TL;DR
- Для клиентов-агентств: определяет наши обязательства как процессора данных, обрабатываемых от их имени.
- Субпроцессоры: Vercel (хостинг) и Supabase (база данных).
- Об инцидентах с данными уведомляем в течение 72 часов.
1. Scope and roles
This Data Processing Addendum ("DPA") applies where TeamMedia LLC processes personal data on behalf of a business customer (the "Customer") in the course of providing the Services — for example when an agency shares its creators' contact details for onboarding. For such data the Customer is the controller and TeamMedia the processor. For data described in our Privacy Policy we remain the controller.
2. Subject matter, duration, nature and purpose
Processing covers the personal data the Customer submits to the Services, for the duration of the engagement, solely to provide, secure and support the contracted Services. Categories typically include names, platform usernames, contact details and engagement records of the Customer's creators and staff.
3. Processor obligations
- Process personal data only on documented instructions from the Customer, including regarding international transfers.
- Ensure persons authorized to process the data are bound by confidentiality.
- Implement the technical and organizational measures described in the Security Policy.
- Assist the Customer with data-subject requests and Articles 32–36 GDPR obligations, taking into account the nature of processing.
- Delete or return all personal data at the end of the engagement, unless law requires retention.
- Make available information necessary to demonstrate compliance and allow audits, no more than annually, with 30 days' notice and confidentiality protections.
4. Subprocessors
The Customer authorizes the following subprocessors: Vercel Inc. (application hosting, CDN, logs — EU/US), Supabase Inc. (managed PostgreSQL — region per project configuration). We will give at least 14 days' notice before adding or replacing subprocessors; the Customer may object on reasonable data-protection grounds, in which case the parties will seek a solution or the affected service may be terminated pro-rata.
5. International transfers
Where processing involves transfers outside the Customer's jurisdiction, the parties rely on adequacy decisions or the EU Standard Contractual Clauses (module 2, controller→processor), which are incorporated by reference and executed with our subprocessors.
6. Personal-data breach
We notify the Customer without undue delay and within 72 hours of becoming aware of a personal-data breach affecting Customer data, including the information reasonably required for the Customer's own notification duties.
7. Execution
This DPA is incorporated into the Terms for business customers whose engagement involves processor-type processing. A countersigned copy is available on request via [email protected].
Напишите нам — живой человек ответит в течение рабочего дня. [email protected]
Документы и политики