Data Processing Agreement (DPA)
Last Updated: 6 June 2025
Introduction
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Yin Yang Inc. DBA ClonePartner ("Company") and the entity that accepts the Terms ("Customer"). It applies whenever the Company processes Personal Data on Customer’s behalf.
Our Data‑Protection Officer may be contacted at dpo@clonepartner.com
Our EU representative under GDPR Art 27 is Rickert Rechtsanwaltsgesellschaft mbH – YIN YANG, INC. – Colmantstraße 15, 53115 Bonn, Germany – art-27-rep-yinyang@rickert.law
Our UK representative under UK GDPR Art 27 is Rickert Services Ltd UK – YIN YANG, INC. – PO Box 1487, Peterborough PE1 9XX, United Kingdom – art-27-rep-yinyang@rickert-services.uk
A signed version of this DPA is available on request to legal@clonepartner.com
Both parties agree to comply with applicable data‑protection laws, including GDPR, UK GDPR, Swiss FADP, CCPA/CPRA, and any superseding legislation ("Data Protection Laws").
1. Definitions
Unless defined here, capitalised terms have the meanings in the Terms or relevant legislation.
Controller, Processor, Data Subject, Processing, Personal Data Breach – as in GDPR
Personal Data – any data relating to an identified or identifiable natural person contained in Customer Data
Restricted Transfer – a cross‑border transfer requiring safeguards under Data Protection Laws
Standard Contractual Clauses (SCCs) – EU SCCs (governed by Irish law), UK International Data Transfer Addendum, or Swiss SCCs, as applicable
Sub‑Processor – any Processor engaged by the Company to assist in fulfilling obligations under this DPA
Service Term – the period during which the Company provides Services to the Customer: for SaaS, the subscription term; for migration or other professional‑services engagements, the project term stated in the applicable Order Form or Statement of Work
2. Roles and Scope
2.1. Customer acts as Controller (or Processor on behalf of a Controller). The Company acts as Processor (or Sub‑Processor).
2.2. The Company processes Personal Data only on documented instructions from Customer.
2.3. Each Party will comply with its obligations under Data Protection Laws.
3. Term and Termination
This DPA remains in effect while the Company processes Personal Data for Customer. Termination follows the Terms or mutual written agreement. Clauses intended to survive (e.g., Confidentiality, Liability) will do so.
4. Processing Instructions
4.1. The Company will process Personal Data only as necessary to deliver the Services, as set out in the Terms, Order Forms, this DPA, or later written instructions.
4.2. If an instruction appears to violate Data Protection Laws, the Company will promptly inform Customer.
5. Personnel
The Company restricts Personal Data access to authorised personnel bound by confidentiality and security obligations.
6. Data‑Subject & Regulatory Assistance
6.1. The Company will, taking into account the nature of Processing, assist Customer by appropriate technical and organisational measures to fulfil obligations to respond to Data‑Subject requests, conduct Data‑Protection Impact Assessments, and engage in prior consultations with supervisory authorities.
6.2. Any such assistance beyond routine self‑service features may be chargeable on a time‑and‑materials basis, subject to advance written approval by Customer.
7. Security Measures
The Company maintains appropriate technical and organisational measures ("TOMs") to safeguard Personal Data. A high‑level summary is provided in Schedule B. Detailed documentation (including ISO 27001 certification and SOC 2 Type II report) is available under NDA upon request to legal@clonepartner.com
8. Sub‑Processors
8.1. General Authorisation – Customer authorises the Sub‑Processors listed in Schedule C.
8.2. The Company will notify Customer at least thirty days before adding or replacing a Sub‑Processor and allow reasonable objections based on data‑protection grounds.
8.3. All Sub‑Processors sign data‑processing agreements imposing obligations equivalent to this DPA, and the Company remains fully liable for their acts and omissions.
8.4. Upon written request, the Company will provide summary audit reports or certifications demonstrating the Sub‑Processor’s compliance.
9. International & Regional Compliance
9.1. Restricted Transfers – safeguarded by the SCCs or alternative lawful mechanisms.
9.2. California – Service Provider – The Parties acknowledge that Personal Data is processed for limited and specified purposes; the Company does not sell or share Personal Data as defined by CPRA and will not retain, use, or disclose Personal Data outside the scope of Customer’s instructions.
9.3. If existing transfer mechanisms become invalid, the Parties will implement lawful alternatives or suspend transfers.
