Data Processing Addendum (DPA)

This Data Processing Addendum forms part of the agreement between the customer and Statey.

1. Definitions

Terms such as “Personal Data”, “Processing”, “Controller”, and “Processor” have the meanings given in the GDPR.

2. Subject Matter and Duration

This DPA applies for the duration of the customer’s use of the Statey service.

3. Nature and Purpose of Processing

Statey processes personal data to provide customer statement generation and related communications.

4. Categories of Data and Data Subjects

Data subjects: customers’ clients and contacts

Data categories: names, email addresses, invoice and payment data, and related metadata

5. Roles

  • Customer: Controller
  • Statey: Processor

6. Processor Obligations

Statey shall:

  • Process personal data only on documented customer instructions
  • Ensure personnel are bound by confidentiality obligations
  • Implement appropriate technical and organisational security measures
  • Engage sub-processors only as described in this DPA
  • Delete personal data upon termination of the service

7. Sub-processors

Approved sub-processors:

  • SendGrid (Twilio)
  • DigitalOcean

Statey may update its sub-processor list with reasonable notice via its website or documentation.

8. International Transfers

Where personal data is transferred outside the EU or UK, such transfers are governed by:

  • EU Standard Contractual Clauses (Controller-to-Processor)
  • UK International Data Transfer Addendum

These mechanisms are incorporated by reference.

9. Data Subject Rights

Statey will provide reasonable assistance, where technically feasible, to enable customers to respond to data subject requests.

10. Security Measures

Statey maintains security measures as described in its Security Overview, including encryption, access controls, monitoring, and backup procedures.

11. Personal Data Breaches

Statey will notify customers without undue delay after becoming aware of a personal data breach affecting customer data.

12. Liability

Nothing in this DPA increases or modifies Statey’s liability beyond what is set out in the Terms of Service.

Related Articles