This Data Processing Agreement (“DPA”) is entered into by and between Soal (“Data Processor”) and the Customer (“Data Controller”) (collectively referred to as the “Parties”).

1. Definitions

  • 1.1. “Data Controller” refers to the party that determines the purposes and means of the processing of personal data.
  • 1.2. “Data Processor” refers to the party that processes personal data on behalf of the Data Controller.
  • 1.3. “Personal Data” refers to any information relating to an identified or identifiable natural person.
  • 1.4. “Processing” refers to any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Sub-processors

  • 2.1. The Data Processor utilizes sub-processors to aid in delivering the services, as detailed in Exhibit A.

3. Data Processing Obligations

  • 3.1. Compliance with Laws: The Data Processor commits to processing Personal Data in accordance with all applicable data protection laws, regulations, and industry standards.
  • 3.2. Confidentiality: The Data Processor ensures that any individual authorized to process Personal Data is committed to confidentiality.
  • 3.3. Security Measures: The Data Processor implements and maintains adequate technical and organizational measures to safeguard the Personal Data from unauthorized access, loss, disclosure, alteration, or destruction.
  • 3.4. Subprocessing: The Data Processor will maintain an up-to-date list of all sub-processors engaged in processing Personal Data and ensure that any sub-processor is bound by data protection obligations through a written agreement.
  • 3.5. Data Subject Rights: The Data Processor will assist the Data Controller in responding to data subject requests, including requests to access, correct, delete, or limit the processing of Personal Data.
  • 3.6. Data Breach Notification: In the event of a personal data breach, the Data Processor will promptly inform the Data Controller about the breach and provide all necessary information to assist the Data Controller in fulfilling its obligations under applicable data protection laws.

4. Data Controller Responsibilities

  • 4.1. Lawful Basis: The Data Controller ensures that it has a lawful basis for the processing of Personal Data and that the necessary permissions or authorizations have been obtained, where applicable.
  • 4.2. Instructions: The Data Controller will provide written instructions to the Data Processor regarding the processing of Personal Data. The Data Processor will not process the Personal Data for any other purpose than as directed by the Data Controller.
  • 4.3. Data Subject Rights: The Data Controller is responsible for addressing data subject requests related to the exercise of their rights under applicable data protection laws.

5. Data Transfer

  • 5.1. Data transfers to third countries or international organizations may only occur with the prior written consent of the Data Controller and in compliance with applicable data protection laws.

6. Term and Termination

  • 6.1. This DPA will remain in effect for the duration of the data processing activities or until terminated in accordance with the terms set forth herein or in the Terms of Service.

Exhibit A: List of Sub-Processors

The following sub-processors are engaged by the Data Processor for the processing of Personal Data:

  • Amazon Web Services, Inc.
  • MongoDB, Inc.
  • Snowflake Inc.
  • Algolia
Data retention policyCookie policy