Data Processing Agreement

Last updated: April 1, 2025

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Use between Socialsdev ("Processor") and the Customer ("Controller") for the provision of services that involve the processing of personal data.

This DPA applies to the extent that Socialsdev processes personal data on behalf of the Customer in connection with the Services, and such processing is subject to applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Data Subject" means an identified or identifiable natural person whose Personal Data is processed.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
  • "Sub-processor" means any third party engaged by Socialsdev to process Personal Data.
  • "Data Protection Laws" means all applicable laws relating to data protection and privacy, including GDPR.

3. Scope and Purpose of Processing

Socialsdev processes Personal Data solely for the purpose of providing the Services as described in the Terms of Use. The categories of Personal Data processed may include:

  • User account information (names, email addresses, usernames)
  • User-generated content and communications
  • Technical data (IP addresses, device information, usage logs)
  • Authentication and security data

4. Obligations of Socialsdev

As a data processor, Socialsdev agrees to:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure that persons authorized to process Personal Data are committed to confidentiality
  • Implement appropriate technical and organizational security measures
  • Assist the Controller in responding to requests from Data Subjects
  • Assist the Controller in ensuring compliance with security and breach notification obligations
  • Delete or return all Personal Data upon termination of services, at the Controller's choice
  • Make available all information necessary to demonstrate compliance with this DPA

5. Security Measures

Socialsdev implements and maintains appropriate technical and organizational security measures, including:

  • Encryption of Personal Data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security testing and vulnerability assessments
  • Incident response and disaster recovery procedures
  • Employee security training and awareness programs
  • Physical security controls for data center facilities

6. Sub-processors

The Controller authorizes Socialsdev to engage Sub-processors for the provision of the Services. Socialsdev shall:

  • Maintain a list of current Sub-processors available upon request
  • Notify the Controller of any intended changes to Sub-processors
  • Ensure Sub-processors are bound by data protection obligations
  • Remain liable for the acts and omissions of Sub-processors

7. International Data Transfers

Where Personal Data is transferred outside the European Economic Area (EEA), Socialsdev ensures that appropriate safeguards are in place in accordance with applicable Data Protection Laws, including the use of Standard Contractual Clauses approved by the European Commission or other valid transfer mechanisms.

8. Data Subject Rights

Socialsdev shall assist the Controller in fulfilling its obligations to respond to Data Subject requests, including requests for:

  • Access to Personal Data
  • Rectification of inaccurate data
  • Erasure of Personal Data
  • Restriction of processing
  • Data portability
  • Objection to processing

9. Data Breach Notification

Socialsdev shall notify the Controller without undue delay upon becoming aware of a Personal Data breach. The notification shall include all relevant details about the nature of the breach, the categories of data affected, and the measures taken or proposed to address the breach.

10. Audit Rights

Socialsdev shall make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, conducted by the Controller or an auditor mandated by the Controller, subject to reasonable notice and confidentiality requirements.

11. Term and Termination

This DPA shall remain in effect for the duration of the Services. Upon termination, Socialsdev shall, at the Controller's choice, delete or return all Personal Data and delete existing copies unless applicable law requires retention.

12. Contact

For questions about this Data Processing Agreement or data protection matters, please contact: