Annex 1: Freespee Privacy Policy

Effective from 5 February 2021

This privacy policy applies to Freespee’s website (the “Site”), to Freespee’s provided Service as described in our Terms and Conditions as well as to any other communications between Freespee and individuals through written or oral means, such as email or phone. All capitalized words and expressions shall have the same meaning as defined in the Terms and Conditions unless explicitly stated otherwise. “personal data”, “processing”, “controller”, “processor” and other words defined within the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) shall have the same meaning as under GDPR.

This policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your personal information. By using our Site or the Service, you consent to the data processing described in this policy. If you do not agree with the data practices described in this policy, you should not use our Site or the Service.

1. Background

As described in the Terms and Conditions, the Service consists of Freespee providing a Freespee Call Extension that can be connected to a Response Number, in order to capture information about incoming calls via the Freespee Call Extension such as the incoming number and the time and duration of the call (the “Call Data”).

The Response Number can belong to the Customer directly or to one of its own customers or users, such as vendors on a marketplace operated by the Customer or resellers of the Customer’s products (such third parties are collectively referred to as “Users”).

2. What information is collected?

We collect different types of information from or through the Site and Service.

Information provided by Customers and Users

When a Customer or User browses the Site or uses the Service, it may provide us with personal data such as name, email address, post address, phone number and billing information.

Information obtained through other sources

We also obtain personal data from sales prospecting companies like Cognism.

Automatically collected information.

When an individual (a “Visitor”) browses a Customer’s or User’s website where the Freespee Tracking Script is installed, we may automatically record certain information about the Visitor by using various types of technologies including cookies, clear gifs or web beacons. This automatically collected information may include IP address or other device address or ID, geographic location of the Visitor, web browser and/or device type, the web pages or sites visited just before or just after visiting the Site, the pages or other content the Visitor views or interacts with, and the dates and times of the visit.

We also collect the incoming phone number of all incoming calls to a Response Number and connect this to the information about the Visitor collected by the Freespee tracking script to produce more detailed intelligence about the Customer’s or User’s incoming phone traffic, site conversion etc.

It is the Customer’s or User’s responsibility to make sure Visitors consent to such personal data being collected and processed by Freespee in accordance with applicable data protection laws and to inform Visitors about cookies being placed on their devices.

Integrated Services

You may be given the option to access or register for the Service through the use of your user name and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google account, or otherwise have the option to authorize an Integrated Service to provide Personal Data or other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store personal data, including but not limited to your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this policy. You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make changes as appropriate. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.

3. How we use the information we collect

We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:


We use the information to operate, maintain, enhance and provide all features

of the Site and Service and to provide support relating to the Site and Service.


We may use a Customer’s or User’s information to contact that Customer or User (i) for administrative purposes such as customer service, to address intellectual property infringement or right of privacy violations related to the Service or (ii) with updates on promotions and events, relating to products and services offered by us and (upon prior approval from Customer or User) by third parties we work with. You have the ability to opt-out of receiving any promotional communications as described below under Section 5 (Your Choices).


If you sign up to our newsletter, we will use your email address to send you regular updates about our promotions, events, products and services.

3rd Party Analytics software

We use the following 3rd Party software to measure and evaluate access to and traffic on our Site, and create user navigation reports for our administrators:

  • Google Tag Manager
  • Google Analytics
  • Google Ads
  • Hubspot
  • LinkedIn
  • Jabmo

These 3rd party software operate independently from us and have their own privacy policies, that we encourage you to review.

4. To whom we disclose information

Except as described in this policy, we will not intentionally disclose the personal data that we collect or store to third parties without the consent of the applicable Customer, User or Visitor. We may disclose information as set out below:


Statistics about Visitors.

Users (or Customers when there are no Users)

This can be statistics, but also information connected to the Visitor’s IP-address, phone number and sometimes voice recording which means that the information may refer to a specific individual whereby all the information becomes personal data.

Service Providers

Freespee works with third party service providers who provide hosting, maintenance, call transcription and other services to us. These third parties may have access to, or process personal data as part of providing those services to us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information and to only process it as instructed by us. 

Law enforcement and legal process

We may disclose personal data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws or regulations.

We also reserve the right to disclose personal data and other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property or safety of others.

5. Your choices

If a Visitor declines to share certain personal data, e.g. by blocking cookies in a web browser, Freespee may not be able to provide some of the features and functionality of the Service.

Access, correction, deletion

An individual who wants to access, amend or delete any personal data that Freespee holds about them, or to withdraw a consent for further processing, may contact us as set forth in the “Contact Us” section.

Freespee has no direct relationship with the User, Visitor or other third parties whose personal data it may process on behalf of a Customer or User. Such individuals should direct their queries to the Customer or User they deal with directly. If the Customer requests Freespee to delete personal data, we will respond to its request within 30 days. We will delete, amend or block access to any personal data that we are storing only if we receive a written request to do so from the Controller of such data (as defined in section 9), and unless we have a legal right to retain such personal data. Any such request should be addressed as indicated in the “How to Contact Us” section, and include sufficient information for Freespee to identify the Customer, User or Visitor and indication about the information to delete or amend.

Freespee reserves the right to retain a copy of such data to defend our rights in litigation.

Opting out from commercial communications

If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section. You can also contact us at this address to amend or delete your personal data.

6. Third-party services

The Site or Service may contain features, add-ons or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Site or Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Site or Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

7. Cookies

A cookie is a small file sent from a website to your device – for example a computer, smartphone or tablet. Cookies are automatically saved on your device and can be used for different reasons. Some cookies are for example used for gathering information about you and some are used to enhance the performance of the Service or Site.