10. Personal Data Breach
The Company will notify Customer without undue delay and, where feasible, within 48 hours after becoming aware of a Personal Data Breach and will cooperate in investigation, mitigation, and regulatory notifications.
11. Deletion or Return of Data
Upon termination of Services, the Company will delete Customer Data within a commercially reasonable period in line with our internal retention policies. If Customer requires accelerated deletion or bespoke retention handling, we will review and, where feasible, accommodate such requests on a case‑by‑case basis. Where a legal obligation necessitates continued storage, the data will be isolated and safeguarded. Upon written request, the Company will certify deletion.
12. Audit and Compliance
12.1. The Company will provide information necessary to demonstrate compliance with this DPA.
12.2. Once per twelve‑month period and on thirty days’ notice, Customer may audit the Company’s Processing. Additional or unplanned audits may incur fees.
12.3. The Company will cooperate with supervisory‑authority inquiries.
13. Liability
Liability is governed by the limitation clauses in the Terms. Nothing limits either Party’s liability for intentional or wilful breach of this DPA.
14. Miscellaneous
14.1. In case of conflict, this DPA prevails over the Terms.
14.2. Amendments require written agreement.
14.3. Notices should be sent to legal@clonepartner.com and Customer’s designated contact.
14.4. If any provision is held invalid, the remainder stays effective.
14.5. Headings are for convenience only and do not affect interpretation.
Schedules
Schedule A – Parties & Governing Law for SCCs
Data Exporter: Customer (as defined in the Terms)
Data Importer: Yin Yang Inc. DBA ClonePartner, 9450 SW Gemini Dr PMB 69868, Beaverton OR 97008‑7105 US, contact: legal@clonepartner.com
For EU SCCs Clause 17, the governing law shall be Irish law
Schedule B – Technical & Organisational Measures
Encryption of data in transit (TLS 1.2+) and at rest (AES‑256)
Encryption‑key management handled by the Company with quarterly rotation
Network segmentation, firewalling, and zero‑trust access policies
Role‑based access control (RBAC) and multi‑factor authentication (MFA)
Continuous monitoring, centralised logging, and intrusion detection
Regular vulnerability scanning, quarterly penetration testing, and prompt patch management
ISO 27001 certification and SOC 2 Type II audit programme
Annual security‑awareness and privacy training for all personnel
Business‑continuity and disaster‑recovery plans with encrypted off‑site backups
Sub‑Processor due‑diligence and contract reviews
Schedule C – Authorised Sub‑Processors
DigitalOcean — Hosting, infrastructure, and database services; storage, recording, organisation, retrieval of Customer‑data assets; engagement ongoing
Cal.com — Scheduling and calendar‑management for migration or implementation sessions; collection, storage, limited processing of contact details and meeting metadata; engagement ongoing
Tally.so — Form and survey capture for intake of migration requirements and feedback; collection, recording, organisation of form submissions; engagement ongoing
Truto.one — Unified API framework powering internal integration orchestration; transmission, storage, transformation of integration metadata; engagement ongoing
The Company updates this list when Sub‑Processors are added or removed and will provide advance notice per Section 8.
Schedule D – UK Addendum
The UK International Data Transfer Addendum (“UK SCCs”) is incorporated for transfers from the United Kingdom, using the details in Schedules A, B, and C.
Schedule E – Description of Processing
Nature and purpose — Provision of the ClonePartner SaaS integration platform and professional migration, backup, recovery, and continuous data‑synchronisation services.
Categories of Data Subjects — Customer employees, contractors, end‑users, and any individuals whose data is present in the source or destination systems involved in migrations or integrations.
Categories of Personal Data — Basic identifiers (name, email, user ID), contact details, role or title, authentication tokens, log data, technical metadata required to operate migrations. Optional configuration or mapping files may include limited Personal Data supplied by Customer.
Sensitive Personal Information — Not intentionally collected. Customer must not transmit special‑category or sensitive Personal Data unless required for the engagement and explicitly authorised in writing.
Retention — For SaaS subscriptions, Personal Data is retained for the active Subscription Term. For one‑off migration or other professional‑services projects, Personal Data is retained for the project term set out in the relevant Order Form or Statement of Work. After the applicable term ends, data is deleted within a commercially reasonable period unless law requires longer storage. Customer may request expedited deletion or alternative retention, which the Company will evaluate case by case.
Frequency of transfer — Continuous or ad‑hoc transfers occur as needed to perform the Services.
