This Data Processing Addendum (“DPA“) is incorporated into the Terms of Service between Aggero Technologies Ltd. (“Aggero”, “we”, “us”, or “our”) and the user of our Services (“Customer”, “you”). This DPA reflects the parties’ agreement with respect to the processing of Personal Data in connection with Aggero’s Services, in accordance with applicable Data Protection Laws.
1. Definitions
“Data Protection Laws”: All applicable data privacy and protection laws including the EU General Data Protection Regulation 2016/679 (“GDPR”), the UK GDPR, the California Consumer Privacy Act (“CCPA”), and any applicable data protection laws and regulations in other jurisdictions.
“Personal Data”: Any information that relates to an identified or identifiable individual, as defined by applicable Data Protection Laws.
“Processing”, “Controller”, “Processor”, and “Data Subject”: Shall have the meanings given to them under GDPR.
“Sub-Processor”: Any third party engaged by Aggero to process Personal Data on behalf of the Customer.
2. Roles of the Parties
- When you (the Customer) upload or input campaign data into Aggero’s platform that may contain Personal Data, you are the Controller, and Aggero acts as your Processor.
- For the personal data that Aggero collects for its own purposes (e.g., Stripe payment data like name and email), Aggero is the Controller.
3. Purpose and Scope of Processing
Aggero will process Personal Data:
- Solely for the purpose of providing the agreed-upon Services (analytics, reporting, campaign management tools)
- In accordance with the Customer’s documented instructions
- For the duration necessary to provide the Services or as required by law
4. Sub-Processing
Aggero may use the following categories of Sub-Processors:
- Payment Processor: Stripe (billing and subscription data)
- Hosting Provider: Cloud infrastructure providers (e.g., AWS, GCP, Azure)
- Analytics Tools: For product analytics and diagnostics
Aggero shall:
- Enter into appropriate data protection agreements with Sub-Processors
- Notify the Customer of any intended changes concerning Sub-Processors, giving them the opportunity to object
5. Security
Aggero shall implement and maintain:
- Encryption at rest and in transit
- Access controls and audit logging
- Role-based user access
- Backup and recovery measures
- Regular security reviews and penetration testing
6. Data Subject Rights
Aggero shall:
- Assist the Customer in responding to requests from Data Subjects under applicable Data Protection Laws (e.g., right of access, correction, deletion)
- Redirect any such requests it receives directly from Data Subjects to the Customer unless otherwise instructed
7. Data Transfers
Where Personal Data originating from the EEA, UK, or Switzerland is transferred to a country not recognized as providing an adequate level of protection:
- Aggero shall ensure such transfers are covered by Standard Contractual Clauses (SCCs) or other valid transfer mechanisms
8. Data Retention and Deletion
Upon termination of the Services or at the Customer’s request:
- Aggero shall delete or return all Personal Data unless legal obligations require retention
- Residual copies may exist in backups for a limited period, after which they are securely deleted
9. Audits
- Upon reasonable request, Aggero will make available relevant information to demonstrate compliance
- The Customer may conduct audits, subject to reasonable notice and confidentiality
10. Liability
- Each party’s liability under this DPA shall be subject to the limitations and exclusions of liability set out in the Terms of Service.
11. Miscellaneous
- This DPA shall remain in effect as long as Aggero processes Personal Data on behalf of the Customer.
- In case of conflict between this DPA and the Terms of Service, this DPA shall prevail with respect to data protection matters.
12. Contact
For questions about this DPA, please contact: privacy@aggero.io
Execution
By using Aggero’s Services, the Customer accepts and agrees to this Data Processing Addendum as part of the contractual relationship governed by the Terms of Service.
