Legal
Data Processing Addendum
This Data Processing Addendum ("DPA") forms part of the Terms of Service between you and Sutherland Technology Solutions Ltd. ("Referral Booster") and governs our processing of personal information about your customers ("Customer Data") when we provide the Service. It applies to United States. A signed copy is available on request for customers who require one.
1. Roles
For Customer Data, you are the business and Referral Booster is your service provider (as those terms are used in U.S. state privacy laws such as the CCPA/CPRA). We process Customer Data only to perform the Service for you, and not for our own commercial purposes.
2. Our commitments
When we process Customer Data on your behalf, we will:
- process it only on your documented instructions and to provide the Service;
- not sell or share it, and not retain, use, or disclose it for any purpose other than performing the Service or as permitted by applicable law;
- require our personnel who handle it to keep it confidential;
- maintain appropriate technical and organizational security measures designed to protect it, appropriate to its sensitivity;
- use only the sub-processors listed at Sub-processors, each bound to comparable obligations, and remain responsible for their performance;
- provide reasonable assistance with requests from individuals (for example access, correction, or deletion) and with your privacy obligations, taking into account the nature of the processing;
- notify you without undue delay after becoming aware of a security breach affecting Customer Data; and
- on termination, delete or return Customer Data in accordance with your instructions, except where we are required by law to retain it.
3. Your responsibilities
You are responsible for the lawfulness of the Customer Data you provide and for having any consent or legal basis required to provide it and to have us contact those individuals on your behalf, as set out in our Terms of Service and SMS Terms. You will give us accurate instructions and will not provide special categories of sensitive data except as needed for the Service.
4. International processing
Customer Data may be processed in United States and other countries through our sub-processors. We take steps intended to ensure it continues to receive an appropriate level of protection wherever it is processed.
5. Audits and changes
On reasonable request and subject to confidentiality, we will make available information reasonably necessary to demonstrate our compliance with this DPA. We may update this DPA to reflect changes in law or the Service; the “Last updated” date above will change.
6. Contact
For data-processing questions or to request a signed DPA, email hello@referralbooster.co.
This page is provided for general information and transparency and is not legal advice. Questions about this document? Email hello@referralbooster.co.