Data Processing Addendum
Last updated: July 6, 2026
This Data Processing Addendum (“DPA”) forms part of the agreement between Synerdeck (“Processor”) and the customer (“Controller”) and applies where we process personal data on the Controller’s behalf in connection with the Service.
1. Roles
The Controller determines the purposes and means of processing Customer Data. Synerdeck acts as Processor and processes personal data only on documented instructions from the Controller, including those set out in the agreement and this DPA.
2. Scope of processing
- Subject matter: provision of the client onboarding Service.
- Duration: for the term of the agreement and any deletion period thereafter.
- Nature and purpose: hosting, storage, and processing of client records, documents, and communications.
- Categories of data subjects: the Controller's team members and their clients.
3. Confidentiality
Synerdeck ensures that personnel authorized to process personal data are bound by confidentiality obligations and receive appropriate data protection guidance.
4. Security measures
Synerdeck implements appropriate technical and organizational measures as described on our Security page, taking into account the state of the art and the risks of processing.
5. Subprocessors
The Controller authorizes Synerdeck to engage the subprocessors listed in our Privacy Policy. Synerdeck remains responsible for its subprocessors’ compliance and will inform the Controller of material changes, giving an opportunity to object.
6. Data subject requests
Taking into account the nature of the processing, Synerdeck will assist the Controller by appropriate measures in responding to requests from data subjects exercising their rights.
7. Personal data breaches
Synerdeck will notify the Controller without undue delay after becoming aware of a personal data breach affecting Customer Data and will provide information reasonably necessary for the Controller to meet its notification obligations.
8. Deletion and return
Upon termination of the Service, Synerdeck will delete or return Customer Data in accordance with the agreement and applicable law, except where retention is legally required.
9. International transfers
Where processing involves transfers of personal data across borders, the parties will rely on an approved transfer mechanism, such as Standard Contractual Clauses, where required.
10. Contact
For data protection inquiries or to request a signed copy of this DPA, contact support@synerdeck.com.