GDPR – Data Processing Agreement

Version updated on January 19th, 2025.

Teambook may periodically update this Data Processing Agreement (DPA). We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your Teambook account or by placing a prominent notice on our site.

This DPA shall replace any existing data processing agreement or similar document that the parties may have previously entered into in connection with the Service

While this policy may be translated into other languages and made publicly available on the Internet, the English language version shall prevail in the event of any dispute.

If you need a signed version of this agreement, have questions or concerns about our Data privacy practices, please feel free to contact us at privacy@teambook.soleil-digital.ch

1. AGREEMENT

  • Application: This Data Processing Agreement (DPA) applies between Teambook SA (Teambook) and the service user (the Customer) to the extent that Personal Data is Processed in the course of the performance of the Services as per the Terms of service (the Terms).
  • The purpose of the DPA is to supplement the Terms as respects the processing of Personal Data. The DPA does not concern any other data or the processing thereof. Teambook’s obligations under this DPA must be viewed accordingly, i.e., as only relating to the processing of Personal Data and not applying in any other context. In the event of any conflict between this DPA and the Terms of service, this DPA will take precedence.
  • Authority: If the Customer is using the Services in connection with a business, the Customer represents to Teambook that it has authority to bind that business or entity to this DPA and that the business accepts this DPA.
  • Governing law: This DPA is governed by the laws of Switzerland, and each party irrevocably submits to the non-exclusive jurisdiction of the Swiss courts.
  • Duration: This DPA applies for the period of time that Personal Data is Processed in connection with the Services. Teambook shall process Personal Data until the earlier of: (a) the date of termination of the Customer Agreement or (b) any date that the Customer instructs that Processing cease.

2. PERSONAL DATA

  • Personal Data whose processing is permitted: the types of Personal Data that a User (including the Customer) is allowed to process as part of Service Data are limited to those which the User is legally permitted to process. The Customer undertakes that Service Data will not include, and neither he nor any other User who accesses the Service (including any such Guest User) will use the Service for the processing of, Personal Data whose processing is legally prohibited.
  • Personal Data whose processing is restricted: the Customer acknowledges that the processing of certain types of Personal Data is restricted or limited under the GDPR and that non-compliance with the Personal restrictions or limitations may result in substantial penalties, including fines, being imposed on, or other punitive, remedial or compensatory measures being taken against, the Customer, Teambook and the User involved in the processing (if different from the Customer).
  • Consequently, the Customer undertakes that, absent Teambook’s prior explicit consent, Service Data will not include, and neither he nor any other User who accesses the Service (including any such Guest User) will use the Service for the processing of, Personal Data that fall within either of the following categories: (a) ‘special categories of personal data’ (also known as ‘sensitive information’) as described for the time being in Article 9 of the GDPR, including particularly but without limitation genetic data, biometric data and data concerning health; (b) ‘personal data relating to criminal convictions and offences or related security measures’ as described for the time being in Article 10 of the GDPR.

3. ROLES

  • Controller and Processor: The Parties acknowledge and agree that with regard to the processing of Personal Data, the Customer is the Data Controller and Teambook is a Data Processor. For the avoidance of doubt, this DPA does not apply where Teambook is the Data Controller. Note that when processing personal information in accordance with the California Consumer Privacy Act, the parties acknowledge and agree that the Customer is a Business and Teambook is a Service Provider for the purposes of the Act.
  • Data subjects: the Customer will determine who the Data Subjects are. The categories of Data Subjects include but may not be limited to: (a) Users having access to the Service, including such Guest Users; (b) Users who interact with the features applied via the Service; (c) employees, contractors, consultants, associates and agents of the Customer.
  • Sub-processors: the Customer agrees that persons and entities on the Sub-processor List (appendix A) may be retained as Sub-processors and authorises Teambook to engage them, provided that each Sub-processor, insofar as Personal considering the processing operations it performs, assumes or is made subject to data protection obligations substantially similar to those set forth in this DPA (but in any event no less protective of Personal Data than the DPA). These obligations may be either contractual or apply by operation of law. In the former case, the respective contract shall be in writing (which includes electronic form) or at least in a form that identifies the parties to the transaction and allows repeated reproduction of the terms agreed.
  • At least 10 days before authorising a third party not mentioned in the Sub-processor List to act as a Sub-processor Teambook shall inform the Customer of the new engagement by: (a) updating the Sub-processor List accordingly and (b) by notifying the Customer by email to the address specified as Teambook account owner. For the avoidance of doubt, where the Customer is not in the capacity of receiving notice of the above updates, Teambook’s obligation to inform the Customer of a new Sub-processor engagement shall be deemed to have been duly performed if carried out solely as per subsection (a).

