Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Answell ("Processor", "we", "us") and the business customer using the Services ("Controller", "you"). This DPA applies only to the extent that we process personal data on your behalf in connection with the Services.

In the event of any conflict between this DPA and the Terms of Service regarding the processing of personal data, this DPA will prevail.

1. Roles of the Parties

For the purposes of this DPA, you act as the controller of Customer Personal Data, and Answell acts as the processor of such data on your behalf.

2. Scope of Processing

We process personal data only as necessary to provide, secure, maintain, and support the Services in accordance with your documented instructions, including as set out in the Terms of Service, your use of the Services, and your configuration of the Services.

The subject matter, nature, purpose, and duration of the processing, as well as the categories of data subjects and personal data, are described in Annex 1 to this DPA.

3. Customer Instructions and Responsibilities

You are responsible for ensuring that your use of the Services and your instructions to us comply with applicable data protection law, including that you have a valid legal basis for processing and transferring personal data to the Services.

We will inform you if, in our opinion, an instruction infringes applicable data protection law.

4. Confidentiality and Security

We will ensure that persons authorized to process personal data are subject to appropriate confidentiality obligations.

We will implement appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful access, loss, destruction, alteration, or disclosure. These measures include, as appropriate, encryption in transit, access controls, authentication safeguards, logging, and secure hosting practices.

5. Sub-processors

You grant us general authorization to use sub-processors in connection with the provision of the Services. We will maintain a current list of sub-processors and will make it available upon request or through publicly available documentation.

If we add or replace a sub-processor in a way that materially affects the processing of personal data, we will provide notice and allow you to object on reasonable data protection grounds.

We will impose data protection obligations on our sub-processors that are appropriate to the services they provide and required under applicable data protection law.

Certain optional AI-assisted features may rely on third-party AI providers. The data handling terms and processing conditions applicable to such features may differ from those applicable to the core Services or other sub-processors, depending on the feature, provider, or subscription plan used.

You are responsible for determining whether the use of optional AI-assisted features is appropriate for the personal data submitted to the Services, and you should not use such features for special categories of personal data or other highly sensitive data unless appropriate safeguards and a valid legal basis are in place.

6. Assistance

Taking into account the nature of the processing and the information available to us, we will provide reasonable assistance to you in responding to requests from data subjects and in meeting your obligations relating to security, breach notification, data protection impact assessments, and consultations with supervisory authorities where required by applicable law.

If we receive a request directly from a data subject relating to personal data processed on your behalf, we will, unless prohibited by law, forward the request to you and will not respond except on your instructions or as required by law.

7. Personal Data Breach

We will notify you without undue delay after becoming aware of a confirmed personal data breach affecting personal data processed on your behalf and will provide reasonably available information to help you meet your legal obligations.

8. International Transfers

Where we transfer personal data to a country outside the EEA, UK, or Switzerland, we will ensure that such transfer is made in accordance with applicable data protection law and subject to an appropriate transfer mechanism where required.

9. Return and Deletion

Upon termination of the Services or upon your written request, we will delete or return personal data processed on your behalf, unless applicable law requires retention.

Unless otherwise agreed, we may retain such data for up to 30 days in a limited-access recovery state before permanent deletion from active systems, subject to routine backup retention cycles.

10. Audits and Compliance Information

We will make available information reasonably necessary to demonstrate compliance with this DPA. Where reasonably required, and where such information is insufficient, you may request an audit or inspection no more than once per year on reasonable prior notice and subject to appropriate confidentiality and security safeguards.

11. Liability

Each party's liability under this DPA is subject to the exclusions and limitations of liability set out in the Terms of Service, except to the extent not permitted by applicable law.

12. Annex 1 — Details of Processing

Subject matter: Provision of the Answell customer support platform and related support, maintenance, security, and optional AI-assisted features.

Duration: For the duration of the Services and any applicable post-termination retention period.

Nature and purpose: Hosting, storing, organizing, retrieving, transmitting, analyzing, and otherwise processing personal data as necessary to provide the Services.

Categories of data subjects: Your end users, customers, leads, support contacts, employees, contractors, and other individuals whose personal data is submitted to the Services by you.

Categories of personal data: Identity and contact data, account data, communications content, support ticket data, email metadata, usage data, device and log data, and other personal data submitted to the Services by you.

If you have any questions regarding this DPA, please contact us at:

Answell
Email: [email protected]