Securing

Effective Date: May 8, 2026

Version: 3.0

This Data Processing Agreement (“DPA”) forms part of and is incorporated into the applicable master services agreement, subscription agreement, order form, terms of service, or other written or electronic agreement (the “Agreement”) between Lisaiceland (“Processor,” “Service Provider,” “we,” “us,” or “our”) and the customer entity identified in the applicable Agreement (“Controller,” “Customer,” or “you”).

This DPA governs the processing of Personal Data by Lisaiceland on behalf of the Customer in connection with the services, software, platforms, APIs, applications, AI solutions, voice systems, websites, communications tools, and related offerings provided by Lisaiceland (collectively, the “Services”).

1. Definitions

For purposes of this DPA:

1.1 “Applicable Data Protection Laws”

Means all laws, regulations, and legally binding requirements relating to privacy, data protection, security, confidentiality, and the processing of Personal Data applicable to the parties, including where applicable:

The EU General Data Protection Regulation 2016/679 (“GDPR”)
The UK GDPR
The UK Data Protection Act 2018
The Swiss Federal Act on Data Protection (“FADP”)
The California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”)
U.S. state privacy laws
Any other applicable international, federal, state, provincial, or local privacy laws
1.2 “Controller”

Means the entity that determines the purposes and means of the Processing of Personal Data.

1.3 “Processor”

Means the entity that Processes Personal Data on behalf of the Controller.

1.4 “Personal Data”

Means any information relating to an identified or identifiable natural person that is processed by Lisaiceland on behalf of the Customer.

1.5 “Processing”

Means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, transfer, alignment, restriction, deletion, or destruction.

1.6 “Data Subject”

Means an identified or identifiable individual to whom Personal Data relates.

1.7 “Subprocessor”

Means any third party engaged by Lisaiceland to Process Personal Data on behalf of the Customer.

1.8 “Security Incident”

Means any confirmed unauthorized access, disclosure, destruction, loss, alteration, or use of Personal Data.

1.9 “Standard Contractual Clauses” or “SCCs”

Means the standard contractual clauses approved by the European Commission or other legally recognized transfer mechanisms.

2. Scope and Applicability
2.1 Scope

This DPA applies where Lisaiceland Processes Personal Data on behalf of the Customer in connection with the Services.

2.2 Roles of the Parties

The parties acknowledge and agree that:

Customer acts as a Controller or business under Applicable Data Protection Laws.
Lisaiceland acts as a Processor or service provider.
Each party shall comply with its respective obligations under Applicable Data Protection Laws.
2.3 Customer Instructions

Lisaiceland shall Process Personal Data only:

On documented instructions from the Customer;
As necessary to provide the Services;
To comply with applicable law; or
As otherwise permitted under the Agreement and Applicable Data Protection Laws.

Customer represents and warrants that it has all necessary rights, authorizations, and lawful bases to provide Personal Data to Lisaiceland for Processing.

3. Nature and Purpose of Processing

Lisaiceland may Process Personal Data for purposes including:

Providing hosted software and cloud-based services
AI-powered voice and communication services
Conversational AI functionality
Customer support and technical assistance
Account authentication and administration
Data storage and hosting
Voice synthesis, transcription, routing, and automation
Workflow and API integrations
Security monitoring and fraud prevention
Service analytics and optimization
Backup and disaster recovery
Compliance with legal obligations
4. Categories of Data Subjects and Personal Data
4.1 Categories of Data Subjects

May include:

Customer employees
End users
Website visitors
Call participants
Clients and customers of Customer
Contractors and vendors
Authorized users
Prospective customers
Business contacts
4.2 Categories of Personal Data

May include:

Names
Email addresses
Phone numbers
IP addresses
Usernames and account identifiers
Device information
Billing information
Voice recordings
Audio files
Communication metadata
Customer-uploaded content
Authentication data
Usage and interaction data
CRM and business workflow data
Support communications

Lisaiceland does not intentionally require or request special categories of Personal Data unless explicitly agreed in writing.

5. Duration of Processing

Lisaiceland shall Process Personal Data for the duration of the Agreement unless otherwise required by law or instructed by the Customer.

Upon termination or expiration of the Agreement, Lisaiceland shall delete or return Personal Data in accordance with Section 13 of this DPA unless retention is required by applicable law.

6. Processor Obligations

Lisaiceland shall:

6.1 Compliance

Comply with Applicable Data Protection Laws applicable to Processors.

6.2 Confidentiality

Ensure that personnel authorized to Process Personal Data are subject to appropriate confidentiality obligations.

6.3 Assistance

Provide reasonable assistance to the Customer in responding to:

Data Subject requests
Regulatory inquiries
Security obligations
Privacy impact assessments
Compliance obligations
6.4 Security

Implement appropriate technical and organizational security measures in accordance with Section 7.

