Legal
Data Processing Addendum
Clear terms for how we handle and safeguard your customer data.
Welcome to CareSupport. This Data Processing Addendum, or DPA, sets out how CareSupport processes personal data on behalf of our customers. It supplements the Terms of Service and applies whenever CareSupport processes personal data as a processor for a customer who is a controller.
1. Applicability and order of precedence
This DPA applies to CareSupport services where we process personal data on behalf of a customer. In the event of a conflict between this DPA and the Terms of Service, the DPA governs only for matters relating to processing of personal data.
2. Roles of the parties
The customer acts as the data controller. CareSupport acts as the data processor. Each party will comply with applicable data protection law, including GDPR and other local laws where relevant.
3. Processing details
Purpose of processing: CareSupport processes personal data to deliver the Services, to provide support, to bill customers, to operate integrations and to meet the customer instructions documented in the order or account settings. Types of personal data: Typical categories include contact and account data, technical and device data, usage and performance metrics, and project or system data that customers upload. Specific data elements will depend on customer configuration and usage. Categories of data subjects: End users, account administrators and other individuals whose data is submitted to or generated by the Services. Processing duration: CareSupport processes personal data for the term of the customer agreement and for any additional period needed to comply with legal obligations or to exercise legal claims.
4. Subprocessors and third parties
CareSupport uses subprocessors such as cloud hosting providers, payment processors and analytics vendors to operate the Services. A current list of subprocessors is available on request. We will notify customers of material changes to the list and provide a reasonable opportunity to object where required by law.
5. Security measures
CareSupport implements reasonable technical and organizational measures to protect personal data. Measures include the following where appropriate and feasible: Encryption in transit and at rest. Access controls and role based permissions. Network and application firewalls and monitoring. Regular vulnerability scanning and security reviews. Secure development practices and change control. Logging, alerting and incident management procedures. Customers may request a summary of our security controls or a SOC type report where available.
6. International transfers
Personal data may be processed in regions where CareSupport or its subprocessors operate. For international transfers we rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses or other safeguards permitted by law.
7. Data subject rights and assistance
CareSupport will assist the customer, to the extent feasible, in responding to data subject requests such as access, correction, deletion and portability. Customers should direct requests from data subjects to their account administrators first. CareSupport will cooperate with the customer to provide required information or technical assistance.
8. Confidentiality and personnel
CareSupport requires personnel with access to customer personal data to maintain confidentiality. Access is limited to authorized staff and subcontractors who need access to provide the Services.
9. Incident response and breach notification
CareSupport maintains an incident response process. If CareSupport becomes aware of a personal data breach affecting customer data, we will notify the customer without undue delay and provide available information to support statutory reporting obligations and remediation.
10. Audits and compliance reviews
Customers may request an audit or review of CareSupport processing practices in accordance with applicable law. CareSupport will reasonably cooperate with audits. For frequent or extensive audits CareSupport may require a mutually agreed scope, reasonable notice and cost sharing.
11. Return and deletion of data
On termination of the Services CareSupport will, at the customer choice, delete or return personal data in accordance with the agreement. Where deletion is requested CareSupport will delete data within a reasonable timeframe except where retention is required by law.
12. Liability and remedies
This DPA does not modify the liability provisions of the underlying agreement except to the extent they specifically address data protection obligations.
For data processing claims parties will follow the dispute resolution and limitation rules in the main agreement.
13. Changes to this DPA
CareSupport may update this DPA from time to time. Material changes will be communicated to customers by email or through the Services and will not apply retroactively to processing prior to the effective date unless required by law.
15. Additional notes for template users
This Data Processing Addendum is a placeholder. It is not legal advice.
Consult a qualified attorney to tailor language for your jurisdiction, business model, and any regulated markets you serve.
Acknowledgement
By using CareSupport Services you acknowledge that you have read and understood this Data Processing Addendum and agree to its terms.
Legal
Data Processing Addendum
Clear terms for how we handle and safeguard your customer data.
Welcome to CareSupport. This Data Processing Addendum, or DPA, sets out how CareSupport processes personal data on behalf of our customers. It supplements the Terms of Service and applies whenever CareSupport processes personal data as a processor for a customer who is a controller.
1. Applicability and order of precedence
This DPA applies to CareSupport services where we process personal data on behalf of a customer. In the event of a conflict between this DPA and the Terms of Service, the DPA governs only for matters relating to processing of personal data.
2. Roles of the parties
The customer acts as the data controller. CareSupport acts as the data processor. Each party will comply with applicable data protection law, including GDPR and other local laws where relevant.
3. Processing details
Purpose of processing: CareSupport processes personal data to deliver the Services, to provide support, to bill customers, to operate integrations and to meet the customer instructions documented in the order or account settings. Types of personal data: Typical categories include contact and account data, technical and device data, usage and performance metrics, and project or system data that customers upload. Specific data elements will depend on customer configuration and usage. Categories of data subjects: End users, account administrators and other individuals whose data is submitted to or generated by the Services. Processing duration: CareSupport processes personal data for the term of the customer agreement and for any additional period needed to comply with legal obligations or to exercise legal claims.
4. Subprocessors and third parties
CareSupport uses subprocessors such as cloud hosting providers, payment processors and analytics vendors to operate the Services. A current list of subprocessors is available on request. We will notify customers of material changes to the list and provide a reasonable opportunity to object where required by law.
5. Security measures
CareSupport implements reasonable technical and organizational measures to protect personal data. Measures include the following where appropriate and feasible: Encryption in transit and at rest. Access controls and role based permissions. Network and application firewalls and monitoring. Regular vulnerability scanning and security reviews. Secure development practices and change control. Logging, alerting and incident management procedures. Customers may request a summary of our security controls or a SOC type report where available.
