Register
Login

Data Processing Addendum

This Data Processing Addendum (“DPA”) forms part of the Terms of Service (“Agreement”) between Swivel Pty Ltd (“Swivel”) and the Customer (“Customer”) and reflects the parties’ agreement with respect to the processing of personal data in connection with the use of Swivel services.

1. Definitions

  • Data Controller, Data Processor, Personal Data, and Processing shall have the meanings given to them in applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, the Australian Privacy Act 1988, and relevant US State privacy laws.
  • Customer Data means any Personal Data that Swivel processes on behalf of the Customer.
  • Applicable Data Protection Laws means all data protection and privacy laws and regulations applicable to the processing of personal data under the Agreement.

2. Roles and Scope

  • The parties acknowledge that, with respect to Customer Data, the Customer is the Data Controller and Swivel is the Data Processor.
  • This DPA applies to the processing of Customer Data in connection with the services provided by Swivel under the Agreement.

3. Processing Instructions

  • Swivel will only process Customer Data in accordance with the Customer’s documented instructions, including with regard to transfers of personal data, unless required by law.

4. Confidentiality

  • Swivel will ensure that persons authorised to process Customer Data have committed to confidentiality or are under appropriate statutory obligations of confidentiality.

5. Security

  • Swivel will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.

6. Subprocessors

  • The Customer provides Swivel with general authorisation to engage subprocessors.
  • Swivel will maintain a list of subprocessors and notify the Customer of any intended changes, giving the Customer an opportunity to object.

7. Data Subject Rights

  • Swivel will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws.

8. Data Breach Notification

  • Swivel will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Data.

9. Data Transfers

  • Swivel may transfer Customer Data outside the Customer’s jurisdiction where such transfers are carried out in compliance with applicable data protection laws.
  • For transfers subject to GDPR or UK GDPR, Swivel will use appropriate safeguards such as Standard Contractual Clauses or the UK International Data Transfer Agreement.
  • For other jurisdictions, Swivel will ensure equivalent protection consistent with relevant laws.

10. Return or Deletion of Data

  • Upon termination of the Agreement, Swivel will, at the Customer’s choice, delete or return all Customer Data, unless legal obligations require storage of the data.

11. Audit Rights

  • Swivel will make available information necessary to demonstrate compliance with this DPA and allow for audits by the Customer or an authorised third party.

12. Governing Law

  • This DPA shall be governed by the same jurisdiction as the Agreement to which it is attached.

13. Modifications for Jurisdictional Compliance

  • Where local data protection laws require specific provisions, the parties agree to adopt jurisdiction-specific addenda or clauses (e.g., EU SCCs, UK IDTA) as needed to maintain compliance.

14. Contact

Questions or requests regarding this DPA should be directed to:

Swivel Pty Ltd
Email: info@heyswivel.com

This DPA is effective as of the date of acceptance of the Terms of Service and remains in force for the duration of the Agreement.

Employer
Swivel Timebox
Swivel Breathe
Learn more
Resources
Solutions
Legal
Linkedin-in Facebook-f Instagram