Data Processing Agreement (DPA) for Recrak.com Last updated: January 7, 2025

This Data Processing Agreement ("DPA") is an integral part of the Terms of Service ("Agreement") between ("Customer," "you," "your") and Recrak.com ("the Software," "Processor," "we," "our," "us"). This DPA governs the processing of personal data that we perform on behalf of the Customer in connection with the provision of the Software, ensuring compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Definitions

• Data Controller: The entity that determines the purposes and means of processing personal data.

• Data Processor: The entity that processes personal data on behalf of the Data Controller.

• Data Subject: Any identified or identifiable individual whose personal data is processed.

• Personal Data: Any information relating to an identified or identifiable individual.

• Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or erasure.

• Sub-Processor: Any third party engaged by the Processor to process personal data on behalf of the Customer.

2. Roles and Responsibilities

• Customer as Data Controller: The Customer acts as the Data Controller for all personal data processed using the Software. The Customer determines the purposes and legal basis for processing and ensures compliance with applicable data protection laws.

• Recrak.com as Data Processor: Recrak.com acts as the Data Processor, processing personal data only as instructed by the Customer and in compliance with this DPA.

3. Scope of Data Processing

Recrak.com processes the following types of personal data on behalf of the Customer:

• End-user data: Names, email addresses, reviews, feedback, video testimonials, and other information submitted through review requests or landing pages.

• Customer data: Names, email addresses, contact information, login credentials, and business-related data.

• Usage data: IP addresses, device information, and data related to the use of the Software.

The scope of data processing may vary depending on the Customer’s use of the Software, and changes will be communicated promptly.

4. Purpose of Processing

Personal data is processed for the following purposes:

• Aggregating and managing reviews from third-party platforms (e.g., Google, Facebook).

• Automating responses to reviews via artificial intelligence.

• Running review request campaigns and analyzing feedback.

• Sharing reviews through widgets and social media platforms.

• Performing analytics for reputation management and improving services.

5. Duration of Processing

Processing will continue for the duration of the Agreement unless otherwise requested by the Customer or required by law.

6. Processor Obligations

Recrak.com agrees to:

• Process data only under instructions: We will process personal data solely based on the Customer’s documented instructions.

• Ensure confidentiality: Employees and contractors involved in data processing will be bound by confidentiality agreements.

• Implement robust security measures: Appropriate technical and organizational measures will protect personal data from unauthorized access, loss, or alteration.

• Assist the Customer: We will assist in fulfilling obligations related to data subject requests, impact assessments, and legal compliance.

• Notify in case of a breach: In the event of a personal data breach, we will notify the Customer without undue delay, providing details and assistance as required.

7. Customer Obligations

The Customer agrees to:

• Provide lawful instructions: Ensure all instructions comply with applicable laws.

• Inform data subjects: Provide necessary privacy notices and obtain required consents where applicable.

• Ensure legal basis for processing: Establish a valid legal basis for processing personal data.

• Respond to data subject requests: Handle requests related to data access, correction, or deletion, with our assistance if necessary.

8. Sub-Processors

Recrak.com may use Sub-Processors to fulfill its obligations. We will:

• Ensure Sub-Processors offer the same level of data protection as outlined in this DPA.

• Notify the Customer of any intended changes to Sub-Processors and allow objections where justified.

• Remain fully liable for Sub-Processor activities.

A list of Sub-Processors is available upon request.

9. International Data Transfers

Recrak.com may transfer personal data outside the European Economic Area (EEA) or other regions with differing data protection laws. Where such transfers occur, we will implement appropriate safeguards, such as Standard Contractual Clauses (SCCs).

10. Security Measures

We employ measures such as:

• Encryption during data transmission.

• Restricted access controls.

• Regular security audits and assessments.

• Comprehensive incident response plans.

11. Data Subject Rights

Recrak.com will assist the Customer in ensuring compliance with data subject rights, including:

• Accessing, correcting, or deleting personal data.

• Restricting or objecting to data processing.

• Obtaining data portability where applicable.

Requests received directly from data subjects will be forwarded to the Customer for action.

12. Data Retention and Deletion

Upon termination of the Agreement, we will:

• Return or delete all personal data, based on the Customer’s instructions, unless retention is required by law.

13. Audit Rights

The Customer may request audits of Recrak.com’s data processing activities. Audits will be conducted with reasonable notice and at the Customer’s expense.

14. Liability

Liability under this DPA is subject to the limitations set out in the Agreement, except where prohibited by applicable laws.

15. Governing Law

This DPA is governed by the laws of the Province of Quebec, Canada, and any disputes shall be resolved in accordance with these laws.

16. Termination

This DPA remains effective as long as Recrak.com processes personal data on behalf of the Customer. Its provisions survive termination of the Agreement until data is deleted or returned.

17. Contact Information

For questions or concerns, contact us at: info@recrak.com.