On our Impressum you can see in which countries we are registered as telecom operator including the regulatory body and our reference there. In addition to that please check out Our accreditations page to find for example our ISO27001 certification.

Please refer to our Impressum page.

As of November 1, 2024, Mixvoip employed approximately 63 full-time equivalents (FTEs) respecting local minimum wage regulation. This figure represents the combined employees of Mixvoip SA and its subsidiaries in which Mixvoip holds at least an 80% ownership stake. Outsourced consultants are excluded from this calculation.

Mixvoip conducts all operations in EUR.

Mixvoip generates over 12 million in annual revenue, including revenue from subsidiaries with at least 80% ownership.

We carry out regular audits and tests to maintain the security and compliance of our services. These include annual certifications like ISO 27001, regulatory audits, and internal vulnerability scans. For more details about our certifications and regulatory framework, please visit our accreditations page.

Whenever a legal requirement (e.g. Regulators, Law Enforcement, …) is given, Mixvoip grants matching inspection rights For customers we refer to our Terms&Conditions, section 2.4.2

Mixvoip is ISO 27001 certified, which requires us to have adequate and resilient technical infrastructure to support service continuity. As part of our certification, our technical equipment and continuity measures are reviewed and audited regularly to ensure compliance with ISO 27001 standards. This certification provides assurance that we meet internationally recognized requirements for the security, reliability, and resilience of our technical infrastructure.

Once a year, Mixvoip generates a comprehensive report on its financial health to ensure continuity of performance. This report is prepared by a committee including one external accounting firm and our CFO. It includes key metrics such as debt burden, cash reserves, projected cash flow trends, and revenue. Additionally, the report provides recommendations for maintaining financial stability and resilience. This report is reviewed by the executive committee and the board of directors to ensure adequate funding and proactive risk management.

All employees within the company are receiving internal security trainings (GDPR, ISO, …) at a regular basis. Certifications including external and internal trainings are also provided to ensure that employees are following best practices. You can find various certifications under our accreditations page.

Within DORA the Legal Entity Identifier (LEI) is being used. Please head over to our Impressum to see the LEI codes for our entities.

Please head over to our Impressum where we list the LEI for the different entities.

RZECZKOWSKI Marcin & KISTINGER Clemens 70, rue des Pres L-7333 Steinsel regulatory@mixvoip.com

Within DORA our type of services are the following, depending on the services we provide to you: - ICT project management - ICT help desk and first level support - ICT security management services - ICT, facilities and hosting services (excluding Cloud services) - Non-Cloud Data storage - Telecom carrier - Network infrastructurre - Hardware and physical devices - Software licencing (excluding SaaS) - ICT operation management - ICT Consulting - Cloud services: SaaS - Cloud services: PaaS - Cloud services: IaaS

To obtain an updated contract that complies with DORA requirements, please be informed that our updated terms and conditions are fully DORA-compliant, specifically sections 1.5.3 and 1.12.8 address these requirements. To ensure that your inventory of Mixvoip services is current, please contact our billing department at billing@mixvoip.com. They will provide you with a comprehensive contract quote listing all your existing services and service level agreements (SLAs), without modifying the duration of your contract. This quote, together with our terms and conditions, will form your contractual relationship with Mixvoip and will be fully compliant with DORA.

Yes, we rely on subcontractors for ICT service provisioning, in accordance with DORA requirements and GDPR standards. For detailed information about our subcontractors, including provisioning locations and storage details, please refer to our third-party providers.

The impact of subcontracted ICT services depends on the substitutability of the service and how it is integrated into the customer’s operations. While some services may not be easily replaced, our mission is to provide reliable and consistent services to minimize potential disruptions for our customers. You can find the information on our subcontracted ICT services here.

We categorize the substitutability of third-party ICT service providers into four levels: • Not Substitutable: The service is unique, with no comparable alternatives available. • Highly Complex Substitutability: Switching providers would require significant effort and high costs. • Medium Complexity in Terms of Substitutability: Comparable providers exist, but switching would involve extra effort and costs due to dependencies. • Easily Substitutable: The provider can be replaced easily, as there are several comparable options available in the market. These levels help us assess the potential impact on service continuity and plan accordingly to maintain reliability for our customers. These levels are used on our third party provider list.

All our ICT subcontractors are classified as Rank 2 under the DORA (Digital Operational Resilience Act) framework.

We only select subcontractors who are compliant with the DORA for our critical and important ICT services.

Yes, Mixvoip stores and processes customer data in full compliance with GDPR. This data is securely stored on servers located within the European Union, ensuring adherence to the highest standards of data protection, privacy, and security. For more information, visit our GDPR page.

Mixvoip manages its entire IT infrastructure, including installation, configuration, and operational management like backup and restore, using its own data centers and in-house personnel. While Mixvoip maintains contracts with selected external providers for limited support, such as advanced hardware replacement, these contracts do not grant access to any scoped systems, data, or processing facilities. This approach enables Mixvoip to retain full control over system access and aligns with our stringent security and compliance standards, minimizing reliance on external entities.

A formal risk governance framework is in place as part of our ISO 27001 certification and aligns with NIS2 and DORA requirements. In addition to that it is necessary to fulfill the german TKG and also SERIMA. Management has approved these policies, covering risk assessment, mitigation, monitoring, and review processes.

In line with ISO 27001 guidelines, we have systems in place to monitor and detect security incidents. These are managed by our internal Incident Management Team. Customers can provide a designated contact for incident notifications through email, ticket submission or our web panel. If a security incident occurs, we ensure the designated contact is promptly informed with all relevant details.

The Information Security Program is comprehensively documented under our ISO 27001-certified ISMS and includes policies that have been formally approved by management and communicated to all relevant parties.

The Business Continuity and resilience framework is established per ISO 27001 and further developed under NIS2 and DORA guidelines to ensure ongoing resilience, with policies for response, continuity, and regular review.

While Mixvoip does not have a formalized environmental policy with specific targets, sustainability is a key focus, and the company is committed to minimizing its environmental impact. This includes initiatives such as going paperless, offering organic refreshments, using electric vehicles, and planting trees to offset its carbon footprint. Additionally, the data centers operate with 100% green electricity, utilize free cooling, recycle biomass, and continuously monitor energy efficiency to reduce CO₂ emissions and improve sustainability.

Mixvoips and its related companies can all be identified by the VAT number and also the LEI code which can be found in our Impressum. From our perspective, adding a D-U-N-S number does not provide any additional benefits.

ISO27001 is our short term for the ISO/IEC 27001 from the International Organization for Standardization and is the world`s best-known standard for information security management systems.

NIS2 stands for “Network & Information Security Directive” which is defined in the Directive on measures for a high common level of cybersecurity across the Union from the EU.

With GDPR we refer to the General Data Protection Regulation of the EU.

DORA is the short term for the Digital Operational Resilience Act, a EU regulation.

We leverage AI to generate summaries of phone calls, ensuring compliance with GDPR while enhancing customer service. According to guidance from the BfDI, storing AI-generated summaries without recording spoken word may not require consent. Mixvoip views this as an example of data minimization and justifies the practice under legitimate interests and contractual necessity. Click here to read the full answer.