Data Processing Agreement (DPA)
This Data Processing Agreement (“Agreement”) is made between Human Design Technologies Ltd. (“Data Processor”) and the User of Bodygraph Chart Application (“Data Controller”).
- Purpose of Processing: The Data Processor is tasked with processing specific personal data, which includes names, email addresses, and detailed birth information (year, month, day, time, and location) belonging to both the Data Controller and its clients. These clients are identified as individuals who visit the Data Controller’s website and interact with the embedded Bodygraph Chart Application features. The exclusive objective of this data processing is to generate Charts and Reading Reports. Additionally, the Data Processor is responsible for offering essential support related to the Bodygraph Chart Application.
- Types of Data Processed: The personal data to be processed includes:
- First and Last Name
- Email Address1
- Birth Data: Year, Month, Day, Time, Location
- Processing Activities: The Data Processor will showcase the clients’ information on a Statistics Dashboard, which is a feature within the Bodygraph Chart Application, specifically for access by the Data Controller. This information will be retained and stored for a duration of 90 days.
- Data Security: The Data Processor have implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to encryption of personal data. Further measures may include regular security assessments, staff training, and incident response protocols.
- Use of Subprocessors: The Data Processor uses Stripe for processing payment transactions. Stripe will handle bank card details in accordance with their privacy and security measures.
- Rights of Data Subjects: The Data Processor shall assist the Data Controller in ensuring the fulfillment of the rights of the data subjects (right to access, rectify, erase, object, etc.) as per applicable data protection laws.
- Term and Termination: This Agreement shall remain in effect until the termination of the Bodygraph Chart Membership by the Data Controller. Upon termination, the Data Processor shall delete or return all personal data to the Data Controller, unless legally required to store the data.
- Jurisdiction: This Agreement shall be governed by the laws of England, UK.
By using the Bodygraph Chart Application, the Data Controller agrees to the terms set forth in this Data Processing Agreement.
Human Design Technologies Ltd.
Updated Date: 05 Dec 2023