6.5 Limited Use

Not:

Sell Personal Data;
Share Personal Data for cross-context behavioral advertising unless authorized by Customer;
Retain, use, or disclose Personal Data outside the permitted business purposes;
Combine Personal Data with data obtained from other sources except as permitted by law.
7. Security Measures

Lisaiceland shall maintain reasonable and appropriate administrative, technical, physical, and organizational safeguards designed to protect Personal Data.

These safeguards may include:

7.1 Access Controls
Role-based access management
Authentication procedures
Least privilege access principles
Multi-factor authentication where appropriate
7.2 Encryption
Encryption of data in transit using industry-standard protocols
Encryption of data at rest where appropriate
7.3 Infrastructure Security
Firewalls and network segmentation
Endpoint protection
Continuous monitoring
Vulnerability management
Patch management procedures
7.4 Organizational Security
Employee security awareness training
Confidentiality agreements
Internal access governance
Incident response procedures
7.5 Operational Security
Logging and monitoring
Backup procedures
Disaster recovery capabilities
Availability safeguards
7.6 Testing and Evaluation

Periodic review and testing of security controls and practices.

Lisaiceland reserves the right to update and improve its security practices from time to time.

8. Security Incidents
8.1 Notification

Lisaiceland shall notify Customer without undue delay after becoming aware of a confirmed Security Incident affecting Customer Personal Data.

8.2 Information Provided

Where reasonably available, Lisaiceland may provide:

Nature of the Security Incident
Categories of affected Personal Data
Likely consequences
Measures taken or proposed
Recommended mitigation steps
8.3 No Admission

Notification of a Security Incident does not constitute an admission of fault or liability.

9. Subprocessors
9.1 Authorization

Customer authorizes Lisaiceland to engage Subprocessors in connection with the Services.

9.2 Subprocessor Obligations

Lisaiceland shall impose data protection obligations on Subprocessors that are substantially similar to those contained in this DPA.

9.3 Liability

Lisaiceland shall remain responsible for the performance of its Subprocessors to the extent required by Applicable Data Protection Laws.

9.4 Subprocessor Changes

Lisaiceland may update or replace Subprocessors from time to time for operational, security, legal, or business reasons.

10. International Data Transfers
10.1 Authorization

Customer authorizes Lisaiceland and its Subprocessors to transfer Personal Data internationally as necessary to provide the Services.

10.2 Transfer Mechanisms

Where required by Applicable Data Protection Laws, international transfers shall be governed by:

Standard Contractual Clauses;
Adequacy decisions;
UK International Data Transfer Addendum;
Other legally recognized transfer mechanisms.
10.3 Supplemental Measures

Lisaiceland may implement additional technical, contractual, or organizational safeguards where appropriate.

11. Data Subject Requests
11.1 Assistance

To the extent legally required and commercially reasonable, Lisaiceland shall assist Customer in responding to requests from Data Subjects.

11.2 Direct Requests

If Lisaiceland receives a request directly from a Data Subject regarding Personal Data processed on behalf of Customer, Lisaiceland may:

Refer the request to Customer; or
Notify Customer where appropriate.

Unless legally required, Lisaiceland shall not independently respond to such requests.

12. Audits and Information Rights
12.1 Information Requests

Upon reasonable written request, Lisaiceland may provide information reasonably necessary to demonstrate compliance with this DPA.

12.2 Audits

Where required by Applicable Data Protection Laws, Customer may conduct a reasonable audit or inspection subject to:

Reasonable advance notice;
Confidentiality obligations;
Reasonable scope limitations;
Security requirements;
No disruption to operations;
No access to other customers’ data;
No more than one audit annually unless required by law or following a Security Incident.
12.3 Costs

Customer shall bear its own audit costs unless otherwise required by law.

13. Deletion and Return of Data
13.1 Customer Choice
Upon termination or expiration of the Agreement, Customer may request:
Return of Personal Data; or
Deletion of Personal Data.

13.2 Retent
Detailed enterprise-style DPA for Lisaiceland covers:
GDPR / UK GDPR / CCPA / CPRA language
Processor & controller obligations
Security controls
Subprocessors
International transfers & SCCs
AI/voice-processing provisions
Security incident procedures
Data subject rights
Audit rights
Annexes for processing details and TOMs
Signature blocks

It’s structured for:
AI Voice+
MCP / agent infrastructure
SaaS offerings
APIs
Multi-tenant platforms
Voice & conversational AI services

For additional details, please review our policies:

✅ Trust Center

12. Contact Information
If you have questions about this Privacy Policy or your data, please contact us:

Lisaiceland
Website: https://lisaiceland.com

Email:  Submit Ticket