COAG AI – Data Processing Agreement (DPA)

Last updated: February 2025

This Data Processing Agreement (“DPA”) forms part of the COAG AI Voice Assistant Service provided by AiCOAG Limited (“AiCOAG”, “Company”, “Processor”) and applies to all business clients (“Controller”) using the COAG AI Platform for AI-driven telephony and appointment management.

This DPA supplements the Terms of Use and the Privacy Policy.

1. Roles of the Parties

Controller (Client / End Customer): The business customer who determines the purposes and means of the personal data processed through the COAG AI platform.

Processor (AiCOAG Limited): Processes personal data on behalf of the Controller for the purposes of delivering the COAG AI Voice Assistant service.

Sub-processors: Third-party providers engaged by AiCOAG to support hosting, infrastructure, call handling, analytics, or AI functionalities.

AiCOAG acts only on documented instructions from the Controller.

2. Subject Matter of Processing

AiCOAG processes personal data strictly for the provision of:

  • inbound and outbound AI voice assistant services,
  • call handling, call summaries, appointment scheduling,
  • voice-to-text transcripts,
  • dashboard analytics,
  • customer account management, and
  • technical support.

Categories of Personal Data

  • Voice recordings (where recording is enabled)
  • Call transcripts
  • Call metadata (time, duration, caller number, call outcome)
  • Contact information shared voluntarily (name, phone, email, appointment details)
  • User account details (business contact person)

Data Subjects

  • Clients of the Controller
  • Potential customers/leads
  • Employees or partners of the Controller

3. Duration of Processing

Processing begins upon activation of the Controller’s subscription and continues for the duration of the use of the Service. After termination, AiCOAG retains data only for the period described in Section 10 (Retention & Deletion).

4. Obligations of AiCOAG (Processor)

AiCOAG shall:

  • Process personal data exclusively according to the Controller’s documented instructions.
  • Implement appropriate technical and organizational security measures, including access controls, encryption, logging, monitoring, and secure infrastructure.
  • Ensure staff confidentiality obligations.
  • Notify the Controller without undue delay of any personal data breach.
  • Assist the Controller with data subject requests where technically possible.
  • Provide documentation regarding security and processing practices upon reasonable request.
  • Not retain data longer than necessary for the purposes of the Service.

5. Obligations of the Controller

The Controller agrees to:

  • Ensure that all personal data provided to the COAG AI platform is collected and processed lawfully.
  • Obtain consents for call recording or AI processing where required by law.
  • Provide accurate instructions to AiCOAG.
  • Respond to data subject requests and forward relevant requests to AiCOAG when needed.
  • Avoid submitting special category data unless necessary, lawful, and properly safeguarded.

6. Sub-processors

AiCOAG may use sub-processors for:

  • cloud hosting,
  • telephony services,
  • speech processing,
  • analytics,
  • infrastructure monitoring.

All sub-processors will be bound by data protection obligations equivalent to this DPA. A list of active sub-processors is available upon written request.

7. International Transfers

Where processing involves transfers outside the UK or EEA, AiCOAG ensures that appropriate legal safeguards are in place, including:

  • Standard Contractual Clauses (SCCs),
  • UK Addendum or UK IDTA,
  • other GDPR-compliant transfer mechanisms.

8. Security Measures

AiCOAG maintains appropriate safeguards, including:

  • encrypted transmission of data,
  • access restrictions and authentication,
  • secure data centres,
  • event monitoring and logging,
  • regular security reviews.

9. Data Subject Rights

AiCOAG shall assist the Controller in handling data subject requests, including access, rectification, deletion, restriction, portability, and objection.

Requests must be managed through the Controller.

10. Retention & Deletion

Unless instructed otherwise, AiCOAG will:

  • retain call recordings and transcripts for up to 90 days,
  • retain account and billing data as required by law,
  • delete or anonymize remaining personal data no later than 12 months after termination.

The Controller may request earlier deletion upon termination.

11. Audit Rights

The Controller may:

  • request information to demonstrate compliance,
  • request summary reports or certifications,
  • conduct a remote audit with reasonable notice.

Audits must be requested in writing and must not disrupt service operations.

12. Governing Law

This DPA is governed by:

  • English law for clients contracting with AiCOAG Limited, and
  • Applicable EU/EEA law where mandatory based on customer location.

Disputes shall be submitted to the courts of England & Wales, unless otherwise required by mandatory law.

Coag AI

Your intelligent AI Voice Assistant for calls, appointments, and lead capture — powered by AiCOAG.

Book a Free Consultation Call

Contact

📧 info@aicoag.com
📞 NL: +31 970 102 07707
📞 UK: +44 7400 446621

Offices

📍 Amsterdam:
Jacques Veltmanstraat, 1065 DZ, NL
KVK Number: 97342467
📍 London:
71-75 Shelton Street, WC2H 9JQ, UK
Company Number (UK): 16332340
© AiCOAG 2026 — All Rights Reserved.
Scroll to Top