PRIVACY POLICY AND PERSONAL DATA PROTECTION OF SERVICEBOTS
1 Legal basis and scope of application
The data processing policy is developed in compliance with Articles 15 and 20 of the Political Constitution; Articles 17 literal K) and 18 literal f) of Statutory Law 1581 of 2012, by which general provisions for the Protection of Personal Data (LEPD) are issued; and Article 13 of Decree 1377 of 2013, by which the previous Law is partially regulated.
This policy shall be applicable to all personal data recorded in databases that are subject to processing by the data controller.
2 Definitions
Established in Article 3 of Law 1581 of 2012 and in Article 3 of Decree 1377 of 2013.
Authorization: Prior, express, and informed consent of the Data Subject to carry out the processing of personal data.
Privacy Notice: Verbal or written communication generated by the controller, addressed to the Data Subject for the processing of their personal data, by means of which they are informed about the existence of the data processing policies that will be applicable to them, the way to access them, and the purposes of the processing intended for the personal data.
Database: Organized set of personal data that is subject to processing.
Personal data: Any information linked or that may be associated with one or more identified or identifiable natural persons.
Public data: Data that is not semi-private, private, or sensitive. Public data includes, among others, data related to the marital status of individuals, their profession or occupation, and their status as merchants or public servants. By its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial decisions that are not subject to confidentiality.
Sensitive data: Sensitive data is understood as data that affects the privacy of the Data Subject or whose improper use may generate discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social or human rights organizations, or that promote the interests of any political party or guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
Data processor: Public or private natural or legal person who, by itself or in association with others, carries out the processing of personal data on behalf of the controller: Natural or legal person, public or private, who by itself or in association with others, decides on the database and/or the processing of data.
LEDP: Statutory Data Protection Law.
Data Subject: Natural person whose personal data is subject to processing.
Transfer: The transfer of data takes place when the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for processing and is located within or outside the country.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
3 Authorization of the data processing policy
Authorization from the Data Subject shall not be required when the information is requested by a public or administrative entity in the exercise of its functions or by court order.
▪ Public nature data.
▪ Cases of medical or health emergencies.
▪ Processing of information authorized by law for historical, statistical, or scientific purposes.
▪ Data related to the Civil Registry of persons.
4 Data controller
The controller of the databases subject to this policy is SERVICEBOTS S.A.S., whose contact details are as follows:
Address: Cra 19ª 122 88
Email: info@servicebots.ai
Phone: (601) 9174722
5 Processing and purpose of the databases
SERVICEBOTS S.A.S., in the development of its business activity, carries out the processing of personal data related to natural persons that are contained and processed in databases intended for legitimate purposes, in compliance with the Constitution and the Law.
6 Rights of the Data Subjects
In accordance with Article 8 of the LEPD and Articles 21 and 22 of Decree 1377 of 2013, Data Subjects may exercise a series of rights in relation to the processing of their personal data. These rights may be exercised by the following persons.
By the Data Subject, who must sufficiently prove their identity through the different means made available by the controller.
By their successors, who must prove such status.
By the representative and/or attorney of the Data Subject, upon prior proof of representation or power of attorney.
By stipulation in favor of another and for another.
The rights of children and adolescents shall be exercised by the persons authorized to represent them.
The Data Subject’s rights are as follows:
Right of access or consultation: This is the right of the Data Subject to be informed by the controller, upon request, regarding the origin, use, and purpose given to their personal data.
Right to complaints and claims: The law distinguishes four types of claims:
▪ Correction claim: This is the right of the Data Subject to have partial, inaccurate, incomplete, fragmented data that may lead to error, or data whose processing is expressly prohibited or has not been authorized, updated, rectified, or modified.
▪ Deletion claim: This is the right of the Data Subject to have data deleted when it is inadequate, excessive, or does not respect constitutional and legal principles, rights, and guarantees.
▪ Revocation claim: This is the right of the Data Subject to revoke the authorization previously granted for the processing of their personal data.