The following cookies are used:

Cookies used on the Site

Freespee Cookies used on the Site

Name Purpose Value Duration
AWSELBMap a session to the correct server instance.n/aExpires immediately
__fs_dncs_exttrackIndicate if the visitor can see unique phone numbers or share the phone number with others under some circumstances.1 or 01 year
__fs_dncs_sessionidConnect multiple page views to one browsing session of a particular visitorFreespee session ID30 minutes
__fs_dncs_trackingidBind together multiple browsing sessions of a particular visitor.Freespee longer-lived visitor ID1 year
__fs_uidConnect browsing sessions across different sites.Freespee unique user ID1 year


Third Party Cookies used on the Site

Name ProviderPurpose Duration
__aza-permJabmo (formerly Azalead)Check cookie permission and preferences1 year
__cfduidHubSpotCookie associated with sites using CloudFlare, used to speed up page load times.7 days
__fbpFacebookTrack our advertising campaigns3 months
__gaGoogle AnalyticsDistinguish users2 years
__gatGoogle AnalyticsThrottle request rate1 minute
__gcl_auGoogle AnalyticsExperiment advertisement efficiency3 months
__gidGoogle AnalyticsDistinguish users24 hours
__hs_opt_outHubSpotRemember not to ask the visitor to accept cookies again13 months
__hsscHubSpotKeep track of sessions30 minutes
__hssrcHubSpotDetermine if the visitor has restarted their browserEnd of session
__hstcHubSpotTracking visitors13 months
hubspotutkHubSpotKeep track of a visitor’s identity13 months


Cookies used to provide the Service

Name Purpose Value Duration
__fs_dncs_exttrackIndicate if the visitor can see unique phone numbers or share the phone number with others under some circumstances.1 or 01 year
__fs_dncs_sessionidConnect multiple page views to one browsing session of a particular visitorFreespee session ID30 minutes
__fs_dncs_trackingidBind together multiple browsing sessions of a particular visitor.Freespee longer-lived visitor ID1 year

8. Data security

We follow GDPR and generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, and we also employ application-layer security features to further protect personal data.

If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law.

9. Data controller and data processor

The Customer shall always make clear to its Visitors and Users that Freespee is the provider of the Service and that Freespee will process personal data in accordance with this policy.

The responsibilities in relation to personal data are set out in General Data Protection Regulation (GDPR) (EU) 2016/679 (the “Regulation”). If the Regulation is not applicable in the Customer’s, User’s or Visitor’s territory or parts thereof, then the Customer must inform Freespee and their respective responsibilities in relation to data processing must be set out in a separate appendix to the Agreement. The responsibilities for processing of personal data will, as between the parties, be as set out below regardless of responsibility towards data subjects and authorities in deviating local legislation.

Under the Regulation, the entity that determines the purposes and the means of the processing of personal data is considered the controller of personal data and is primarily responsible for complying with the Regulation. A party that processes personal data on behalf of the controller is considered the processor or processing agent.

Freespee will be a controller of personal data it may collect about individuals browsing the Site. In relation to the Service, Freespee will always be a processor.

The implementation of the Service will determine whether the Customer is considered the controller, and Freespee its processor, or whether the User is the controller and both the Customer and Freespee its processors. This shall be clarified by the Customer in each User Agreement and the following shall apply:

The Customer as controller

The Customer will be the controller in cases where it has decided on its own to implement the Service and also determines how the Service will be used and what data will be made available to a User, if any. This could be the case if the Customer owns the Response Numbers and there are no Users, or if the Customer has decided to track how many calls are made from its website to its listed resellers, who are then the owners of the Response Numbers and thereby the Users.

The User as controller

A User will be the controller in cases where it is up to the User to make an active choice to implement the Service to track Visitors, and where the User can determine what data to collect and access it freely. This could be the case if the Customer operates an online marketplace where the advertisers can decide that they want to use the Service in relation to their ads to track Visitors that are potential buyers.

Freespee as processor

Freespee will be the processor of personal data on either the Customer’s or the User’s behalf (as a subprocessor of the Customer if on the User’s behalf). Freespee will (i) keep the personal data collected through the Service confidential and only process such data for the purpose of the Service, (ii) implement appropriate technical and organizational measures needed to protect personal data from unauthorized access, destruction or distortion, and (iii) in all other aspects act in accordance with the Regulation as locally implemented.

10. Data retention

Freespee shall be entitled to keep all data collected for billing purposes or for other purposes permitted under applicable law for the term set forth in said applicable laws.

Pursuant to Directive 2006/24/EC of the European Parliament and of the Council, Freespee is obliged to retain certain data that arises in telephone traffic communications for six months to be used by law enforcement authorities. Such data relates to who communicated with whom, when it occurred, the identity of the communicating persons and what type of communication was used (eg SMS or phone call).

With the exception of the above, Freespee will delete all traffic data when it is no longer needed to transfer an electronic message and all other personal data when it is no longer necessary for the purpose for which it was collected, unless Freespee needs to keep the data longer in order to comply with its legal obligations, resolve a dispute or enforce an agreement.

In certain situations, Freespee may also continue to process such data after making it anonymous (by removing all information that can link the data to an individual) in order to improve the Service.

11. Cross border data transfer

Freespee processes and stores personal data collected through the Service in centralized databases located in the European Union. If a Customer or User is located outside the European Union Freespee may also transfer the data to such location. It is up to the controller of the personal data, as defined in section 9, to obtain explicit consent from all Visitors and other data subjects to such cross border transfers.

12. Contact us

Our Data Protection Officer is Stephanie Toubol-Lazarus. If you have any questions about this policy or our processing of personal data, please send us an email at or a letter to Freespee AB, Dragarbrunnsgatan 78C, 753 20 Uppsala, Attn: Data Protection Officer.