Son güncelleme · 2026-07-01

Veri İşleme Eki

TL;DR

  • Ajans müşterileri için: onlar adına işlediğimiz veriler konusunda işleyici yükümlülüklerimizi tanımlar.
  • Alt işleyiciler: Vercel (barındırma) ve Supabase (veritabanı).
  • Veri ihlallerini 72 saat içinde bildiririz.

1. Scope and roles

This Data Processing Addendum ("DPA") applies where TeamMedia LLC processes personal data on behalf of a business customer (the "Customer") in the course of providing the Services — for example when an agency shares its creators' contact details for onboarding. For such data the Customer is the controller and TeamMedia the processor. For data described in our Privacy Policy we remain the controller.

2. Subject matter, duration, nature and purpose

Processing covers the personal data the Customer submits to the Services, for the duration of the engagement, solely to provide, secure and support the contracted Services. Categories typically include names, platform usernames, contact details and engagement records of the Customer's creators and staff.

3. Processor obligations

  • Process personal data only on documented instructions from the Customer, including regarding international transfers.
  • Ensure persons authorized to process the data are bound by confidentiality.
  • Implement the technical and organizational measures described in the Security Policy.
  • Assist the Customer with data-subject requests and Articles 32–36 GDPR obligations, taking into account the nature of processing.
  • Delete or return all personal data at the end of the engagement, unless law requires retention.
  • Make available information necessary to demonstrate compliance and allow audits, no more than annually, with 30 days' notice and confidentiality protections.

4. Subprocessors

The Customer authorizes the following subprocessors: Vercel Inc. (application hosting, CDN, logs — EU/US), Supabase Inc. (managed PostgreSQL — region per project configuration). We will give at least 14 days' notice before adding or replacing subprocessors; the Customer may object on reasonable data-protection grounds, in which case the parties will seek a solution or the affected service may be terminated pro-rata.

5. International transfers

Where processing involves transfers outside the Customer's jurisdiction, the parties rely on adequacy decisions or the EU Standard Contractual Clauses (module 2, controller→processor), which are incorporated by reference and executed with our subprocessors.

6. Personal-data breach

We notify the Customer without undue delay and within 72 hours of becoming aware of a personal-data breach affecting Customer data, including the information reasonably required for the Customer's own notification duties.

7. Execution

This DPA is incorporated into the Terms for business customers whose engagement involves processor-type processing. A countersigned copy is available on request via [email protected].

Bize yazın — bir iş günü içinde gerçek bir insan yanıtlar. [email protected]

Yasal belgeler ve politikalar