▪ Infringement claim: This is the right of the Data Subject to request that non-compliance with Data Protection regulations be remedied.
Right to request proof of the authorization granted to the controller: Except when expressly exempted as a requirement for processing in accordance with the provisions of Article 10 of the LEPD.
Right to file complaints with the Superintendence of Industry and Commerce for violations: The Data Subject or successor may only file this complaint once they have exhausted the consultation or claim process before the controller or processor.
7 Attention to Data Subjects
The Administrative and Human Resources Director of SERVICEBOTS S.A.S. shall be the Data Protection Officer responsible for handling requests, inquiries, and claims before whom the Data Subject may exercise their rights, in accordance with section 15 “Roles and Responsibilities.”
Phone: (601) 9174722
Email: andres.marin@servicebots.ai
8 Procedure to exercise the Data Subject’s rights
8.1. Right of access or consultation
According to Article 21 of Decree 1377 of 2013, the Data Subject may consult their personal data free of charge in two cases: At least once every calendar month.
Whenever there are substantial modifications to the data processing policies, for consultations whose frequency is greater than one per calendar month, SERVICEBOTS S.A.S. may only charge the Data Subject for shipping, reproduction, and, where applicable, document certification costs. Reproduction costs may not exceed the recovery costs of the corresponding material. For this purpose, the controller must demonstrate to the Superintendence of Industry and Commerce, when so required, the support for such expenses.
The Data Subject may exercise the right of access or consultation of their data by means of a written request addressed to SERVICEBOTS S.A.S., sent by email to: info@servicebots.ai, indicating in the Subject line “Exercise of the right of access or consultation,” or by postal mail sent to SERVICEBOTS S.A.S. The request must contain the following information:
▪ First and last name of the Data Subject.
▪ Photocopy of the Data Subject’s Citizenship ID and, where applicable, of the person representing them, as well as the document proving such representation.
▪ Request specifying the access or consultation sought. Address for notifications, date, and signature of the applicant.
▪ Supporting documents of the request made, when applicable.
The Data Subject may choose one of the following methods of consulting the database to receive the requested information:
▪ On-screen viewing.
▪ In writing, with copy or photocopy sent by certified mail or Fax No.
▪ Email or other electronic means.
▪ Another system suitable to the configuration of the database or the nature of the processing, offered by SERVICEBOTS S.A.S.
Once the request is received, SERVICEBOTS S.A.S. shall resolve the consultation request within a maximum period of ten (10) business days counted from the date of receipt. When it is not possible to respond to the consultation within said term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which their consultation will be addressed, which in no case may exceed five (5) business days following the expiration of the first term. These terms are established in Article 14 of the LEPD. Once the consultation process has been exhausted, the Data Subject or successor may file a complaint before the Superintendence of Industry and Commerce.
8.2. Right to complaints and claims
The Data Subject may exercise their claim rights regarding their data by means of a written request addressed to SERVICEBOTS S.A.S., sent by email to info@servicebots.ai, indicating in the Subject line “Exercise of the right of access or consultation,” or by postal mail sent to SERVICEBOTS S.A.S.
The request must contain the following information:
▪ First and last name of the Data Subject.
▪ Photocopy of the Data Subject’s Citizenship ID and, where applicable, of the person representing them, as well as the document proving such representation.
▪ Description of the facts and request specifying the correction, deletion, revocation, or infringement sought.
▪ Address for notifications, date, and signature of the applicant.
▪ Supporting documents of the request made that are intended to be asserted, when applicable.
If the claim is incomplete, the interested party shall be required within five (5) days following receipt of the claim to remedy the deficiencies. After two (2) months from the date of the request, without the applicant submitting the required information, it shall be understood that they have withdrawn the claim.
Once the complete claim is received, a note stating “claim in process” and the reason for it shall be included in the database within no more than two (2) business days. Such note must be maintained until the claim is decided.
SERVICEBOTS S.A.S. shall resolve the consultation request within a maximum period of fifteen (15) business days counted from the date of receipt. When it is not possible to respond to the claim within said term, the interested party shall be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
Once the claim process has been exhausted, the Data Subject or successor may file a complaint before the Superintendence of Industry and Commerce.
