DPA

The customer acts as the controller or business, and Ramba Voice acts as the processor or service provider, except where Ramba Voice determines the purposes and means of processing for its own legitimate business operations.

• Ramba Voice will process personal data only on documented customer instructions, unless otherwise required by law.
• The customer is responsible for ensuring it has a lawful basis for the personal data it submits to the service.
• The customer remains responsible for configuring the service in a way that matches its legal and operational requirements.

• Access controls designed to limit data access to authorized personnel.
• Technical and organizational measures intended to protect confidentiality, integrity, and availability.
• Processes for incident response, vulnerability management, and vendor oversight.

Ramba Voice may use subprocessors to deliver the service. We will maintain appropriate agreements with those subprocessors and remain responsible for their performance of relevant obligations.

If personal data is transferred across borders, the parties will rely on appropriate transfer mechanisms where required by applicable law.

Ramba Voice will provide reasonable assistance for customer responses to verified data subject requests, taking into account the nature of the processing.

Upon termination of the applicable services and subject to the agreement, Ramba Voice will delete or return personal data within a commercially reasonable period unless retention is required by law.