Scope
This Data Processing Agreement ("DPA") forms part of the Terms of Service between KYO Online Services Ltd ("Processor") and the Customer ("Controller") and applies whenever we process personal data on the Controller’s behalf.
Subject matter & duration
The Processor processes personal data only for the duration of the agreement and as needed to provide the service. Categories of data subjects and personal data are determined by the Controller through its use of the platform (typically business contacts: names, roles, emails, phone numbers, interaction history).
Processor obligations
We undertake to:
- process personal data only on documented instructions from the Controller
- ensure persons authorized to process data are bound by confidentiality
- implement appropriate technical and organizational security measures
- assist the Controller with data subject requests and DPIAs
- delete or return personal data at the end of the engagement
- make available information necessary to demonstrate compliance and allow audits
Sub-processors
The Controller grants general authorization for the sub-processors listed on our Sub-processors page. We impose equivalent data protection obligations on each and will give notice of intended changes, allowing a reasonable objection period.
International transfers
Personal data is hosted in the EU. Any transfer outside the EEA/UK is covered by an adequacy decision or by Standard Contractual Clauses / the UK IDTA.
Security & breaches
We maintain the measures described on our Security page and notify the Controller without undue delay after becoming aware of a personal data breach.
Requesting a signed DPA
A countersigned DPA is available on request. Email dpo@betall.app with your organization details.
Questions about this document? Contact legal@betall.app or our data protection officer at dpo@betall.app.