9 Security measures
SERVICEBOTS S.A.S., in order to comply with the security principle established in Article 4 literal g) of the LEPD, has implemented the necessary technical, human, and administrative measures to guarantee the security of records, preventing their alteration, loss, consultation, use, or unauthorized or fraudulent access.
Likewise, SERVICEBOTS S.A.S., through the execution of the corresponding transmission agreements, has required the processors with whom it works to implement the necessary security measures to guarantee the security and confidentiality of the information in the processing of personal data.
Below are the security measures implemented by SERVICEBOTS S.A.S., which are collected and developed in its information security documents
(Tables I, II, III, and IV).
Table I: Common security measures for all types of data (Public, semi-private, private, sensitive) and databases (automated, non-automated)
| DOCUMENT AND MEDIA MANAGEMENT | ACCESS CONTROL | INCIDENTS | PERSONNEL | INTERNAL SECURITY MANUAL |
|---|---|---|---|---|
| 1. Measures to prevent improper access or recovery of data that has been discarded, deleted, or destroyed. 2. Restricted access to the place where data is stored. 3. Authorization from the controller for the removal of documents or media by physical or electronic means. 4. Labeling or identification system for the type of information. | 1. User access limited to the data necessary for the performance of their duties. 2. Updated list of users and authorized access. 3. Mechanisms to prevent access to data with rights other than those authorized. | 1. Incident log, type of incident, time it occurred, sender of the notification, recipient of the notification, effects, and corrective measures. 2. Incident notification and management procedure. | 1. Definition of the functions and obligations of users with access to data. 2. Definition of control and authorization functions delegated by the controller. 3. Dissemination among personnel of the rules and the consequences of non-compliance. | 1. Preparation and implementation of a mandatory manual for personnel. 2. Minimum content: scope of application, security measures and procedures, functions and obligations of personnel, description of databases, procedures in the event of incidents, backup and data recovery procedures, security measures for the transport, destruction, and reuse of documents, identification of data processors. |
Table II: Common security measures for all types of data (public, semi-private, private, sensitive) according to the type of databases — Non-automated databases
| FILING | DOCUMENT STORAGE | DOCUMENT CUSTODY |
|---|---|---|
| Filing of documentation following procedures that guarantee proper conservation, location, and allow the exercise of Data Subjects’ rights. | Storage devices with mechanisms that prevent access by unauthorized persons. | Duty of diligence and custody by the person in charge of the documents during their review or pending processing. |
Table III: Security measures for private data according to the type of databases.
Designation of one or more Security Controllers, periodic designation of one or more persons in charge of compliance with control and coordination of the measures of the Internal Security Manual.
Prohibition of delegating the responsibility of the controller to the security officer.
Automated databases
| DOCUMENT AND MEDIA MANAGEMENT | ACCESS CONTROL | IDENTIFICATION AND AUTHENTICATION | INCIDENTS |
|---|---|---|---|
| 1. Record of entry and exit of documents and media, date, sender and recipient, number and type of identification, method of delivery, person responsible for receipt or delivery. | 1. Access control to the place(s) where information systems are located. | 1. Mechanism limiting the number of repeated unauthorized access attempts. | 1. Record of procedures executed and data restored. 2. Authorization from the controller for the recovery procedure. |
Table IV: Security measures for sensitive data according to the type of databases
Non-automated databases
| ACCESS CONTROL | DOCUMENT STORAGE | COPY OR REPRODUCTION | DOCUMENT TRANSFER |
|---|---|---|---|
| 1. Access only for authorized personnel. 2. Access identification mechanism. 3. Log of access by unauthorized users. | 1. Filing cabinets, cupboards, or others located in protected access areas with keys or other measures. | 1. Only by authorized users. 2. Destruction preventing access to or recovery of data. | 1. Measures preventing access to or manipulation of documents. |
Automated databases
| DOCUMENT AND MEDIA MANAGEMENT | ACCESS CONTROL | TELECOMMUNICATIONS |
|---|---|---|
| 1. Confidential labeling system. 2. Data encryption. 3. Encryption of portable devices when outside. | 1. User access log, time, database accessed, type of network, record accessed. 2. Access log control by the security officer, monthly report. 3. Data retention for 2 years. | 1. Data transmission through encrypted electronic networks. |
10 Transfer of data to third countries
In accordance with Title VIII of the LEPD, the transfer of personal data to countries that do not provide adequate levels of data protection is prohibited. A country is understood to offer an adequate level of data protection when it complies with the standards set by the Superintendence of Industry and Commerce on the matter, which in no case may be lower than those required by this law for its addressees. This prohibition shall not apply in the following cases:
▪ Information for which the Data Subject has granted their express and unequivocal authorization for the transfer.
