Data processing agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service or any other written agreement between the customer ("Data Controller") and Volcanic Labs SLU ("Data Processor"), operating PushFeedback.com.

1. Purpose and scope

This DPA governs the processing of personal data by PushFeedback.com on behalf of the customer in connection with the use of PushFeedback.com's Software as a Service (SaaS).

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Controller: The entity which determines the purposes and means of the processing of Personal Data.
• Data Processor: The entity which processes Personal Data on behalf of the Data Controller.
• Processing: Any operation performed on Personal Data.

3. Roles and responsibilities

The Data Controller is responsible for ensuring a lawful basis for collecting and processing Personal Data. The Data Processor will only process Personal Data in accordance with documented instructions from the Data Controller.

4. Confidentiality

The Data Processor shall ensure that all personnel authorized to process Personal Data are bound by confidentiality obligations and receive appropriate training on data protection.

5. Security

The Data Processor shall implement technical and organizational measures appropriate to the risk, including but not limited to encryption in transit and at rest, access controls, regular vulnerability testing, secure development practices, and audit logging. Security measures may be updated from time to time to maintain industry standards.

6. Sub-processors

The Data Processor may engage third-party sub-processors to provide parts of the SaaS infrastructure. The Data Processor maintains a current list of sub-processors and will notify customers in advance of any new sub-processors. Sub-processors are bound by agreements ensuring GDPR-compliant processing.

7. Data subject rights

The Data Processor shall assist the Data Controller in fulfilling obligations to respond to data subject requests under GDPR, including requests to access, correct, delete, or restrict Personal Data. The Data Processor will respond to reasonable requests from the Data Controller without undue delay.

8. Data breach notification

In the event of a Personal Data breach, the Data Processor shall notify the Data Controller without undue delay and in any event within 24 hours of becoming aware of the breach. The Data Processor will provide relevant information regarding the breach and cooperate with the Data Controller in investigation and mitigation.

9. Data transfers

The Data Processor may transfer Personal Data outside the EEA, provided such transfers are carried out in compliance with Chapter V of the GDPR, including through Standard Contractual Clauses or adequacy decisions. Copies of such arrangements will be made available to the Data Controller upon request.

10. Duration and termination

This DPA remains in effect for as long as PushFeedback.com processes Personal Data on behalf of the customer. Upon termination, PushFeedback.com will delete or return all Personal Data, unless legally required to retain it, and certify deletion upon request.

11. Limitation of liability and scope of agreement

The obligations and liabilities of the Data Processor under this DPA are limited to those expressly outlined in the Terms of Service or other written agreement, except as required by applicable law, including GDPR obligations.

12. Contact

Name: Volcanic Labs SLU

Address: Plaza de Galicia, Local 7, 38612, Santa Cruz de Tenerife, Spain

Email: info@techdocs.studio