LoyJoy

Supplementary DPA for the LoyJoy Phone Agent

Change history (1 entry)
  • 06/05/2026 Initial publication of the supplementary DPA for the LoyJoy Phone Agent.

Note: This document is a supplementary agreement to the existing Data Processing Agreement (DPA) between the Controller and LoyJoy GmbH. It does not replace the DPA but supplements it with specific provisions for the use of the LoyJoy Phone Agent. A valid, already signed DPA with LoyJoy GmbH is a prerequisite for this supplementary agreement.

Between

______________________________
______________________________
______________________________

– hereinafter referred to as “Controller” –

and

LoyJoy GmbH
Kapuzinerstraße 20
48149 Münster, Germany
Email: privacy@loyjoy.com

– hereinafter referred to as “Processor” –

§ 1 Subject Matter of the Supplementary Agreement

This supplementary agreement, in addition to the existing Data Processing Agreement (DPA), governs the data protection requirements applicable to the Controller’s use of the LoyJoy Phone Agent. The Phone Agent enables AI-powered telephone communication between the Controller’s system and its callers (end users).

The provisions of the existing DPA remain in force unchanged, unless this supplementary agreement contains deviating or supplementary provisions.

§ 2 Nature and Purpose of Processing

The Processor processes personal data within the scope of the Phone Agent for the following purposes:

  1. Receiving and processing incoming calls
  2. Real-time transcription of spoken voice input
  3. Generation and output of synthetic voice responses (speech-to-speech)
  4. Controlling conversation logic based on prompts
  5. Transferring callers to human agents or external systems
  6. Storing conversation transcripts for traceability
  7. Storing call recordings
  8. Providing analysis and reporting functions for the Controller

§ 3 Categories of Personal Data

The following categories of personal data are processed within the scope of the Phone Agent:

  1. Caller’s phone number
  2. Call date, time and duration
  3. Spoken voice input (audio data, transient)
  4. Transcripts of spoken inputs and generated responses
  5. Call recordings
  6. Content-related information mentioned during the call (e.g. name, request, contract number)
  7. System-generated conversation and session identifiers
  8. Transfer information (target phone number, timestamp)
  9. Configured metadata of the Controller’s process

The audio stream (voice input) is not permanently stored by the Processor. Real-time processing is carried out solely for transcription purposes. Call recordings are only stored if the Controller has actively configured this feature in the platform.

§ 4 Categories of Data Subjects

Data subjects within the meaning of this supplementary agreement are:

  1. Callers (end users of the Controller) who contact the Phone Agent
  2. Persons mentioned by name during the call
  3. Employees or contractors of the Controller configured as transfer targets
  4. Representatives of the Controller who configure or administer the Phone Agent
  5. Test users during setup and testing of the Phone Agent

§ 5 Deletion and Retention Periods

Transcripts and call recordings are automatically deleted after 30 days by default. The Controller may specify different retention periods within the configurable platform settings.

Audio streams are not permanently stored. Processing takes place exclusively in real time for transcription purposes.

Telephony metadata (call time, duration, phone number) is subject to the retention periods specified in the existing DPA.

Upon termination of the contract, all remaining personal data will be deleted in accordance with the provisions of the existing DPA.

§ 6 Sub-processors

The Processor uses the following sub-processors to operate the Phone Agent:

easybell GmbH, Shaped by easybell GmbH, Moysesgasse 1, 10179 Berlin, Germany
Purpose: Provision of telephony infrastructure (SIP trunking, phone number management)
Server location: Germany / EU

Microsoft Azure (Microsoft Ireland Operations Limited), One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
Purpose: Speech-to-speech processing (real-time transcription and speech synthesis)
Server location: Global (Azure OpenAI Services); exclusive EU availability is not currently offered for this service

The Controller consents to the use of these sub-processors by signing this supplementary agreement. Changes to the circle of sub-processors will be communicated to the Controller in accordance with the provisions of the existing DPA.

§ 7 Third-Country Transfers

The real-time processing of voice data (transcription and speech synthesis) takes place via Microsoft Azure OpenAI Services. This processing may occur outside the EU/EEA, as the underlying Azure service is currently not available as an exclusive EU region.

The transfer to third countries is based on the EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and Microsoft’s certification under the EU-U.S. Data Privacy Framework (DPF). The Controller acknowledges and consents to this transfer.

All other data processing within the scope of the Phone Agent takes place exclusively within the EU/EEA.

§ 8 Technical and Organisational Measures

In addition to the technical and organisational measures (TOMs) described in the existing DPA, the following specific measures apply to the Phone Agent:

  1. Encrypted transmission: All audio data and metadata are transmitted exclusively via encrypted connections (TLS).
  2. No permanent storage of audio streams: Voice inputs are processed exclusively in real time and are not stored as raw data.
  3. Tenant-specific separation: Transcripts and call recordings are processed and stored in a tenant-specific manner.
  4. Role-based access control: Access to stored transcripts and recordings takes place exclusively within the tenant-specific roles and permissions concept of the LoyJoy Manager.
  5. Configurable retention periods: Default deletion after 30 days; Controllers may configure different periods.
  6. Logging: Access to transcripts and recordings as well as configuration changes are logged.
  7. No AI training with user data: The processed voice and transcript data are not used for training AI models.

§ 9 Transparency Towards Callers

The Processor provides a configurable default greeting that informs callers at the beginning of the conversation that they are interacting with an AI system and that the conversation is temporarily stored.

The Controller is responsible for ensuring that the greeting used complies with applicable legal requirements (in particular Art. 50 EU AI Act). If the Controller modifies or removes the default greeting, the Controller bears sole responsibility for the legal assessment of the deviating design.

When call recording is activated, the Controller is additionally obliged to assess whether and in what form a separate notice or consent from callers is required for the recording.

§ 10 Final Provisions

This supplementary agreement enters into force upon signature by both parties and applies for the duration of the Controller’s use of the LoyJoy Phone Agent.

In all other respects, the provisions of the existing DPA remain in force unchanged. In the event of conflicts between this supplementary agreement and the existing DPA, this supplementary agreement takes precedence insofar as it contains specific provisions for the Phone Agent.

Amendments to this supplementary agreement require written form.

§ 11 Signatures

_______________________, ____________

Controller

___________________________________
Signature, Name, Position

Münster, ____________

LoyJoy GmbH

___________________________________
Signature, Name, Position