Back to Home
EU Data Protection

GDPR Compliance

Last updated: February 17, 2026

Fully GDPR Compliant

Virtual Receptionist adheres to all EU General Data Protection Regulation requirements.

1. Our Commitment to GDPR

Virtual Receptionist is committed to ensuring the security and protection of personal data that we process. We have implemented comprehensive policies and procedures to comply with the EU General Data Protection Regulation (GDPR), which came into effect on May 25, 2018.

As a data controller and processor, we handle personal data in accordance with GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

2. Data Processing Principles

  • Lawfulness: We only process personal data with a valid legal basis (consent, contract, legal obligation, legitimate interest).
  • Purpose Limitation: We collect data for specific, explicit, and legitimate purposes.
  • Data Minimization: We only collect data that is necessary for the intended purpose.
  • Accuracy: We take steps to ensure personal data is accurate and up to date.
  • Storage Limitation: We retain data only as long as necessary.
  • Security: We implement appropriate technical and organizational measures.

3. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

Right to Access

Request a copy of your personal data we hold.

Right to Rectification

Request correction of inaccurate personal data.

Right to Erasure

Request deletion of your personal data ("Right to be Forgotten").

Right to Restriction

Request restriction of processing your personal data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your personal data for certain purposes.

4. Data Security Measures

We implement robust security measures to protect your personal data:

  • End-to-end encryption for all data transmissions (TLS 1.3)
  • Encryption at rest using AES-256 for stored data
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures
  • Data backup and disaster recovery plans

5. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Binding Corporate Rules where applicable

6. Data Processing Agreements

As a data processor for our business clients, we enter into Data Processing Agreements (DPAs) that comply with Article 28 of GDPR. Our DPAs cover:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Type of personal data processed
  • Categories of data subjects
  • Obligations and rights of the controller
  • Sub-processor requirements

7. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Communicate the breach to affected data subjects when required
  • Document all breaches and remedial actions taken
  • Implement measures to prevent future breaches

8. Contact Our Data Protection Officer

For any GDPR-related inquiries or to exercise your data subject rights, please contact our Data Protection Officer:

Email: privacy@virtualreceptionist.com

We will respond to your request within 30 days. If your request is complex, we may extend this period by an additional 60 days, notifying you of the extension.