Skip to main content

Legal · DPA

Data Processing Agreement

Last updated · May 13, 2026

Overview

This Data Processing Agreement ("DPA") forms part of the agreement between Binlogic and the customer ("Customer") for use of the Binlogic platform. It governs the processing of personal data by Binlogic on behalf of the Customer and applies whenever such processing is subject to the GDPR, UK GDPR, or comparable data protection laws.

Definitions

Capitalised terms not defined here have the meaning given to them in the GDPR. "Customer Personal Data" means personal data Binlogic processes on behalf of the Customer through the Service.

Roles

The Customer is the controller of Customer Personal Data (or, where the Customer acts as a processor for a third party, the Customer is a processor and Binlogic is a sub-processor). Binlogic processes Customer Personal Data only on documented instructions from the Customer.

Scope of processing

  • Subject matter: providing the Binlogic platform and related support.
  • Duration: the term of the underlying agreement.
  • Nature & purpose: hosting, transmitting, and processing Customer Personal Data as needed to deliver the Service.
  • Categories of data: typically business contact details of the Customer's personnel and end-users; the Customer determines what other categories are uploaded.
  • Categories of data subjects: the Customer's employees, contractors, and end-users.

Sub-processors

The Customer authorises Binlogic to engage sub-processors to deliver the Service. A list of current sub-processors is maintained and made available on request. Binlogic remains liable for the acts and omissions of its sub-processors and will give the Customer notice of new sub-processors with a reasonable opportunity to object.

Security measures

Binlogic implements appropriate technical and organisational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. See our Security page for an overview, and request the security exhibit to this DPA for the full list of controls.

Data subject rights

Binlogic provides the Customer with functionality and reasonable assistance to respond to data subject requests (access, rectification, erasure, restriction, portability, objection). Where Binlogic receives such a request directly from a data subject, it will refer them to the Customer without undue delay.

International transfers

Where Customer Personal Data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, the parties rely on the EU Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), which are incorporated into this DPA by reference.

Incident notification

Binlogic will notify the Customer without undue delay of any personal data breach affecting Customer Personal Data, and provide the information reasonably needed for the Customer to meet its own notification obligations under applicable law.

Audit rights

On reasonable written request and no more than once per year, Binlogic will make available information necessary to demonstrate compliance with this DPA, including third-party audit reports where available, subject to confidentiality obligations.

Term & deletion

This DPA applies for as long as Binlogic processes Customer Personal Data on behalf of the Customer. On termination of the underlying agreement, Binlogic will delete or return Customer Personal Data within the timeframe defined in the Privacy Policy, unless retention is required by law.

Request the executable DPA

Want a counter-signed copy with your details filled in? Email legal@binlogic.com and we'll send it over the same business day.

This page is a public summary. The signed DPA between Binlogic and the Customer is the binding instrument and takes precedence over anything written here.