6. International transfers
Personal data may be processed in regions where CareSupport or its subprocessors operate. For international transfers we rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses or other safeguards permitted by law.
7. Data subject rights and assistance
CareSupport will assist the customer, to the extent feasible, in responding to data subject requests such as access, correction, deletion and portability. Customers should direct requests from data subjects to their account administrators first. CareSupport will cooperate with the customer to provide required information or technical assistance.
8. Confidentiality and personnel
CareSupport requires personnel with access to customer personal data to maintain confidentiality. Access is limited to authorized staff and subcontractors who need access to provide the Services.
9. Incident response and breach notification
CareSupport maintains an incident response process. If CareSupport becomes aware of a personal data breach affecting customer data, we will notify the customer without undue delay and provide available information to support statutory reporting obligations and remediation.
10. Audits and compliance reviews
Customers may request an audit or review of CareSupport processing practices in accordance with applicable law. CareSupport will reasonably cooperate with audits. For frequent or extensive audits CareSupport may require a mutually agreed scope, reasonable notice and cost sharing.
11. Return and deletion of data
On termination of the Services CareSupport will, at the customer choice, delete or return personal data in accordance with the agreement. Where deletion is requested CareSupport will delete data within a reasonable timeframe except where retention is required by law.
12. Liability and remedies
This DPA does not modify the liability provisions of the underlying agreement except to the extent they specifically address data protection obligations.
For data processing claims parties will follow the dispute resolution and limitation rules in the main agreement.
13. Changes to this DPA
CareSupport may update this DPA from time to time. Material changes will be communicated to customers by email or through the Services and will not apply retroactively to processing prior to the effective date unless required by law.
15. Additional notes for template users
This Data Processing Addendum is a placeholder. It is not legal advice.
Consult a qualified attorney to tailor language for your jurisdiction, business model, and any regulated markets you serve.
Acknowledgement
By using CareSupport Services you acknowledge that you have read and understood this Data Processing Addendum and agree to its terms.
Legal
Data Processing Addendum
Clear terms for how we handle and safeguard your customer data.
Welcome to CareSupport. This Data Processing Addendum, or DPA, sets out how CareSupport processes personal data on behalf of our customers. It supplements the Terms of Service and applies whenever CareSupport processes personal data as a processor for a customer who is a controller.
1. Applicability and order of precedence
This DPA applies to CareSupport services where we process personal data on behalf of a customer. In the event of a conflict between this DPA and the Terms of Service, the DPA governs only for matters relating to processing of personal data.
2. Roles of the parties
The customer acts as the data controller. CareSupport acts as the data processor. Each party will comply with applicable data protection law, including GDPR and other local laws where relevant.
3. Processing details
Purpose of processing: CareSupport processes personal data to deliver the Services, to provide support, to bill customers, to operate integrations and to meet the customer instructions documented in the order or account settings. Types of personal data: Typical categories include contact and account data, technical and device data, usage and performance metrics, and project or system data that customers upload. Specific data elements will depend on customer configuration and usage. Categories of data subjects: End users, account administrators and other individuals whose data is submitted to or generated by the Services. Processing duration: CareSupport processes personal data for the term of the customer agreement and for any additional period needed to comply with legal obligations or to exercise legal claims.
4. Subprocessors and third parties
CareSupport uses subprocessors such as cloud hosting providers, payment processors and analytics vendors to operate the Services. A current list of subprocessors is available on request. We will notify customers of material changes to the list and provide a reasonable opportunity to object where required by law.
5. Security measures
CareSupport implements reasonable technical and organizational measures to protect personal data. Measures include the following where appropriate and feasible: Encryption in transit and at rest. Access controls and role based permissions. Network and application firewalls and monitoring. Regular vulnerability scanning and security reviews. Secure development practices and change control. Logging, alerting and incident management procedures. Customers may request a summary of our security controls or a SOC type report where available.
6. International transfers
Personal data may be processed in regions where CareSupport or its subprocessors operate. For international transfers we rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses or other safeguards permitted by law.
7. Data subject rights and assistance
CareSupport will assist the customer, to the extent feasible, in responding to data subject requests such as access, correction, deletion and portability. Customers should direct requests from data subjects to their account administrators first. CareSupport will cooperate with the customer to provide required information or technical assistance.
8. Confidentiality and personnel
CareSupport requires personnel with access to customer personal data to maintain confidentiality. Access is limited to authorized staff and subcontractors who need access to provide the Services.
9. Incident response and breach notification
CareSupport maintains an incident response process. If CareSupport becomes aware of a personal data breach affecting customer data, we will notify the customer without undue delay and provide available information to support statutory reporting obligations and remediation.
10. Audits and compliance reviews
Customers may request an audit or review of CareSupport processing practices in accordance with applicable law. CareSupport will reasonably cooperate with audits. For frequent or extensive audits CareSupport may require a mutually agreed scope, reasonable notice and cost sharing.
11. Return and deletion of data
On termination of the Services CareSupport will, at the customer choice, delete or return personal data in accordance with the agreement. Where deletion is requested CareSupport will delete data within a reasonable timeframe except where retention is required by law.
12. Liability and remedies
This DPA does not modify the liability provisions of the underlying agreement except to the extent they specifically address data protection obligations.
For data processing claims parties will follow the dispute resolution and limitation rules in the main agreement.
13. Changes to this DPA
CareSupport may update this DPA from time to time. Material changes will be communicated to customers by email or through the Services and will not apply retroactively to processing prior to the effective date unless required by law.
15. Additional notes for template users
This Data Processing Addendum is a placeholder. It is not legal advice.
Consult a qualified attorney to tailor language for your jurisdiction, business model, and any regulated markets you serve.
Acknowledgement
By using CareSupport Services you acknowledge that you have read and understood this Data Processing Addendum and agree to its terms.