▪ Exchange of medical data, when required for the treatment of the Data Subject for reasons of health or public hygiene.
▪ Banking or stock market transfers, in accordance with the legislation applicable to them.
▪ Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
▪ Transfers necessary for the execution of a contract between the Data Subject and the controller, or for the execution of pre-contractual measures, provided that the Data Subject’s authorization is obtained.
▪ Transfers legally required for the safeguarding of the public interest, or for the recognition, exercise, or defense of a right in a judicial process.
In cases not contemplated as exceptions, it shall be the responsibility of the Superintendence of Industry and Commerce to issue the declaration of conformity regarding the international transfer of personal data. The Superintendent is empowered to request information and carry out the procedures aimed at establishing compliance with the requirements necessary for the viability of the operation.
International transmissions of personal data carried out between a controller and a processor to allow the processor to carry out the processing on behalf of the controller shall not require notification to the Data Subject nor their consent, provided that there is a personal data transmission agreement.”
11 Collection of personal data for potential candidates
We are responsible for processing in accordance with applicable privacy legislation. Candidates’ personal data is processed and used solely for the purpose of managing and facilitating the hiring of employees for our business.
11.1. Collection of personal data
We are responsible for processing the personal data that candidates provide during the selection process, or the personal data that we otherwise collect in connection with the selection process.
11.2. When and how we collect personal data
We collect candidates’ personal data when:
▪ They submit an application through the job portal or otherwise, adding personal data about themselves either personally or by using a third-party source such as Facebook, LinkedIn, or Instagram.
▪ They use any of the job platforms used by SERVICEBOTS or SERVICEBOTS social networks, adding personal data.
We collect data from third parties such as Facebook, LinkedIn, and through other public sources. This is known as “Sourcing” and is carried out manually by our employees or automatically by SERVICEBOTS job platforms. In some cases, existing employees may make recommendations regarding potential candidates or referrals. Such employees will add personal data about those potential candidates or referrals. In cases where this occurs, the potential applicant is considered a candidate in the context of this Privacy Policy and will be informed about the processing.
11.3. How long personal data will be processed
If a Candidate does not object, in writing, to the processing of their personal data, we will store and process the personal data for as long as we consider necessary in relation to the purposes indicated above. Please note that an applicant (Candidate) may be of interest to us for future recruitment, and for this purpose we may store Candidates’ personal data until it no longer has value as a potential hire. If you, as a Candidate, wish for your Personal Data not to be processed for this purpose (future recruitment), please contact us using the contact details.
11.4. Transfer of personal data to third parties
We will not sell or transfer Candidates’ personal data to third parties.
We may transfer Candidates’ Personal Data to:
▪ Our contractors, subcontractors, clients, and potential clients.
▪ Authorities or legal advisors in the event of suspected criminal or improper conduct.
We will only transfer Candidates’ personal data to third parties that we trust. We carefully select partners to ensure that the Candidate’s personal data is processed in accordance with applicable privacy legislation.
12. Changes
We have the right, at any time, to make changes or additions to the Privacy Policy. The latest version of the Privacy Policy will always be available through the job portal or when required. A new version shall be considered communicated to Candidates when the Candidate has received an email informing them of the new version (using the email address provided by the Candidate in connection with the use of the Service) or when the Candidate is otherwise informed of the new Privacy Policy.
