Data Processing Addendum (DPA)
This Data Processing Addendum (“DPA”) forms part of the agreement between NitroBerry and its customers and governs the processing of personal data in connection with the NitroBerry platform and related services.
1. Scope
This Data Processing Addendum (“DPA”) applies where NitroBerry processes personal data on behalf of customers in connection with the NitroBerry platform and related services.
This DPA supplements the applicable customer agreement and applies to the extent required by applicable data protection laws including the General Data Protection Regulation (GDPR).
2. Roles of the Parties
- The Customer acts as the Data Controller or Processor.
- NitroBerry acts as the Data Processor.
NitroBerry processes personal data only on documented instructions from the Customer, unless required by law to process such data.
3. Processing of Personal Data
NitroBerry may process personal data for the purpose of providing the platform and related services.
The types of personal data may include:
- Names
- Email addresses
- User account details
- Workflow records
- Operational data submitted by users
The categories of data subjects may include:
- Customer employees
- Platform users
- Customer business contacts
NitroBerry will process personal data only as necessary to provide services under the agreement with the customer.
4. Security Measures
NitroBerry implements reasonable technical and organizational security measures designed to protect personal data against unauthorized access, loss, alteration, or disclosure.
These measures may include:
- Encryption in transit
- Access control and authentication
- Audit logging
- Infrastructure security controls
- Regular monitoring and security review
5. Subprocessors
NitroBerry may engage subprocessors to assist in delivering the service, including hosting providers, infrastructure providers, analytics providers, and support tools.
NitroBerry ensures that subprocessors are subject to appropriate contractual obligations to protect personal data.
6. International Data Transfers
Personal data may be transferred to and processed in countries outside the European Economic Area where NitroBerry or its subprocessors operate.
Where required, NitroBerry will implement appropriate safeguards such as standard contractual clauses or equivalent mechanisms to protect personal data.
7. Data Subject Rights
Where applicable, NitroBerry will assist customers in responding to requests from individuals exercising their data protection rights.
This may include requests for:
- Access to personal data
- Correction of inaccurate data
- Deletion of data
- Restriction of processing
- Data portability
8. Security Incidents
NitroBerry will notify customers without undue delay after becoming aware of a confirmed personal data breach affecting customer data.
NitroBerry will provide relevant information reasonably required for the customer to assess and comply with legal obligations.
9. Data Deletion
Upon termination of services or upon customer request, NitroBerry will delete or return personal data in accordance with applicable contractual terms and legal requirements.
10. Audit Rights
Customers may request reasonable information regarding NitroBerry’s security and data protection practices to demonstrate compliance with this DPA.
11. Contact
If you have questions regarding this Data Processing Addendum, please contact:
NitroBerry
Email: support@nitroberry.com