Callbox Compliance Policy

Document No.: CB-BPM-001-004

Callbox offers lead generation, appointment setting, and data services to businesses that market and sell to other businesses. Callbox makes it a priority to stay committed to and conduct its business activities lawfully and in a manner that is consistent with its compliance obligations.

In this compliance policy, “Callbox”, “we”, “us”, and “our” refer to Callbox, Inc., a US-based registered corporation.

Callbox, its officers, and employees will observe appropriate behavior as they carry out their work so that it reflects this compliance policy.

This policy is designed to ensure the company remains compliant with applicable laws and regulations governing the Callbox Services at all times.

The purpose of this policy is to protect the interests of all of our clients and their customers, as well as Callbox’s own goodwill and reputation.

CAN-SPAM Act of 2003

The CAN-SPAM Act is a law that sets the rules for commercial emails, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.

The CAN-SPAM Act pertains to all commercial messages including email that promotes content on commercial websites.

Callbox ensures that we always remain in compliance with the CAN-SPAM Act requirements:

  1. Our emails do not use any false or misleading header information. We make sure that the recipients know who they are communicating with and only provide accurate information on the person or business interacting with them.
  2. Callbox does not use misleading or deceptive subject lines. The intentions of the email are all accurately stated in the subject line.
  3. Advertisements are clearly disclosed in all Callbox emails so as to make the customer aware of them right away.
  4. Our emails include valid physical postal addresses so intended recipients are aware of the sender’s location.
  5. All our advertisement-centered emails include clear and comprehensive explanations of how the recipient can opt-out of getting emails of this nature in the future. We provide return email addresses as well as other easy internet-based ways to allow recipients to relay their concerns and choices with us.
  6. We do not delay any opt-out requests. Callbox honors every opt-out request within 10 business days without charge.
  7. Callbox holds itself as well as any company or business working with them responsible for handling email marketing. We closely monitor the emails being sent out, ensuring that they are all complying with the CAN-SPAM act.

Telephone Consumer Protection Act of 1991

This act is to ensure the regulation of telemarketing calls, auto-dialed calls, pre-recorded calls (ROBO CALLS), text messages, and unsolicited faxes as this was implemented by the Federal Communications Commission (FCC).

Callbox complies with the TCPA act and protects its customers and clients

  1. We do not make outbound calls to residences before 8 a.m. or after 9 p.m., local time.
  2. Callbox maintains a company-specific “do-not-call” (DNC) list of consumers who ask not to be called. We honor DNC requests for 5 years.
  3. We honor the National Do Not Call Registry.
  4. Callbox calling agents and Sales Development Representatives are required to provide their name, the name of the person or entity on whose behalf the call is being made, and a telephone number or address where that person or entity may be contacted.
  5. We do not use an artificial voice or a recording
  6. We do not make calls using automated telephone equipment, artificial or prerecorded voice to an emergency line (e.g., “911”), a hospital emergency number, a physician’s office, a hospital/health care facility/elderly room, a cellular telephone, or any service for which the recipient is charged for the call.
  7. We do not make automated calls that engage two or more lines of a multi-line business.
  8. We do not offer use or send advertising fax services.

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) is a bill intended to enhance privacy rights and consumer protection for residents of California, United States. In accordance with this act, Callbox assures its consumers that we uphold the following:

  1. Our privacy policy contains information on how, why and what personal information we collect and process.
  2. Our privacy policy contains information on how our users can request access, change, or remove their personal data that we have collected.
  3. Introducing a method for our process of verification of the identity of the person making such requests would prompt the necessary updates accordingly.
  4. We ensure that all web properties created and used for our campaigns have a “Do Not Sell My Personal Information” link so that users can prohibit the selling of their personal data.
  5. We do not buy, sell, store, or use personal data of minors 13 to 16 years old.

