top of page

DPA

Salespuzzle Data Processing Agreement

1. Introduction


This Data Processing Agreement (“DPA”) forms part of the agreement between Salespuzzle Limited (“Processor”, “we”, “us”) and the Customer (“Controller”, “you”) governing the use of the Salespuzzle Service.

 

This DPA applies where we process personal data on your behalf in connection with the Service.

​

This DPA is intended to comply with the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018.


2. Definitions

  • Personal Data: any information relating to an identified or identifiable individual

  • Processing: any operation performed on Personal Data

  • Controller: the entity determining purposes and means of processing

  • Processor: the entity processing data on behalf of the Controller

  • Sub-processor: any third party engaged by the Processor

 

Terms not defined here have the meaning given in applicable data protection laws.

 

3. Roles of the Parties

  • The Customer is the Controller

  • Salespuzzle is the Processor

 

We process Personal Data only:

  • On your documented instructions

  • As necessary to provide the Service

  • As required by law

 

4. Subject Matter and Duration

  • Subject matter: Provision of the Salespuzzle SaaS platform

  • Duration: For the term of the Customer’s use of the Service

  • Nature and purpose: Storage, organisation, and processing of Customer Data

  • Categories of data subjects: As determined by the Customer (e.g. employees, clients, prospects)

  • Types of Personal Data: As uploaded by the Customer

 

5. Processor Obligations

 

We shall:

 

5.1 Process Data Lawfully
Process Personal Data only:

  • In accordance with your instructions

  • As necessary to provide the Service

 

5.2 Confidentiality
Ensure that persons authorised to process Personal Data:

  • Are subject to confidentiality obligations

 

5.3 Security
Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Access controls

  • Encryption where appropriate

  • System monitoring and logging

  • Data backup procedures

 

5.4 No Unauthorised Use
Not:

  • Sell Personal Data

  • Use Personal Data for our own purposes

  • Disclose Personal Data except as permitted under this DPA

 

6. Sub-processors

 

6.1 Authorisation
You provide general authorisation for us to engage Sub-processors.

 

6.2 Obligations
We will:

  • Ensure Sub-processors are subject to data protection obligations equivalent to this DPA

  • Remain responsible for their performance

 

6.3 List of Sub-processors
A current list of Sub-processors will be made available upon request.

 

7. International Transfers
We will not transfer Personal Data outside the UK unless:

  • Appropriate safeguards are in place, such as:

    • UK International Data Transfer Agreements (IDTAs)

    • Adequacy regulations

 

8. Assistance to the Controller
We will assist you, taking into account the nature of processing, in fulfilling your obligations under data protection law, including:


8.1 Data Subject Rights

Assistance with:

  • Access requests

  • Rectification

  • Erasure

  • Data portability

We also provide functionality within the Service to support these requests.

 

8.2 Security and Compliance
Assist with:

  • Data protection impact assessments (DPIAs)

  • Prior consultation with regulators (where required)

 

9. Personal Data Breaches
We will:

  • Notify you without undue delay after becoming aware of a personal data breach

  • Provide reasonable information to assist you in meeting your obligations

 

10. Deletion and Return of Data
Upon termination of the Service:

  • Personal Data will be deleted or returned in accordance with the Customer Terms

  • Data may remain in backup systems for a limited period (not exceeding 90 days)

 

11. Audit and Information Rights
We will:

  • Make available information necessary to demonstrate compliance

  • Allow reasonable audits, subject to:

    • Reasonable notice

    • Confidentiality obligations

    • Limiting disruption to operations

 

12. Liability
Liability under this DPA is subject to the limitations set out in the Customer Terms.

​

13. Special Category Data
The Service is not intended for the routine processing of special category data.
If you choose to process such data:

  • You are responsible for ensuring compliance with applicable laws

​

14. Governing Law
This DPA is governed by the laws of England and Wales.

bottom of page