DPA & GDPR

    Last Updated: May 16, 2025

    Introduction#

    This Data Processing Agreement ("DPA") is entered into between Glincker LLC ("Glincker", "Processor", "we", "our") and the customer ("Controller", "you", "your") as part of our commitment to data privacy, security, and compliance. This DPA supplements our Terms of Service and governs how we process personal data on your behalf in accordance with applicable data protection laws, including the GDPR and CCPA.

    By using our services and sharing personal data with us, you agree to the terms outlined in this DPA.

    Scope and Applicability#

    This DPA applies to all personal data processed by Glincker in the course of providing services to the Controller. It governs how we collect, use, store, and protect personal information, and outlines our mutual obligations in accordance with privacy laws.

    Data Processing Details#

    • Purpose of Processing: Providing cloud-based software, analytics, hosting, support, and related services.
    • Nature of Processing: Collection, storage, transmission, deletion, and analysis of personal data.
    • Types of Data: Contact data (e.g., name, email), account data, support tickets, analytics, IP addresses, payment data.
    • Data Subjects: Customers, users, employees, or end-users of the Controller.
    • Duration: The duration of the service agreement or as required by law.

    Roles and Responsibilities#

    Controller Responsibilities#

    As the Controller, you are responsible for:

    • Determining the purpose and legal basis for processing
    • Ensuring accuracy, lawfulness, and transparency of the data
    • Providing data subject notices and obtaining valid consent
    • Complying with your obligations under data protection laws

    Processor Responsibilities#

    As the Processor, Glincker agrees to:

    • Process personal data solely in accordance with your documented instructions
    • Implement appropriate technical and organizational security measures
    • Provide assistance with data subject rights, impact assessments, and audits
    • Promptly notify you of any data breaches or unauthorized access

    Sub-Processors#

    We may engage third-party sub-processors to provide infrastructure, analytics, or other auxiliary services. A list of authorized sub-processors is maintained at www.glincker.com/subprocessors. We will notify you in advance of any changes to our sub-processor list and provide a reasonable opportunity to object.

    International Data Transfers#

    When transferring data outside the European Economic Area (EEA) or other jurisdictions with strict data transfer regulations, we rely on mechanisms such as:

    • Standard Contractual Clauses (SCCs)
    • Adequacy decisions by relevant authorities
    • Binding corporate rules, where applicable

    These measures ensure that transferred data remains protected under equivalent standards.

    Data Subject Rights#

    Glincker will assist the Controller in fulfilling data subject rights requests, including:

    • Right to access, rectify, or erase personal data
    • Right to restrict or object to processing
    • Right to data portability
    • Right to lodge a complaint with a supervisory authority

    We will promptly inform you of any requests we receive directly from data subjects.

    Security Measures#

    We maintain administrative, technical, and physical safeguards to protect personal data, including:

    • Encryption at rest and in transit
    • Role-based access control
    • Continuous vulnerability scanning and patching
    • Employee security awareness training
    • Incident monitoring and logging

    Further details can be found in our Security Policy.

    Breach Notification#

    In the event of a confirmed data breach that affects personal data, we will:

    • Notify you without undue delay
    • Provide details about the nature and scope of the breach
    • Support investigation and mitigation efforts
    • Assist with any required regulatory reporting

    Data Retention and Deletion#

    At the end of our service relationship or upon your written request, we will:

    • Return all personal data to you, or
    • Securely delete the data, unless legal obligations require retention

    You may export your data at any time through our platform or by contacting support.

    Audits and Compliance#

    You may audit our data protection practices up to once per year or in the event of a data breach. We may also provide access to documentation and third-party audit reports (e.g., SOC 2, ISO 27001) upon request.

    Term and Termination#

    This DPA remains in effect as long as we process personal data on your behalf. Termination of the main service agreement also ends this DPA, unless data retention is required by law.

    Contact#

    For inquiries related to this DPA or data privacy, please contact:

    Data Protection Officer (DPO)
    Gagan Deep Singh
    Email: [email protected]

    This DPA was last updated on May 16, 2025. For the latest version, visit www.glincker.com/legal/dpa.