PDPA (SG Personal Data Protection Act)

Callbox ensures that our operations are in strict compliance with the PDPA, an act that establishes a general data protection regime that is comprised of the following nine data protection obligations that are imposed on organizations:

  1. Consent Obligation – An organization must obtain the consent of the individual before collecting, using, or disclosing his personal data for a purpose.
  2. Purpose Limitation Obligation – An organization may collect, use or disclose personal data about an individual only for purposes that a reasonable person would consider appropriate in the circumstances and, if applicable, have been notified to the individual concerned.
  3. Notification Obligation – An organization must notify the individual of the purpose(s) for which it intends to collect, use or disclose the individual’s personal data on or before such collection, use, or disclosure of the personal data.
  4. Access and Correction Obligation – Organizations must, upon request, (a) provide an individual with his or her personal data in the possession or under the control of the organization and information about the ways in which the personal data may have been used or disclosed during the past year; and (b) correct an error or omission in an individual’s personal data that is in the possession or under the control of the organization.
  5. Accuracy Obligation – An organization must make a reasonable effort to ensure that personal data collected by or on behalf of the organization is accurate and complete if the personal data is likely to be used by the organization to make a decision that affects the individual concerned or disclosed by the organization.
  6. Protection Obligation – The organization must protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks.
  7. Retention Obligation – Organizations must cease to retain documents containing personal data or remove the means by which the personal data can be associated with particular individuals as soon as it is reasonable to assume that (a) the purpose for which the personal data was collected is no longer being served by retention of the personal data, and (b) retention is no longer necessary for legal or business purposes.
  8. Transfer Limitation Obligation – An organization must not transfer personal data to a country or territory outside Singapore except in accordance with the requirements prescribed under the PDPA.
  9. Openness Obligation – An organization must implement the necessary policies and procedures in order to meet its obligations under the PDPA and shall make information about its policies and procedures publicly available.

Australia’s Communications and Media Authority (ACMA)

Abiding by Australia’s Communications and Media Authority’s (ACMA) guidelines, Callbox is dedicated to protecting your prospects from getting unwanted calls and faxes that are already registered in your Do Not Call Register database. This way, we also make sure that our database is continuously up to date.

Do Not Call Register rules we follow:

  1. Callbox makes sure that they only receive calls at certain times of the day.
  2. We tell them our names and other additional information that is relevant.
  3. All callers must tell you why they are calling off the bat.
  4. We are obliged to end the call if asked when indicating they don’t wish to continue the conversation.
  5. Have caller ID displaying a return number for them to use to get more information.

On any occasion where we call them to promote or advertise instead of selling, we will still follow these rules for their protection.

Callbox also makes it a top priority to make sure that your prospects will only receive telemarketing calls from 9am to 8pm on Monday to Friday, 9am to 5pm on Saturdays, and no calls on Sundays and national public holidays.

Callbox’s Commitment to Data Security, Protection, and GDPR Compliance

Callbox has committed to compliance with the GDPR and our services already include the functionality necessary for our operations and processes to comply. We have examined the relevant provisions of the GDPR that pertain to the data we keep and we are closely tracking additional applicable GDPR guidance being issued.

Steps taken concerning our contact database:

  1. Callbox has appointed a Data Protection Officer assigned the task of securing data and compliance with the GDPR guidelines.
  2. Callbox has implemented appropriate technical and organizational measures to ensure a level of security appropriate required by the GDPR.
  3. Since our target markets are North America and the Asia-Pacific, Callbox is not actively collecting any personal data on EU-member country residents. This is our assurance to clients that any data we provide them will not expose them to any risk of any GDPR penalties.
  4. To further guarantee compliance, we have searched our records for possible EU-member residents on our contact database based on the country they are in and we have removed their personal information which mainly consisted only of their company email address. Although these are company-assigned email addresses, they contained first and last name data which directly pointed to a specific data subject.
  5. Unique client-supplied data will only be used for that specific client’s campaign and is afterward removed from Callbox’s database after the campaign. Callbox will require assurance from the Client that any data turned over to Callbox is GDPR compliant.