13. Validity
The databases under the responsibility of SERVICEBOTS S.A.S. shall be subject to processing for the time that is reasonable and necessary for the purpose for which the data is collected. Once the purpose or purposes of the processing have been fulfilled, and without prejudice to legal provisions stating otherwise, SERVICEBOTS S.A.S. shall proceed to delete the personal data in its possession unless there is a legal or contractual obligation requiring its retention. Therefore, said database has been created without a defined period of validity.
“This processing policy remains in force as of March 22, 2023”
14. Data Processing Audit Policy
The objective of the ServiceBots data protection audit policy is to establish a framework of reference and a series of procedures and guidelines to ensure compliance with the obligations and requirements established in Law 1581 of 2012 regarding the processing and use of personal data. The policy seeks to ensure the protection of the personal data of employees, clients, suppliers, and any other type of stakeholder whose data may be processed by the company, as well as to minimize the risks of legal non-compliance, complaints, claims, and fines. The policy also seeks to establish a system for regular evaluation of the effectiveness of the technical and organizational security measures adopted by the company and a process for reviewing and updating such measures when necessary, in line with the obligations established by law.
14.1 Definitions
• Personal data: any information relating to an identified or identifiable natural person, i.e., any information that allows a person to be identified directly or indirectly. This includes, for example, name, email address, postal address, date of birth, tax identification, contact information, financial information, medical information, among others.
• Processing of personal data: Any operation or set of operations performed on personal data, such as collection, recording, organization, storage, use, disclosure, deletion, etc.
• Technical and organizational security measures: Measures adopted to protect personal data from unauthorized access, disclosure, destruction, alteration, or loss, and to ensure its integrity, confidentiality, and availability. They may include physical, technical, organizational, and legal measures.
• Data processor: Natural or legal person who processes personal data on behalf of the controller.
• Purpose of processing: The purpose or reason why personal data is collected and processed.
• Record of Processing Activities: Document that records all personal data processing activities carried out by the company or organization.
• Disclosures and international transfers: The transfer or communication of personal data to third countries outside the European Union.
• Data access agreements: Written agreement between the controller and the persons or entities that have access to personal data, which establishes the conditions and obligations regarding the protection of personal data.
• Data Protection Officer (DPO): Person responsible for ensuring compliance with Law 1581 of 2012 in a company or organization, and for acting as the point of contact between the company and the Data Protection Authority.
14.2 Responsibilities
Responsibilities of the audit team
The audit team must carry out the following activities:
• Define the objectives and scope of the audit: The purpose and objectives to be achieved with the personal data protection audit must be established. The scope of the audit must also be defined, i.e., the areas and processes to be evaluated.
• Identify personal data: It is necessary to identify the personal data handled by the company and its origin, the processes performed with it, and the persons who access it.
• Assess risks: Potential risks and threats that may affect the privacy of personal data must be identified, analyzing existing controls and their effectiveness.
• Review documentation: All documents related to personal data protection must be reviewed, such as policies and procedures, data processing records, access authorizations, and documentation related to information security.
• Perform compliance testing: It is important to perform tests to verify that rules and regulations regarding the protection of personal data are being complied with, and that the controls implemented are effective.
• Document the results: It is important to document the findings and results of the audit, including recommendations to improve the protection of personal data.
• Implement corrective actions: The necessary corrective actions must be implemented to correct the deficiencies detected during the audit and improve the protection of personal data.
• Monitor and maintain: The personal data protection audit is a continuous process that must be monitored and maintained to ensure continued compliance with rules and regulations on personal data protection. It is important to carry out periodic audits to ensure the effectiveness of implemented controls and to update policies and procedures when necessary.
Responsibilities of personal data subjects:
Personal data subjects must cooperate with the audit team during the personal information security audit. This includes providing access to personal information and answering the audit team’s questions.
