Legal Center

Data Processing Agreement

15 min readLast updated: Jan 7, 2026

Quick Summary

  • This DPA applies to business customers who use Glincker to process personal data on behalf of their end users.
  • You are the data controller. We act as a data processor, processing data only as instructed by you.
  • We implement appropriate technical and organizational security measures to protect your data.
  • We sign Standard Contractual Clauses (SCCs) for international data transfers outside the EEA.
  • Our subprocessors are listed in our Subprocessors page. We notify you of any changes.
  • We assist with data subject requests and notify you of any data breaches within 72 hours.

Introduction

This Data Processing Agreement ("DPA") is entered into between Glincker LLC ("Glincker", "Processor", "we", "our") and the customer ("Controller", "you", "your") as part of our commitment to data privacy, security, and compliance. This DPA supplements our Terms of Service and governs how we process personal data on your behalf in accordance with applicable data protection laws, including the GDPR and CCPA.

By using our services and sharing personal data with us, you agree to the terms outlined in this DPA.

Scope and Applicability

This DPA applies to all personal data processed by Glincker in the course of providing services to the Controller. It governs how we collect, use, store, and protect personal information, and outlines our mutual obligations in accordance with privacy laws.

Data Processing Details

  • Purpose of Processing: Providing cloud-based software, analytics, hosting, support, and related services.
  • Nature of Processing: Collection, storage, transmission, deletion, and analysis of personal data.
  • Types of Data: Contact data (e.g., name, email), account data, support tickets, analytics, IP addresses, payment data.
  • Data Subjects: Customers, users, employees, or end-users of the Controller.
  • Duration: The duration of the service agreement or as required by law.

Roles and Responsibilities

Controller Responsibilities

As the Controller, you are responsible for:

  • Determining the purpose and legal basis for processing
  • Ensuring accuracy, lawfulness, and transparency of the data
  • Providing data subject notices and obtaining valid consent
  • Complying with your obligations under data protection laws

Processor Responsibilities

As the Processor, Glincker agrees to:

  • Process personal data solely in accordance with your documented instructions
  • Implement appropriate technical and organizational security measures
  • Provide assistance with data subject rights, impact assessments, and audits
  • Promptly notify you of any data breaches or unauthorized access

Sub-Processors

We may engage third-party sub-processors to provide infrastructure, analytics, or other auxiliary services. A list of authorized sub-processors is maintained at www.glincker.com/subprocessors. We will notify you in advance of any changes to our sub-processor list and provide a reasonable opportunity to object.

International Data Transfers

When transferring data outside the European Economic Area (EEA) or other jurisdictions with strict data transfer regulations, we rely on mechanisms such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by relevant authorities
  • Binding corporate rules, where applicable

These measures ensure that transferred data remains protected under equivalent standards.

Data Subject Rights

Glincker will assist the Controller in fulfilling data subject rights requests, including:

  • Right to access, rectify, or erase personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to lodge a complaint with a supervisory authority

We will promptly inform you of any requests we receive directly from data subjects.

Security Measures

We maintain administrative, technical, and physical safeguards to protect personal data, including:

  • Encryption at rest and in transit
  • Role-based access control
  • Continuous vulnerability scanning and patching
  • Employee security awareness training
  • Incident monitoring and logging

Further details can be found in our Security Policy.

Breach Notification

In the event of a confirmed data breach that affects personal data, we will:

  • Notify you without undue delay
  • Provide details about the nature and scope of the breach
  • Support investigation and mitigation efforts
  • Assist with any required regulatory reporting

Data Retention and Deletion

At the end of our service relationship or upon your written request, we will:

  • Return all personal data to you, or
  • Securely delete the data, unless legal obligations require retention

You may export your data at any time through our platform or by contacting support.

Audits and Compliance

You may audit our data protection practices up to once per year or in the event of a data breach. We may also provide access to documentation and third-party audit reports (e.g., SOC 2, ISO 27001) upon request.

Term and Termination

This DPA remains in effect as long as we process personal data on your behalf. Termination of the main service agreement also ends this DPA, unless data retention is required by law.

Contact

For inquiries related to this DPA or data privacy, please contact:

Data Protection Officer (DPO)
Gagan Deep Singh
Email: [email protected]

This DPA was last updated on May 16, 2025. For the latest version, visit www.glincker.com/legal/dpa.

Was this page helpful?

Your feedback helps us improve our documentation.

Data Processing Agreement (DPA) | Glincker