This DPA forms part of the Terms & Conditions between you (“Customer”) and HarryApp EU s.r.o. (“Processor”).
1. Subject Matter
This DPA governs the processing of personal data by the Processor on behalf of the Customer when using the Service.
2. Roles
- The Customer is the Data Controller.
- HarryApp EU s.r.o. is the Data Processor.
3. Scope of Processing
Processor will process personal data only for:
- Providing access to and functionality of the Service
- Synchronizing and analyzing email, calendar, and contact data
- Generating AI-based assistance and automation
Processor acts only on documented instructions from the Customer.
4. Confidentiality
Processor ensures that employees and subcontractors authorized to process data are bound by confidentiality obligations.
5. Security Measures
Processor maintains appropriate technical and organizational measures, including:
- Encryption in transit
- Access controls and authentication
- Monitoring and logging
- Secure data storage
6. Subprocessors
Processor may engage subprocessors for infrastructure and operational purposes. All subprocessors are bound by obligations equivalent to this DPA.
7. Data Subject Requests
Processor assists the Customer in responding to data subject rights requests (access, deletion, correction, portability, etc.).
8. Data Breach Notification
Processor notifies the Customer without undue delay after becoming aware of a personal data breach.
9. Deletion of Data
Upon termination of the Service or at the Customer’s request, Processor will delete or return all personal data unless required by law to retain it.
10. International Transfers
Transfers outside the EU must be protected by appropriate safeguards such as Standard Contractual Clauses.
11. Audit Rights
Customer may request confirmation of compliance or security measures. Formal audits may be carried out with reasonable notice.