Data Processing Agreement for SocialGo

Last Updated: 6/16/2025

DATA PROCESSING AGREEMENT

This Data Processing Agreement ("DPA") forms part of the Terms of Service between SocialGo ("Processor") and you ("Controller") and governs the processing of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. DEFINITIONS

The terms "personal data," "data subject," "controller," "processor," and "processing" shall have the meanings set forth in the GDPR.

2. SCOPE AND APPLICABILITY

This DPA applies to the processing of personal data by SocialGo on behalf of the Controller in connection with the provision of social media management services.

3. DETAILS OF PROCESSING

3.1 Subject Matter and Duration
The subject matter and duration of the processing are set out in the main service agreement and this DPA.

3.2 Nature and Purpose of Processing
- Social media content creation and scheduling
- Account management and analytics
- Customer support and service delivery

3.3 Categories of Data Subjects
- Controller's employees
- Controller's customers and prospects
- Social media followers and engagement users

3.4 Types of Personal Data
- Names and contact information
- Social media profiles and content
- Engagement data and analytics
- Business and marketing preferences

4. CONTROLLER AND PROCESSOR OBLIGATIONS

4.1 Controller Obligations
The Controller:
- Shall ensure it has lawful basis for processing
- Shall provide necessary instructions for processing
- Shall ensure data subjects' rights can be exercised
- Shall conduct Data Protection Impact Assessments when required

4.2 Processor Obligations
SocialGo shall:
- Process personal data only on documented instructions
- Ensure confidentiality of processing
- Implement appropriate security measures
- Assist with data subject requests
- Notify of personal data breaches without undue delay
- Delete or return personal data at end of services

5. SECURITY MEASURES

SocialGo implements appropriate technical and organizational measures including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Staff training and confidentiality agreements
- Incident response procedures

6. SUB-PROCESSING

6.1 General Authorization
Controller provides general authorization for SocialGo to engage sub-processors.

6.2 Current Sub-processors
- Cloud hosting providers (AWS, Google Cloud)
- Payment processors (Stripe)
- Email service providers
- Analytics services

6.3 Sub-processor Requirements
All sub-processors must provide adequate guarantees and be bound by data protection obligations equivalent to this DPA.

7. DATA SUBJECT RIGHTS

SocialGo shall assist Controller in responding to data subject requests including:
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object

8. PERSONAL DATA BREACHES

8.1 Notification
SocialGo shall notify Controller without undue delay (within 24 hours) of becoming aware of a personal data breach.

8.2 Information to be Provided
- Nature of the breach
- Categories and approximate numbers affected
- Likely consequences
- Measures taken or proposed

9. DATA TRANSFERS

9.1 International Transfers
Personal data may be transferred outside the EEA only with appropriate safeguards in place.

9.2 Safeguards
- Standard Contractual Clauses
- Adequacy decisions
- Binding Corporate Rules (where applicable)

10. RETURN OR DELETION OF DATA

Upon termination of services, SocialGo shall:
- Return all personal data to Controller, or
- Delete all personal data at Controller's choice
- Provide certification of deletion when requested

11. AUDIT RIGHTS

Controller may conduct audits or inspections to verify compliance with this DPA, subject to reasonable notice and confidentiality obligations.

12. LIABILITY AND INDEMNIFICATION

Each party's liability under this DPA shall be subject to the limitation of liability provisions in the main service agreement.

13. TERM AND TERMINATION

This DPA shall remain in effect for the duration of the main service agreement and shall terminate automatically upon termination of the main agreement.

14. GOVERNING LAW

This DPA shall be governed by the laws applicable to the main service agreement.

15. CONTACT INFORMATION

For questions regarding this DPA, contact:
Data Protection Officer: [email protected]
Legal Department: [email protected]

APPENDIX A: TECHNICAL AND ORGANIZATIONAL MEASURES

1. Access Control
- User authentication and authorization systems
- Multi-factor authentication for admin access
- Regular access reviews and deprovisioning

2. Data Security
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Secure key management
- Regular security updates

3. Data Integrity
- Data backup and recovery procedures
- Version control and change management
- Regular data integrity checks

4. Data Availability
- 99.9% uptime commitment
- Redundant systems and failover procedures
- Disaster recovery plan

5. Incident Response
- 24/7 monitoring and alerting
- Documented incident response procedures
- Regular testing and updates

6. Data Minimization
- Collection only of necessary data
- Regular data purging procedures
- Privacy by design principles

7. Staff Training
- Regular privacy and security training
- Confidentiality agreements
- Background checks for relevant personnel

By using SocialGo services, Controller agrees to the terms of this Data Processing Agreement.