Data Processing Addendum

Last updated:

UK version. This DPA forms part of the Terms of Service.

1. Roles

Customer = Data Controller

Service provider = Data Processor

2. Processing Scope

Processor shall process personal data solely for the purpose of providing the Service. Processing is limited to:

• Subscription metadata
• Email addresses
• Entitlement identifiers
• Related operational fields

No special category data is intended to be processed.

3. Security

Processor shall implement appropriate technical and organisational measures consistent with Article 32 UK GDPR.

4. Subprocessors

Processor may appoint subprocessors subject to:

• Written contracts
• Equivalent data protection obligations

5. Data Subject Rights

Processor shall assist Controller in responding to data subject requests where applicable.

6. Breach Notification

Processor shall notify Controller without undue delay upon becoming aware of a personal data breach.

7. Deletion

Upon termination, Processor shall delete or return personal data at Controller’s choice, subject to legal obligations.