1. Purpose and Scope

As part of responsibilities, Vocally volunteers and staff acting on behalf of Vocally (referred to as “VOCALLY Data Users”) may have the opportunity to collect, access, use and/or process personal data of individuals who interact with VOCALLY.

Examples of personal data can include name, contact details, date of birth and pictures. This data includes, but is not limited to, existing or new data sources and data obtained via websites, applications, behavioral monitoring, and databases related to VOCALLY members, non-members, customers, product purchasers, and various other parties stored on local devices, cloud services, or applications provided by VOCALLY or entities other than VOCALLY (referred to as “VOCALLY Data”). This VOCALLY Data can be used to gain valuable business insights, make key business decisions.

This Policy defines the processes, rules and procedures that VOCALLY Data Users must follow when collecting, accessing, using (including sharing, publishing, and emailing) managing, and processing VOCALLY Data and addresses the following topics:

  1. Data Collection, Access, and Use
  2. Data Processing and Handling
  3. Data Management
  4. Data Requests and Incidents
  5. Violations
  6. Referenced policies

Compliance with the procedures outlined herein helps VOCALLY maintain proper data security and privacy consistent with industry best practices. It also helps to ensure compliance with various international regulations. This document incorporates and provides actions required to support the VOCALLY Privacy Policy.

All VOCALLY Data Users are required to comply with this VOCALLY Data Access and Use Policy.

 2. Data Collection, Access, and Use

VOCALLY Data is for access and use only by VOCALLY Data Users. VOCALLY Data shall not be furnished to outside entities or be used for any purpose other than for approved VOCALLY business. Access to VOCALLY Data shall be limited to those VOCALLY Data Users who need access to perform their responsibilities on behalf of VOCALLY. VOCALLY Data collected and/or managed by VOCALLY Data Users belongs to VOCALLY.

When collecting VOCALLY Data, the following information must be presented to individuals whose personal data is being collected (referred to as “Data Subjects”):

  1. Statement of the purpose for which the data is being collected;
  2. A link to read and agree to the VOCALLY Privacy Policy (if agreement has not been previously provided);
  3. Where applicable, a link to agree to specific terms and conditions associated with the stated purpose; and
  4. If necessary, a link to agree to receive additional information outside of the purpose stated.

VOCALLY Data that is collected shall be used for the purpose stated at collection, and shall be processed for that purpose only, unless:

  • Agreed to otherwise by the Data Subject;
  • Processing the data is necessary for legitimate business purposes; or
  • There are legal requirements for the use and processing of the data.

Before contacting an individual who has not previously expressed an interest or had a prior engagement, a VOCALLY Data User will validate their list against the VOCALLY Consent Management System to ensure agreement has been obtained. VOCALLY Data Users may continue to contact individuals about previously stated interests or prior engagements.

Any mass email communication must include the ability for the recipient to unsubscribe and not receive further communications as well as provide a link to the VOCALLY Privacy Policy.

It is the responsibility of the VOCALLY Data User to keep informed of VOCALLY policies governing mailings, the use of labels and email addresses, regulations governing VOCALLY offices, VOCALLY Privacy and Security policies and Email Terms and Conditions. 

3. Data Processing and Handling

VOCALLY is responsible for the actions of VOCALLY Data Users with respect to the processing of VOCALLY Data. This includes VOCALLY Data collected and maintained by VOCALLY Data Users. VOCALLY Data Users shall process VOCALLY data as outlined in this document. Any third party processing of VOCALLY Data shall be subject to an agreement outlining the third party’s responsibility to comply with VOCALLY data privacy policies and applicable data privacy regulations. VOCALLY template agreements shall be used whenever possible and, if applicable, executed through the appropriate VOCALLY contracts process.

Whenever possible, remove personally identifiable data and use aggregated data prior to processing. If data is to be publicly presented, all personal data must be removed or hidden.

VOCALLY Data Users shall confer with VOCALLY staff to determine whether uses other than for the purpose stated at collection are permitted.

4. Data Management

VOCALLY Data will be stored in a VOCALLY database. VOCALLY Data Users must take precaution to make sure VOCALLY Data is stored and handled securely and is not accessible to unauthorized individuals. VOCALLY Data that has been previously stored on a personal device and is no longer needed must be deleted.

5. Data Requests and Incidents

If a VOCALLY Data User receives a data subject request (e.g., right of access or right to be forgotten) from an individual the VOCALLY Data User shall direct the individual to send an email to with "Removal of Data Request" in the subject line. At the direction of the VOCALLY Data Protection Officer, a VOCALLY Data User shall comply with requests to update or remove data that may be in their possession and confirm such actions have been taken in a timely manner.

If a VOCALLY Data User becomes aware of or suspects a data incident may have occurred (e.g., breach, loss of data, loss of equipment containing VOCALLY data) the VOCALLY Data Users shall contact and write to immediately. The Data User should include as much detail as possible in their report. The assistance of the VOCALLY Data User in addressing the matter may be necessary.

6. Violations

Compliance with this Policy is mandatory. Violations may result in loss of access to VOCALLY tools and potential disciplinary action.    

Violations of data privacy regulations may result in judgments against or significant fines to VOCALLY. In some instances, VOCALLY Data Users could also be held personally responsible.