data |
| Establishment, exercise or defence of legal claims | Art. 6(1)(f) GDPR - legitimate interest | Any relevant data |
| Processing data as processor (clients' calls) | Art. 28 GDPR - based on the controller's (client's) documented instructions | Phone numbers, recordings, transcriptions |
5.1. As Controller: The Company processes the personal data of Website visitors, registered users and newsletter subscribers, independently determining the purposes and means of processing.
5.2. As Processor: With regard to the data of persons contacted by our clients through the Platform (telephone numbers, call recordings, transcriptions), the Company acts as a processor within the meaning of Art. 28 GDPR. Our client is the Controller, and we process the data solely on the basis of their documented instructions, for the purpose of providing the service. The relationship between the Company and the client is governed by a Data Processing Agreement (DPA) concluded as an integral part of the service agreement.
Your personal data may be disclosed to the following categories of recipients, insofar as this is necessary:
A complete list of recipients may be obtained free of charge by submitting a written request to: [email protected].
Personal data is stored for different periods depending on the purpose of processing:
| Data category | Retention period |
|---|---|
| Account and Platform usage data | Duration of the contract + 3 years after termination |
| Billing and transaction data | 10 years from the date of the transaction (tax obligations under Accounting Law No. 82/1991) |
| Data collected through the contact/demo form | Duration of negotiation + 1 year from the last interaction |
| Call recordings and transcriptions | According to the retention policy configured by the client in the Platform (default: 90 days from the date of the call) |
| Marketing data (newsletter) | Until withdrawal of consent |
| Analytics cookies | According to the specific duration of each cookie (see Cookie Policy) |
| Data required in litigation context | Duration necessary for resolution + applicable limitation periods |
Upon expiry of the aforementioned periods, data is erased or irreversibly anonymised, unless a legal provision requires a longer retention period.
Certain personal data may be transferred to countries outside the European Economic Area (EEA), particularly to the United States of America, in the context of using cloud, analytics, payment or AI service providers.
In each case, the transfer is carried out on the basis of one of the following safeguard mechanisms provided for by the GDPR:
You may request additional information about the transfer mechanisms used by contacting us at: [email protected].
The Company implements appropriate technical and organisational measures for the protection of personal data against unauthorised access, loss, destruction or unauthorised disclosure, in accordance with Art. 32 GDPR, including but not limited to:
In accordance with the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Right of access (Art. 15) | You have the right to obtain confirmation that your data is being processed and to receive a copy thereof. |
| Right to rectification (Art. 16) | You have the right to obtain the rectification of inaccurate data or the completion of incomplete data. |
| Right to erasure (Art. 17) | You have the right to obtain the erasure of your data under the conditions provided for by the GDPR ("right to be forgotten"). |
| Right to restriction of processing (Art. 18) | You have the right to obtain the restriction of processing in certain situations provided for by the GDPR. |
| Right to data portability (Art. 20) | You have the right to receive your data in a structured, commonly used and machine-readable format. |
| Right to object (Art. 21) | You have the right to object to the processing of your data based on legitimate interest, including profiling. |
| Right to withdraw consent (Art. 7(3)) | Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of prior processing. |
| Right to lodge a complaint (Art. 77) | You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP). |
To exercise any of the above rights, please contact us at: [email protected]. We will respond to your request within a maximum of 30 days from receipt, with the possibility of extension by an additional 60 days in cases of high complexity, with prior notification to the applicant.
ANSPDCP contact details:
| Name | National Supervisory Authority for Personal Data Processing (ANSPDCP) |
|---|---|
| Address | B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania |
| [email protected] | |
| Website | www.dataprotection.ro |
The Autocalls.ai Platform uses artificial intelligence algorithms for the generation and processing of telephone conversations. However, these processes do not constitute automated decision-making within the meaning of Art. 22 GDPR with regard to data subjects, as they do not produce legal effects or similarly significant effects on them autonomously.
Where a client configures voice agents to perform lead qualification or other assessments, the responsibility for compliance with Art. 22 GDPR rests with the client as an independent controller.
The Autocalls.ai Platform services are not intended for persons under the age of 18. We do not knowingly collect personal data from minors. If we discover that we have collected data from a minor without the consent of a parent or legal guardian, we will take immediate steps to erase such data.
This Privacy Policy may be updated periodically to reflect changes in our data processing practices or legislative changes. Any material amendment will be communicated by posting the updated version on the Website and, where appropriate, by direct notification to registered users. The date of the last update is indicated in the header of this document.
We recommend that you periodically review this Policy to stay informed about how we protect your data.
For any questions, requests or clarifications regarding the processing of your personal data, or to exercise the rights provided for by the GDPR, you may contact the Data Protection Officer at:
| DPO e-mail | [email protected] |
|---|---|
| Correspondence address | MULTICODE S.R.L., Str. Garii, No. 9, bl. L15, ap. 19, Iasi, Romania |
We will make every effort to respond to your requests within the timeframe provided by law.
© 2026 MULTICODE S.R.L. | Autocalls.ai | All rights reserved.
The full path forward. Strategy, scripts, pricing, and the operating cadence agencies use to scale a white-label voice AI business. Free PDF, delivered to your inbox.