Use of Social Media Platforms

Callbox also makes use of social media platforms to provide our services and directly communicate with consumers. Regardless of whether we use our own website or external platform, Callbox makes sure that we comply with all of the following security policies:

  1. Compliance – Callbox takes extra steps to ensure that we comply with the terms and agreement of every social media platform we utilize to interact with the consumers.
  2. Copyright – All of the content posted and/or shared on every social media platform we utilize is original and does not commit copyright infringement.
  3. Privacy – Protecting the consumer’s privacy is our priority here at Callbox. We do not obtain, collect, nor store any unsolicited private information from any public posts or private messages.
  4. Confidentiality – Any and every information that the consumer entrusts to share with us stays strictly confidential. We make sure that all the information shared across communications stays secure.

Email Marketing Compliance

At Callbox, it is important to us that our email campaigns strictly adhere to the right Terms of Use and other antispam requirements. With this, in all emails that Callbox sends out on behalf of its client, recipients will be able to opt out of receiving marketing messages by either of the following means:

  1. Opt-out/Unsubscribe through the “unsubscribe” or “opt-out” link in the email.
  2. Request their data to be deleted (On-demand).

Sample Opt-out & On-Demand Deletion Request Language below:

“Click [here] if you’d like to opt-out of future emails from us. Email [alias@] if you would like us to delete your data (form responses and email). Please allow up to [n] days for us to process your request.”

Callbox will continue to diligently comply with the aforementioned requests as soon as reasonably practicable

Data Collection

  1. Who We Are
    Callbox Inc. (“Callbox”) is a Business Process Outsourcing (BPO) company that provides global B2B lead generation, sales enablement, and marketing services.
    Legal Name: Callbox Inc.
    Contact for Data Protection: privacy@callboxinc.com
    We collect and process publicly available professional information strictly for business purposes.
  2. What Data We Collect
    • We only collect publicly available professional business data, such as:
      • Full name
      • Job title or role
      • Company name
      • Company industry or sector
      • Company website or LinkedIn page
      • Corporate email address
      • Business phone number
      • Office or company address
      • Public professional profile links (e.g., LinkedIn)
    • We do not collect or process the following:
      • Personal email accounts (Gmail, Yahoo, Hotmail, etc.)
      • Personal mobile numbers or home phone numbers
      • Residential or private addresses
      • Social media usernames or personal content
      • Financial, medical, or biometric data
      • Political, religious, lifestyle, or sensitive personal information
      • Data relating to minors
  3. Why We Collect This Data (Purpose of Use)
    • Callbox processes professional business information to:
      • Identify potential B2B buyers, partners, stakeholders, or decision-makers
      • Facilitate business introductions and professional outreach
      • Enrich, verify, or update business contact records
      • Provide lead generation and sales enablement services
      • Communicate with individuals in their corporate or commercial capacity
    • We do not use this information for consumer marketing or personal profiling.
  4. Lawful Basis for Processing
    Callbox processes publicly available business data based on one or more lawful grounds:

    • Contractual Necessity: Fulfilling services under client agreements
    • Consent: When individuals provide their information voluntarily (forms, event sign-ups, webinars)
    • Legal Compliance: When required by applicable laws or authorities
  5. Who We Share Data With
    • Professional contact data may be shared with:
      • Callbox clients who have contracted our services for B2B outreach
    • We do not:
      • Resell or trade collected data
      • Share data with unauthorized third parties
      • Use collected data for purposes outside of our services
  6. Data Retention
    • We retain business data only for as long as necessary to:
      • Deliver services to our clients
      • Maintain valid business records
      • Comply with contracts, regulations, or legal retention requirements
    • When the purpose expires, data is:
      • Deleted
      • Anonymized, or
      • Securely archived according to our retention and disposal policy.
  7. Your Rights as a Data Subject
    Depending on your jurisdiction, you may request:

    • Access to your data
    • Correction of inaccurate or outdated information
    • Deletion (right to erasure), where legally permitted
    • Restriction or objection to the processing of your data
    • Opt-out from future communications