14.3 Personal information security audit process
The personal information security audit process must follow the steps below:
• Identification and collection of the personal data managed by the company: The identification of personal data that will be processed, stored, and handled by Servicebots is defined in the document “Information Asset Management Procedure, INFORMATION ASSET CLASSIFICATION section”; the company’s documentation must be reviewed to verify that all data protection agreements are signed, that express consent has been obtained from the data subjects for the processing of their data, that the purposes for which such data was collected are complied with, that the necessary confidentiality agreements have been signed, and those contracts necessary for the disclosure of data to third parties.
• Audit planning: staff interviews must be planned and all necessary documentation that includes personal data must be gathered to resolve any questions regarding such documentation. The technical and organizational security measures implemented by the company and the processing systems used must also be analyzed.
• Analysis and documentation of the company’s level of compliance: the company’s compliance with Law 1581 of 2012 must be analyzed and verified, using the information and data collected in the previous phases. Errors and vulnerabilities that must be remedied must be identified.
• Creation and delivery of the audit report with the results obtained: a final report must be prepared with the results of the audit, detailing aspects to be improved, potential deficiencies, and the auditor’s proposals to improve and solve these problems and thus comply with regulatory requirements. This report must be presented both to company management and to the security officer and the DPO, so that appropriate corrective measures can be taken. It is advisable to have an audit template to prepare this report more easily.
14.4 Reviews and updates
This policy must be reviewed and updated regularly to ensure that it remains effective and complies with regulations and legal requirements at all times. To carry out this review and update, the following steps may be followed:
• Establish a review schedule: It is important to establish a review frequency for the data protection audit policy. This frequency may vary depending on the size of the company, the number of employees, and the type of data handled. It is specified that the review be carried out at least once a year during Q3 of Servicebots’ fiscal year.
• Review of policies and procedures: During the review, the audit policy and the procedures followed to ensure the protection of personal data must be examined. All aspects of the policy must be analyzed, including access controls, password management, data retention policies, among others.
• Identification of new regulations and legal changes: During the review, new regulations and legal changes that affect the data protection audit policy must be identified. This may include reviewing new data protection laws, new EU or local authority guidelines, as well as other changes in the industry.
• Compliance assessment: Compliance with the data protection audit policy must be assessed and areas where improvement is needed must be identified. This assessment must be thorough and must consider all areas of the company that handle personal data.
• Policy update: Once areas where improvement is needed have been identified, the data protection audit policy must be updated. This may include updating policies and procedures, implementing new security controls, staff training, among others.
• Communication and training: Once the data protection audit policy has been updated, it is important to communicate these changes to all staff and ensure that they are aware of the new policies and procedures; information security awareness is determined in the document “Training and Awareness Plan on Information Security and Cybersecurity”.. In addition, additional training on data protection may be offered to ensure that all employees are up to date and have the necessary knowledge to comply with regulations.
