Lac 3 · La Goulette · Tunis · contact@polycall.tn · +216 58 554 061
🇫🇷 FR 🇬🇧 EN 🇩🇪 DE
Let's talk
PolyCall · Trust · Security

Your data is a sacred trust, not an asset.

Triple ISO-certified, GDPR-compliant, audited annually. Security at PolyCall isn't a document in a drawer — it's a living process, measured and continuously improved.

ISO · GDPR · 27001
01 · GDPR

GDPR compliance.

Not a PDF pulled off the internet — an operational, verifiable compliance programme.

Designated DPO

Data Protection Officer appointed, directly reachable (contact@polycall.tn).

Up-to-date processing register

Maintained in French and English, updated for every new processing activity, shared with clients on request.

Processor clause · Article 28

Standard contractual annex compliant with GDPR Article 28: purposes, duration, technical and organisational measures.

Right to access, rectify, erase

Documented operational procedure, 30-day response window, exercised through agent tools.

Mandatory GDPR training · all agents

Dedicated BYRSA module, quiz validation, annual refresh — completion rate tracked monthly.

02 · ISO

Triple ISO certification.

ISO9001 : 2015

Quality management

Process approach, customer satisfaction, continuous improvement. The mother standard of quality systems.

ISO18295-1 / 18295-2

Customer contact centres

Operational requirements specific to contact centres: training, service quality, client relationship.

ISO27001 (in progress)

Information security

Audit process underway for IT security certification. Technical measures already in place.

Quarterly internal audits  ·  annual certification audit by accredited body  ·  see Certifications page →
03 · Tech

Technical security.

Documented, tested, audited technical and organisational measures.

Certified datacenter

Infrastructure hosted by a Tier III–certified operator, with redundant power and cooling.

End-to-end encryption

TLS 1.3 for data in transit, AES-256 for data at rest. No client data stored in clear.

Role-based access (RBAC)

Each agent sees only what their role requires. Principle of least privilege enforced.

Audit trail · logging

All client-data accesses are logged, retained 12 months, exploitable in case of incident.

Business continuity plan (BCP)

Documented BCP, tested annually. RTO 4h, RPO 1h on critical services.

04 · Contract

Contractual commitment.

What we commit to — in writing, in the contract, from day one.

Standard NDA

Non-Disclosure Agreement signed before any data exchange — template aligned with industry practice.

Reversibility clause

Your data stays yours. Full handback in usable format at end of contract — no hidden fees.

SLA · 24h incident notification

In case of a security incident, documented notification within 24 working hours. Remediation plan within 72h.

Compliance report on demand

Annual summary of controls, incidents and corrective actions — available at any time to the client.

Request our compliance pack.

A full PDF: processing register (extract), business continuity plan, technical measures, latest ISO audit. Delivered within 48h after NDA signature.

Request the pack →