4. DETAILS OF THE PROCESSING

  • Teambook will process Personal Data only as necessary to carry out the Services or as required by law to which Teambook or the processing Sub-processor is subject (which includes any judicial, arbitral, administrative or otherwise mandatory order or judgment made, recognised or enforceable under that law)
  • The Customer hereby instructs Teambook to process Personal Data as necessary in connection with the Service, which, particularly but without limitation, includes any processing that is (i) requested or initiated by Users in their use of the Teambook’s feature, or (ii) otherwise required for Teambook’s performance of its obligations in relation to the Service and/or its users.
  • The operations that Teambook performs on Personal Data will include storage and such other operations as shall be appropriate: e.g., retrieval, transmission, erasure, restriction and disclosure pursuant to the Customer’s instructions or as required by law.

5. PERSONAL DATA CONFIDENTIALITY

  • Teambook shall (a)  treat all Personal Data as strictly confidential; (b)  inform all its employees, agents and/or Sub-processors engaged in processing the Personal Data of the confidential nature of the Personal Data; and (c)  ensure that all such persons or parties have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.

6. SECURITY

  • Teambook will maintain adequate technical and organizational measures to ensure such level of security in its processing of Personal Data as appropriate in the given circumstances.
  • The purpose of the above measures is to address in an appropriate manner: (a) the protection of Personal Data against unauthorized or unlawful processing and against accidental loss, alteration or destruction; (b) the integrity and confidentiality of Personal Data; (c) the availability and resilience of the Features pertinent to the processing of Personal Data(to the extent such Features are authorised under the Service Plan the Customer enjoys); (d) the ability to restore the availability and access to Personal Data in a timely manner after a Service failure; (e) the effectiveness of the means employed by Teambook for ensuring the required level of security in its processing of Personal Data.
  • Teambook further undertakes to: (a) ensure that the persons it authorizes to process Personal Data commit themselves to confidentiality (or will be under an appropriate statutory obligation of confidentiality) with respect to these data; and (b) notify the Customer without undue delay upon learning of any Personal Data breach that involves Personal Data and may need to be communicated to the competent supervisory authority or the Data Subject(s) concerned.
  • Changes to measures: Teambook may change the Technical and Organisational Measures at any time without notice so long as it maintains a comparable or better level of security.
  • Customer responsibilities. The Customer agrees that except as provided by this DPA, Customer is responsible for its secure use of the Service, including securing its account authentication credentials, protecting the security of Personal Data when in transit to and from the Service, and taking any appropriate steps to securely encrypt or backup any Personal Data uploaded to the Services. If the Data Controller knows or suspects that its login information has or is likely to become used in an unauthorized way it shall immediately change its password or notify the Data Processor.
  • Directions: The Customer shall promptly comply with all reasonable directions issued by Teambook in relation to security or the Services.

7. DEMONSTRATION OF COMPLIANCE

  • Teambook shall maintain records sufficient to demonstrate its compliance with the DPA and will retain these records as long as legally required.
  • Security due diligence: upon the Customer’s request and subject to such confidentiality and non-use commitments as Teambook reasonably may suggest, Teambook shall, no more than once a year: (a) make available to the Customer such of the above records as necessary and any other information that reasonably may be required to demonstrate Teambook’s compliance with its obligations under the DPA; and (b) if the provision of records and other information as per the preceding subsection is not sufficient for demonstrating Teambook’s compliance, allow the Customer (or his independent third-party auditor), upon reasonable notice and at a mutually agreeable time, to conduct an audit or inspection of Teambook’s practices in processing Personal Data.

8. SUPPLIER’S ASSISTANCE

  • Data Subject’s requests: The Customer acknowledges that it is his duty, not Teambook’s, to accept, respond to, and resolve Data Subjects’ requests for exercising their rights and freedoms as data subjects in connection with Personal Data (‘data subject rights’) and to facilitate the exercise of these rights and freedoms. If any such request is addressed directly to Teambook, it will, to the extent legally permitted, redirect the request to the Customer without undue delay.
  • Upon the Customer’s request, and considering the nature of Teambook’s processing operations hereunder, Teambook will, insofar as possible, take appropriate technical and organisational measures to reasonably assist the Customer in complying with his obligation to respond to Data Subjects’ requests for exercising the following of their data subject rights under the GDPR: the right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object, and the right not to be subject to automated individual decision-making.
  • Costs of assistance: To the extent legally permitted, the Customer shall incur all costs and expenses that may arise in connection with the assistance described in this part 8, including any fees associated with the provision of additional Features.

