Data Processing Agreement
Our commitment to processing your data with the highest standards of security, privacy, and regulatory compliance.
“Trust in data processing begins with clear commitments and transparent practices.”
Purpose and Scope
This Data Processing Agreement (DPA) governs the processing of personal data by Kayle on behalf of our customers in connection with our content moderation services.
This agreement ensures compliance with GDPR, CCPA, and other applicable data protection laws while maintaining our philosophical commitment to privacy and data minimization.
Definitions
For the purposes of this DPA:
• 'Personal Data' means any information relating to an identified or identifiable natural person
• 'Processing' means any operation performed on personal data
• 'Data Controller' refers to our customers who determine the purposes of processing
• 'Data Processor' refers to Kayle as the entity processing data on behalf of the controller
These definitions align with GDPR Article 4 and similar regulations.
Data Processing Principles
We adhere to the following principles in our data processing activities:
• Processing only on documented instructions from the controller
• Implementing appropriate technical and organizational measures
• Ensuring confidentiality commitments from personnel
• Assisting the controller in responding to data subject rights
• Supporting the controller's compliance obligations
Security Measures
Our security measures include:
• End-to-end encryption for data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Employee training on data protection
• Incident response procedures
These measures are regularly reviewed and updated to ensure continued effectiveness.
Subprocessing
We maintain strict control over subprocessors:
• All subprocessors are carefully selected and vetted
• Customers are informed of any intended changes to subprocessors
• Subprocessors are bound by similar data protection obligations
• A current list of subprocessors is maintained at /subprocessors
Data Transfers
For international data transfers, we ensure appropriate safeguards:
• Standard Contractual Clauses (SCCs) where applicable
• Privacy Shield certification where relevant
• Additional technical measures as required
We maintain transparency about data storage locations and transfer mechanisms.
Breach Notification
In the event of a personal data breach, we will:
• Notify the controller without undue delay
• Provide detailed information about the breach
• Assist in meeting breach notification obligations
• Document and remedy the breach
Our incident response plan ensures swift and appropriate action.
Audit Rights
We support our customers' audit requirements:
• Regular third-party audits and certifications
• Provision of documentation and evidence
• Facilitation of customer audits as agreed
• Prompt response to audit findings
Ready to review our DPA?
Contact our team to receive a copy of our Data Processing Agreement.