Is issued by the European Commission that a country or region or a category of recipients in such country or region is deemed to provide an "adequate" level of data protection.
The term used to describe the Alphanumeric Group that consists of Alphanumeric System, Inc. (a US based company) and its affiliates, subsidiaries, and associates worldwide (hereafter referred to as the “company” or “Alphanumeric”).
Applicable Data Controller Law
Means the provisions of mandatory law of a country containing rules for the protection of individuals with regard to the Processing of Personal Information including security requirements for and the free movement of such Personal Information as applicable to Alphanumeric in its capacity as the Data Controller of Personal Information.
Automatic Call Distribution (ACD)
Automatic Call Distribution or ACD, is a tool commonly used in the telephony industry. ACD systems are commonly found in any office that handles a large volume of inbound calls. The primary purpose of an Automatic Call Distributor is to disperse incoming calls to contact center agents or employees with specific skills.
Automatic Number Identification (ANI)
Automatic number identification is a feature of a telecommunications network for automatically determining the origination telephone number on toll calls for billing purposes. Automatic number identification was originally created by AT&T Corporation for internal long distance charging purposes, eliminating the need for telephone operators to manually request the number of the calling party for a toll call.
Binding Corporate Rules
Shall mean the tasks and processes aimed at developing and implementing growth opportunities within and between Alphanumeric and Business Partners.
Shall mean any Third-Party, other than a Customer or Supplier, that has or has had a business relationship or strategic alliance.
Business Requirements Document
Clean Up Period
Is the timeframe at the end of the Data Retention Period or when the usability of the data has expired (e.g., no business need or interest) where the data is purged and/or anonymized.
Means any information disclosed by either party to the other party, either directly or indirectly, in writing, orally or by inspection of tangible objects (including, without limitation, documents, prototypes, samples, plant and equipment), which is designated as "Confidential," "Proprietary" or some similar designation by the Company.
Refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Shall mean any person, private organization, or government body that purchases, may purchase, or has purchased a product or service.
Shall mean the services provided to Customers to support products and services offered to or in use with their employees or customers (e.g., Alphanumeric's digital transaction (agreement) management and related identity management suite of products and services). These services may include maintenance, upgrade, replacement, inspection, and related support activities aimed at facilitating the continued and sustained use of Alphanumeric products and services.
Is an incident where information is stolen or taken from a system without the knowledge or authorization of the system's owner.
Refers to the categorization through which a group organizes the data it processes.
Is the practice of collecting public and personal data that can be used to identify an individual for specific purposes.
Data Concerning Health
Means personal data related to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about his or her health status.
Is the limiting of the collection and retention of personal information to what is directly relevant and necessary to accomplish a specified purpose. The personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Is any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated or manual means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Protection Authority (DPA)
Are independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law. Depending on the country (such as Members of the European Union) these Authorities can apply penalties on companies that fail to comply with data protection legislation.
Data Protection Impact Assessment (DPIA)
A procedure to conduct and document a prior assessment of the impact which a given Processing may have on the protection of personal information, where such Processing is likely to result in a high risk for the rights and freedoms of Individuals, where new technologies are used.
Data Protection Law
The provisions of mandatory law of any country in which an organization has operations contain rules for the protection of individuals regarding the Processing of Personal Information including security requirements for and the free movement of such Personal Information.
Data Protection Officer (DPO)
An independent data protection expert who has numerous responsibilities regarding data processing in the Company, such as:
- monitoring an organization’s data protection compliance;
- informing the Company about and advising it on its data protection obligations;
- providing advice on data protection impact assessments (DPIAs) and monitoring their performance; and
- acting as a contact point for data subjects and the relevant data supervisory authorities.
Is a process that permanently eliminates inactive or obsolete data records from the database.
Data Transfer Agreement (DTA)
Data Transfer Agreement is a contract between the providing and recipient institutions that governs the legal obligations and restrictions, as well as compliance with applicable laws and regulations, related to the transfer of such data between the parties.
The most senior individual of the given function who may or may not be an executive.
Dialed Number Identification Service (DNIS)
Service offered by telecom providers to their commercial customers, letting them know what number was dialed for each incoming call. The data is sent as a series of touch tone digits along with the call and interpreted at the destination by the PBX. From there, the dialed number identification service (DNIS) information may be sent to an interactive voice response (IVR) system for further use, such as call routing.
Digital Enhanced Cordless Telecommunications (DECT)
A digital wireless technology that originated in Europe, but is now used worldwide. DECT is a radio technology for voice data applications (such as cordless telephones, wireless offices and even wireless telephone lines to the home). DECT uses time division multiple access (TDMA) to transmit radio signals to phones and is best-suited to smaller areas with a large number of users. It has been designed and specified to work with many other types of network, such as the PSTN, ISDN, GSM and others. DECT was formerly an acronym for Digital European Cordless Telecommunications, however the name of the technology has changed to reflect the global usage and acceptance of the technology.
Direct Inward Dialing (DID)
A feature offered by telephone companies for use with their customers' PBX system, whereby the telephone company (telco) allocates a range of telephone numbers associated with one or more phone lines. DID allows a company to assign a personal number to each employee, without requiring a separate physical phone line, for each, to connect to the PBX. This way, telephony traffic can be split up and managed more easily.
Eligible Data Breach
Eligible Data Breach is one that has the ability to potentially generate damage to the Company, third-party companies (partners or not) and/or a natural person. An eligible data breach occurs in, but is not limited to situations in which:
- there is unauthorized access to or unauthorized disclosure of personal information or a loss of personal information,
- this is likely to result in serious harm to one or more individuals, and
- the organization has not been able to prevent the likely risk of serious harm with remedial action.