9. RETURN AND DELETION OF DATA

  • After the completion of services relating to the processing of Service Data (i.e., upon permanent cessation of all Service in relation to the Service), Teambook will: (a) at the Customer’s choice, either delete or return to him all Personal Data then stored by Teambook provided that this respective request is made reasonably prior to the Service being closed; and (b) delete copies of these Personal Data, save if and to the extent the law requires that the data concerned be retained. If the Customer elects to have the data returned, Teambook will return with no obligation to organise, structure or otherwise process the same to separate Personal Data therefrom or distinguish between Personal Data and other Service Data.

10. PERSONAL DATA BREACH

  • Notifications: Upon becoming aware of a Personal Data Breach affecting Personal Data, Teambook shall (a) notify the Customer without undue delay, and where feasible, in no later than 48 hours from becoming aware; (b) provide timely information relating to the Personal Data Breach as it becomes known or as is reasonably requested by Customer; and (c) promptly take reasonable steps to contain and investigate the Personal Data Breach.
  • Teambook’s notification of or response to a Personal Data Breach under this clause shall not be construed as an acknowledgment by Teambook of any fault or liability with respect to the Personal Data Breach.

11. VARIATIONS

  • Changes due to Applicable Data Protection Law: Either Party may propose variations to this DPA if it reasonably considers it to be necessary to address the requirements of any Applicable Data Protection Law. If either Party gives such notice, the Parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the identified requirements as soon as is reasonably practicable.
  • Changes due to Controller instruction: Where an amendment to the Customer Agreement or this Data Protection Agreement is necessary in order to execute a Data Controller instruction to the Data Processor (a)  the Parties shall promptly discuss the proposed instruction and negotiate in good faith as soon as is reasonably practicable with a view to agreeing and implementing instruction; and (b) if the Parties are not able to reach agreement, the Data Controller’s sole remedy is to sole remedy is to cancel or terminate its account or the Services.

12. INTERPRETATIONS

In these Terms, unless the context otherwise requires:

  • the singular includes the plural and vice versa;
  • a reference to materials means a reference to materials of any kind whether in the form of documentation, software or otherwise;
  • a reference to either party includes reference to its respective successors in title and permitted assigns (and where the context so permits) its personnel and representatives;
  • any agreement not to do a thing also constitutes an agreement not to suffer or permit or cause that thing to be done;
  • the words “includes” and “including” are to be read as being followed by the words “without limitation”; and
  • a reference to any documentation includes as varied or substituted.

13. DEFINED TERMS

  • Parties means Teambook and the Customer.
  • Customer means the entity identified as the Customer in the Customer Agreement.
  • Customer Agreement means the Terms of Service between Teambook and the Customer for the supply and use of the Services, or if there is an enterprise written customer agreement executed by the Parties in place of the Terms of Service, then that agreement.
  • DPA means this Data Processing Agreement.
  • Terms such as Data Controller, Data Processor, Processing and Personal Data Breach have the meaning ascribed to them in the GDPR. Terms defined in the Customer Agreement have the meaning ascribed to them in the Customer Agreement. In addition:
  • Applicable Data Protection Law means all data protection and privacy laws that apply, including: (a) GDPR; (b) the Swiss « Secrecy Laws » (e.g., Art. 320 et seqq. Swiss Penal Code); (c) the California Consumer Privacy Act; (d) the Canadian Personal Information Protection and Electronic Documents Act and (e) the Privacy Act 1988 (Cth) of Australia
  • European/UK Data Protection Laws means data protection laws applicable in Europe and/or the UK (as applicable), including GDPR.
  • GDPR means Regulation (EU) 2016/679 (General Data Protection Regulation) and/or the United Kingdom General Data Protection Regulation, as applicable.

APPENDIX A : LIST OF SUB-PROCESSORS

The controller has authorised the use of the following sub-processors:

  • Digital Ocean : Cloud services provider.
  • Google Analytics: Cloud services provider.
  • SendGrid : Email delivery service.
  • Chartmogul : Subscription management service.
  • Braintree : Payment processing service.
  • Intercom : Help desk software.
  • Product Fruit: Knowledge base & on-boarding services.
  • Reditus: Affiliation management program

Sign Up for FREE and start using Teambook in seconds!​

Free 30 days trial
No credit card needed