Tidee logo Tidee Get Started Free

Data Processing Amendment

Last updated: 06/09/2024

This Data Processing Amendment ("DPA") forms part of the Terms of Service, Privacy Policy, or other agreement between Tidee ("Company", "we", "us") and the customer or end user ("Customer", "you"). It governs the processing of Personal Data in connection with your use of Tidee (the "Service").

1. Definitions

Unless otherwise defined in this DPA, all capitalized terms have the meaning set forth in the Agreement. In addition:

  • "Applicable Data Protection Law" means all worldwide data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, the GDPR.
  • "GDPR" means Regulation (EU) 2016/679 as amended and any implementing or successor legislation.
  • "Personal Data" means any information relating to an identified or identifiable natural person processed by Company on behalf of Customer in connection with the Service.
  • "Sub-processor" means any third party engaged by Company to process Personal Data on behalf of Customer.

2. Roles of the Parties

For the purposes of Applicable Data Protection Law, Customer acts as the data controller or business, and Company acts as the data processor or service provider. Each party will comply with its respective obligations under the Applicable Data Protection Law.

3. Customer Instructions

Company will process Personal Data solely on documented instructions from Customer, which include the Agreement and this DPA. Customer is responsible for ensuring that its instructions comply with Applicable Data Protection Law. Company will promptly notify Customer if it believes an instruction infringes Applicable Data Protection Law.

4. Confidentiality and Personnel

Company will ensure that its personnel engaged in processing Personal Data are informed of the confidential nature of the data, receive appropriate training, and are subject to written obligations of confidentiality. Company will take reasonable steps to ensure the reliability of any personnel who have access to Personal Data.

5. Security

Company will implement and maintain appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration, or disclosure. These measures take into account the nature of the processing and are designed to ensure a level of security appropriate to the risk.

6. Sub-processors

Customer authorizes Company to engage Sub-processors to support the delivery of the Service. Company will enter into written agreements with Sub-processors requiring protections equivalent to those in this DPA. Upon request, Company will provide Customer with a current list of Sub-processors. Customer may subscribe to updates by reaching out via our contact page.

7. International Transfers

Company may transfer Personal Data outside of the jurisdiction where it was originally collected. Any such transfers will be conducted in compliance with Applicable Data Protection Law, including, where relevant, implementation of appropriate safeguards such as the Standard Contractual Clauses or other lawful transfer mechanisms.

8. Assistance with Data Subject Requests

Taking into account the nature of the processing, Company will provide reasonable assistance to Customer, at Customer's expense, to respond to requests from individuals to exercise their rights under Applicable Data Protection Law. If Company receives a request directly from an individual, it will inform Customer without undue delay.

9. Incident Notification

Company will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Personal Data. Company will provide sufficient information to allow Customer to meet any legal obligations to notify affected individuals or authorities, taking into account the nature of the Service, the available information, and any applicable confidentiality constraints.

10. Audit Rights

Upon reasonable notice and during normal business hours, Customer may audit Company’s compliance with this DPA no more than once per year and subject to appropriate confidentiality obligations. Company may satisfy audit requests by providing certifications, audit reports, or summaries of relevant controls.

11. Return or Deletion of Data

Upon termination of the Agreement, Company will, at Customer's choice, delete or return all Personal Data processed on behalf of Customer unless Applicable Data Protection Law requires storage of the Personal Data. If Customer does not request deletion or return within thirty (30) days of termination, Company may delete the Personal Data in accordance with its data retention policies.

12. Liability

The parties’ respective liabilities arising out of or in connection with this DPA are subject to the limitations of liability set forth in the Agreement. Nothing in this DPA limits any data subject’s rights under Applicable Data Protection Law.

13. Conflict

In the event of any conflict or inconsistency between this DPA and the Agreement, this DPA will control to the extent of such conflict or inconsistency. All other terms of the Agreement remain in full force and effect.

If you have any questions about this DPA or how we process Personal Data, please contact us through our contact page.