Shall mean the following individuals:
- an employee, job applicant or former employee of an organization including temporary workers working under the direct supervision of an organization (e.g., independent contractors and trainees). This term does not include people working at an organization as consultants or employees of Third Parties providing services to an organization
- a (former) executive or non-executive director of an organization or (former) member of the supervisory board or similar body to an organization.
European Union (EU) and European Economic Area (EEA) countries
The area set up by the EEA agreement, comprising the 27 Member States of the European Union and the three countries of EFTA (the European Free Trade Association), which are bound by the Agreement on the European Economic Area (EEA).
The 27 Member States are Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden. The three EFTA countries which are also bound by the Data Protection Directive, through being part of the EEA, are Iceland, Liechtenstein, and Norway.
General Data Protection Regulation
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
The Managed Services team that accepts and manages issues that are tracked via the incident management system.
All servers, applications or network devices that contain, transmit or process Confidential or Confidential Restricted Data are considered “High-Security Systems”.
Any Customer, Supplier or Business Partner (employee of or any person working for) and any other person whose personal Information Alphanumeric processes in the context of the provision of its services.
Refers to knowledge communicated or received via materials and/or data produced by, procured by, or obtained that can be in electronic or physical (e.g., printed or written on various physical media) form.
Integrated Services Digital Network (ISDN)
A circuit-switched telephone network system that transmits both data and voice over a digital line. You can also think of it as a set of communication standards to transmit data, voice, and signaling. These digital lines could be copper lines. The basic advantage of ISDN is to facilitate the user with multiple digital channels. ... ISDN provides high data rate because of digital scheme which is 56kbps. ISDN network lines are able to switch manifold devices on the single line such as faxes, computers, cash registers credit cards readers, and many other devices.
An instruction are the detailed set of steps that fulfill a procedure or policy and are in the purview of the Department Head but do not change the policy or procedure.
The individual who is accountable for these instructions, its ongoing accuracy, and relevance. The Instructions Owner may or may not be the author.
An organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.
When the security measures used on iOS devices that restrict user rights by preventing access to the administrator account have been removed.
Message of the Day
Master Services Agreement
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Personal Data Breach
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Personal Data Processing
Denotes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction; or any other form of interacting with data.
Any information relating to an identified or identifiable Individual.
Personal Identification Number.
Sets the Company’s expectations for a particular subject at a high level, serving to communicate in writing the “dos and don’ts” associated with a given topic or business matter, along with an explanation of scope (to whom the policy applies), and background that helps readers understand the principles (the “why”) behind the expectations codified in the written document.
The individual who is accountable for this policy, its ongoing accuracy, and relevance. The Policy Owner may or may not be the author.
Private Branch Exchange (PBX)
Is a private telephone network used within a company or organization. The users of the PBX phone system can communicate internally (within their company) and externally (with the outside world), using different communication channels like Voice over IP, ISDN or analog.
Sets out the steps or requirements for a certain situation, topic, or business matter. An SOP is a Standard Operating Procedure.
The individual who is accountable for this procedure, its ongoing accuracy, and relevance. The Procedure Owner may or may not be the author.
A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Information must be considered relevant when there is a possibility it could influence on some level with the company’s best interest and business needs.
Remote Call Forwarding (RCF)
In telecommunication, a remote call forwarding is a service feature that allows calls coming to a remote call forwarding number to be automatically forwarded to any answering location designated by the call receiver.
Working from anywhere other than the Alphanumeric facilities such as personnel who work from home and co-working spaces. This concept includes, but is not limited to, workers who work remotely, but on a flexible schedule, and who work remotely, but come to the office from time to time. The concept of working remotely varies depending on local legislation and the type of agreement between the company and the worker.
Responsible Organization (RespOrg)
It refers to a carrier that owns and manages toll-free numbers. As the name suggests, a RespOrg is tasked with registering and indexing its toll-free numbers in the 800 database. Some carriers, like Bandwidth, are also RespOrgs. If you decide to port your toll-free number to a new service provider, your current carrier must authorize the release of that individual number to your new carrier’s RespOrg.
When security measures on Android devices which restrict user rights by preventing access to the administrator account have been removed.
Personal data that reveals an Individual's racial or ethnic origin, political opinions or membership in political parties or similar organizations, religious or philosophical beliefs, membership in a professional or trade organization or union, physical or mental health including any opinion thereof, disabilities, genetic CSB Information, biometric CSB Information, addictions, sex life, criminal convictions or offenses, or social security numbers issued by the government.
Session Initiation Protocol (SIP)
A signaling protocol that enables the Voice Over Internet Protocol (VoIP) by defining the messages sent between endpoints and
Any Third-Party that provides goods or services to ASI (e.g., an agent, consultant, or vendor), including Third-Party Processors.
The goods or services provided by Supplier under an agreement with ASI.
The person who is designated responsible for the administration of a particular IT system.
Any country other than the EU and EEA Member States.
A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
A natural or legal person or organization which processes personal data on behalf of a controller. This essentially means any third party who processes personal data on Alphanumeric’s behalf. Alphanumeric’s contractors can be also considered third party processors.
The Alphanumeric IT engineering team.
Data that is no longer considered relevant or that no longer serves its purpose or lawful basis of being processed.
Vector Directory Number (VDN)
An extension on an automatic call distributor that directs an incoming call to a "vector"—a user-defined sequence of functions that may be performed, such as routing the call to a destination, giving a busy signal, or playing a recorded message. This number is a "soft" extension number not assigned to an equipment location. VDNs must be set up according to the customer's dial plan and the optional vectoring software must be enabled. VDN is used in different call center environments.
Includes management, officers, directors, employees, consultants, contractors, trainees, seconded staff, remote workers, contract staff, or any other person associated with Alphanumeric (hereafter referred to as “workers”).