14.5 Audit Planning
| Process | Responsible | Date |
|---|---|---|
| Review | ISMS | Q3 of the Current Fiscal Year |
| Deletion of Personal Data | Controller | Executed at the client’s request following the Procedure to exercise the Data Subject’s rights in this document. |
15. Roles and Responsibilities
| ROLE | POSITION DESCRIPTION | RESPONSIBILITIES | PROFILE |
|---|---|---|---|
| CEO | The top executive whose objective is to propose, execute, and direct strategies to achieve corporate objectives in a sustainable manner and optimally employing resources | administrative | |
| CTO | Must efficiently maintain, develop, articulate, and continuously evolve the direction of the company’s technological strategy to constantly offer clients the best product in the market | Responsible for IT infrastructure, cloud platform admin, backup admin, office365 | IT |
| ISO | Person responsible for the security, integrity, and availability of an entity’s information, as well as for the measures implemented to guarantee such security in the company’s IT infrastructure and networks. | Owner of the ISMS | IT + security |
| Commercial and Marketing Manager | Responsible for acquiring clients and the company’s marketing strategy | Responsible for acquiring clients and the company’s marketing strategy | commercial + marketing |
| Key Account Manager | Acquisition of new clients and maintenance and growth of current clients | Acquisition of new clients and maintenance and growth of current clients | commercial + marketing |
| Marketing Leader | Responsible for social media, design, campaigns, corporate presentations | Responsible for social media, design, campaigns, corporate presentations | marketing |
| Administrative and Financial Manager | Responsible for the administrative and financial department | Budget allocation for the ISMS | financial + administrative |
| HR | Human talent management | Hiring and termination of employees, sanctions for non-compliance with the ISMS | administrative |
| Administrative and Financial Assistant | Responsible for administrative and financial assistance | administrative | |
| Product Owner Digital Contact Center | Responsible for the digital contact center service | Develop voice and text Bots. Manage campaigns | technical + management |
| Product Owner Speech and Text Analytics | Responsible for the speech and text analytics service | Development of analytics solutions. Administration of analytics solutions | technical + management |
| Product Owner Voice Biometrics | Responsible for the voice biometrics service | Development of biometric solutions. Manage biometric solutions | technical + management |
| Product Owner Speaker Diarization | Responsible for the speaker diarization service | Development of diarization solutions. Manage diarization solutions | technical + management |
| Product Owner Virtual Triage | Responsible for the virtual triage service | Development of virtual triage bot. Manage virtual triage bot | health technical + management |
| Product Owner Projects | Responsible for the projects service | Project development. Project management | technical + management |
| Health Business Unit Manager | Responsible for lead acquisition in the health sector | Responsible for lead acquisition in the health sector, follow-up on business opportunities | commercial + health |
| Product Manager | Responsible for development of the company’s proprietary software | - | developer + management |
| Operations Manager | Responsible for the construction and proper functioning of all services | - | technical + management |
| AI Manager | Responsible for the team in charge of creating and implementing AI models | - | technical + management |
| Senior Data Scientist | Responsible for creating and implementing AI models | - | technical + management |
| QA | Responsible for the development of the digital contact center bot | - | developer |
| Digital Contact Center Bot Developer | Responsible for the development of the digital contact center bot | Responsible for the development of the digital contact center bot | developer |
| Virtual Triage Bot Developer | Responsible for the development of the specialized virtual triage bot | Responsible for the development of the specialized virtual triage bot | developer |
| Digital Contact Center Operator | Responsible for the execution and monitoring of campaigns | Responsible for the execution and monitoring of campaigns | technical + management |
| Virtual Triage Operator | Responsible for the execution and monitoring of campaigns | Responsible for the execution and monitoring of campaigns | technical + management |
| Analytics Leader | Responsible for report and dashboard development | Responsible for report and dashboard development | technical + developer + management |
| Conversational Intelligence Consultant | Responsible for information gathering and bot design | Responsible for information gathering and bot design | technical |
| Speech Analytics Consultant | Responsible for the development and implementation of speech analytics projects | Responsible for the development and implementation of speech analytics projects | technical |
| Voice Biometrics Analyst | Responsible for the installation and configuration of voice biometric solutions | Responsible for the installation and configuration of voice biometric solutions | technical |
| Speaker Diarization Analyst | Responsible for information gathering and implementation of speaker diarization processes | Responsible for information gathering and implementation of speaker diarization processes | technical |
| Fullstack Developer | Software development for the product area | Software development for the product area | |
| Senior Fullstack Developer | Software development for the product area | Software development for the product area | developer + technical + management |
| NLP Developer | Development of NLP applications | Development of NLP applications | developer |
| Frontend Developer | Frontend development for applications | Frontend development for applications | developer |
| Erlang and Elixir Developer | Development of Erlang and Elixir solutions | Development of Erlang and Elixir solutions | developer |
| Telecommunications Engineer | Development and consulting in telecommunications solutions | Development and consulting in telecommunications solutions | developer |
| Fullstack Developer Projects | Software development for the projects service | Software development for the projects service | developer |
| Project Manager | Project management | management | |
| Help desk | Technical support | technical |