Last Updated: November 15th, 2024
This Data Processing Addendum (“DPA”) forms part of the agreement between Raklet, Inc. (“Raklet” or “Processor”) and the entity or individual agreeing to this DPA (“Customer” or “Controller”). This DPA reflects the parties’ obligations under the General Data Protection Regulation (EU Regulation 2016/679, “GDPR”), the UK Data Protection Act 2018 (“UK GDPR”), and the Swiss Data Protection Act.
By using Raklet’s services, you accept the terms of this DPA.
Unless otherwise defined in this DPA, terms are as defined in the GDPR:
•Agreement: The main contract governing Raklet’s services.
•Controller: The entity determining the purposes and means of personal data processing.
•Processor: Raklet, processing data on behalf of the Controller.
•Personal Data: Any information relating to an identified or identifiable individual.
•Processing: Any operation performed on personal data, such as collection or storage.
•Sub-processor: A third party engaged by Raklet to process personal data.
•Standard Contractual Clauses (SCCs): EU-approved clauses ensuring lawful data transfers outside the EEA.
Raklet processes personal data to deliver its services:
•Purpose: CRM, membership management, events, and payment processing.
•Data Subjects: Members, users, and employees of the Controller.
•Data Types:
•Basic data: Name, email, phone number.
•Financial data (via Stripe): Credit card information, payment records.
•Optional data: Any additional information users voluntarily provide.
•Retention Period: Personal data is deleted 30 days after contract termination, except as required by law.
Raklet agrees to:
1.Process personal data only as instructed by the Controller.
2.Ensure security through encryption, access controls, and regular backups.
3.Notify the Controller within 72 hours of any personal data breach.
4.Assist the Controller with data subject requests (e.g., access, rectification, deletion).
5.Ensure all sub-processors comply with equivalent obligations under this DPA.
Raklet uses the following sub-processors to provide its services:
Sub-Processor Purpose Location
Amazon Web Services Data hosting EU
Microsoft Azure Data hosting EU
Stripe Payment processing Global
PayPal Payment processing Global
Intercom Customer support & communication Global
Rollbar Error monitoring Global
HubSpot CRM and marketing automation Global
ElasticSearch Search and analytics engine Global
Raklet notifies customers of sub-processor changes and provides a 14-day objection window.
Raklet ensures international data transfers comply with GDPR:
1. Sub-processor Compliance: All sub-processors (e.g., AWS, Stripe) include SCCs in their DPAs.
2. SCCs: Raklet uses SCCs to ensure data transferred outside the EEA is protected.
Raklet implements the following security measures:
• Encryption: Data is encrypted at rest and in transit using SSL/TLS.
• Access Controls: Only authorized Raklet team members can access production systems.
• Backups: Automated daily backups are retained for 30 days.
• Monitoring: Regular security audits and vulnerability scans.
In the event of a data breach:
1. Raklet will notify the Controller within 72 hours.
2. Details provided will include:
•Nature and scope of the breach.
•Impact on data subjects.
•Mitigation actions taken.
Raklet assists the Controller in fulfilling data subject rights under GDPR:
1.Access, correction, or deletion of personal data.
2.Data portability requests.
3.Objection to processing requests.
Requests will be addressed within 30 days.
Upon termination of the agreement:
1.Raklet will delete or anonymize personal data within 30 days.
2.Backups will be deleted after the retention period.
This DPA is governed by the laws outlined in the main Agreement. Disputes will be resolved in the jurisdiction specified therein.
For questions or concerns regarding this DPA, please contact Raklet at:
Email: [email protected]
Address: 4347 20th Street, San Francisco CA 94114
Security Measure Details
Encryption SSL/TLS for data in transit and encryption at rest.
Access Control Restricted access to production systems.
Backups Automated daily backups retained for 30 days.
Monitoring Security audits, vulnerability scans, and testing.
Raklet is a modern cloud platform that provides plug and play solutions for contacts, messages and payments.
