At 360 Direct Access, we are committed to protecting the privacy and security of our users’ personal data. We comply with the principles of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. This page describes how we handle personal data in connection with our video customer service platform.

We process limited personal data (such as name, email address, and communication logs) based on:

• The legitimate interest of our business customers to provide accessible customer service to their end users, and
• Consent provided by users when they initiate a video call or contact form submission.
  

In accordance with GDPR, individuals have the following rights, which 360 Direct Access fully supports:

1. Right to Access – You may request details about the personal data we hold and how it is used.
2. Right to Rectification – You may request correction of inaccurate or incomplete data.
3. Right to Erasure – Upon request, we will delete your personal data (“right to be forgotten”) when no longer required for legitimate business or legal purposes.
4. Right to Restrict or Object to Processing – You may request that we stop or limit processing of your personal data.
5. Right to Data Portability – You may request a copy of your personal data in a structured, commonly used format.
6. Right to be Informed – We are transparent about what data we collect and why.
7. Rights Related to Automated Decision-Making – 360 Direct Access does not use automated decision-making or profiling.

All requests can be submitted to our Data Protection Officer (see contact details below). We respond within one month as required by GDPR.

We retain personal data only as long as necessary to deliver our services and meet contractual or legal obligations. Upon request or at the end of service, personal data is securely deleted from our systems.

Where data is transferred outside the European Union (for example, to our U.S.-based secure servers), it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) and industry best practices for encryption and access control.

In the unlikely event of a personal data breach, 360 Direct Access will notify affected customers and applicable supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR.

We conduct periodic Data Protection Impact Assessments (DPIAs) to evaluate risks to individuals and ensure appropriate controls are in place.

Our Data Protection Officer (DPO) oversees our data protection strategy and compliance with GDPR and related privacy laws.

Contact:

Data Protection Officer

360 Direct Access

privacy@360directaccess.com