Duration of Processing — For SaaS subscriptions, Processing continues for the Subscription Term. For migration or other professional‑services engagements, Processing continues for the project term. Limited Processing may continue thereafter only as required by law or agreed retention arrangements.
The Customer is deemed to have executed this DPA, including incorporated SCCs, by accepting the Terms of Service or signing an Order Form
Data Processing Agreement (DPA)
Last Updated: 6 June 2025
Introduction
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Yin Yang Inc. DBA ClonePartner ("Company") and the entity that accepts the Terms ("Customer"). It applies whenever the Company processes Personal Data on Customer’s behalf.
Our Data‑Protection Officer may be contacted at dpo@clonepartner.com
Our EU representative under GDPR Art 27 is Rickert Rechtsanwaltsgesellschaft mbH – YIN YANG, INC. – Colmantstraße 15, 53115 Bonn, Germany – art-27-rep-yinyang@rickert.law
Our UK representative under UK GDPR Art 27 is Rickert Services Ltd UK – YIN YANG, INC. – PO Box 1487, Peterborough PE1 9XX, United Kingdom – art-27-rep-yinyang@rickert-services.uk
A signed version of this DPA is available on request to legal@clonepartner.com
Both parties agree to comply with applicable data‑protection laws, including GDPR, UK GDPR, Swiss FADP, CCPA/CPRA, and any superseding legislation ("Data Protection Laws").
1. Definitions
Unless defined here, capitalised terms have the meanings in the Terms or relevant legislation.
Controller, Processor, Data Subject, Processing, Personal Data Breach – as in GDPR
Personal Data – any data relating to an identified or identifiable natural person contained in Customer Data
Restricted Transfer – a cross‑border transfer requiring safeguards under Data Protection Laws
Standard Contractual Clauses (SCCs) – EU SCCs (governed by Irish law), UK International Data Transfer Addendum, or Swiss SCCs, as applicable
Sub‑Processor – any Processor engaged by the Company to assist in fulfilling obligations under this DPA
Service Term – the period during which the Company provides Services to the Customer: for SaaS, the subscription term; for migration or other professional‑services engagements, the project term stated in the applicable Order Form or Statement of Work
2. Roles and Scope
2.1. Customer acts as Controller (or Processor on behalf of a Controller). The Company acts as Processor (or Sub‑Processor).
2.2. The Company processes Personal Data only on documented instructions from Customer.
2.3. Each Party will comply with its obligations under Data Protection Laws.
3. Term and Termination
This DPA remains in effect while the Company processes Personal Data for Customer. Termination follows the Terms or mutual written agreement. Clauses intended to survive (e.g., Confidentiality, Liability) will do so.
4. Processing Instructions
4.1. The Company will process Personal Data only as necessary to deliver the Services, as set out in the Terms, Order Forms, this DPA, or later written instructions.
4.2. If an instruction appears to violate Data Protection Laws, the Company will promptly inform Customer.
5. Personnel
The Company restricts Personal Data access to authorised personnel bound by confidentiality and security obligations.
6. Data‑Subject & Regulatory Assistance
6.1. The Company will, taking into account the nature of Processing, assist Customer by appropriate technical and organisational measures to fulfil obligations to respond to Data‑Subject requests, conduct Data‑Protection Impact Assessments, and engage in prior consultations with supervisory authorities.
6.2. Any such assistance beyond routine self‑service features may be chargeable on a time‑and‑materials basis, subject to advance written approval by Customer.
7. Security Measures
The Company maintains appropriate technical and organisational measures ("TOMs") to safeguard Personal Data. A high‑level summary is provided in Schedule B. Detailed documentation (including ISO 27001 certification and SOC 2 Type II report) is available under NDA upon request to legal@clonepartner.com
8. Sub‑Processors
8.1. General Authorisation – Customer authorises the Sub‑Processors listed in Schedule C.
8.2. The Company will notify Customer at least thirty days before adding or replacing a Sub‑Processor and allow reasonable objections based on data‑protection grounds.
8.3. All Sub‑Processors sign data‑processing agreements imposing obligations equivalent to this DPA, and the Company remains fully liable for their acts and omissions.
8.4. Upon written request, the Company will provide summary audit reports or certifications demonstrating the Sub‑Processor’s compliance.
9. International & Regional Compliance
9.1. Restricted Transfers – safeguarded by the SCCs or alternative lawful mechanisms.
9.2. California – Service Provider – The Parties acknowledge that Personal Data is processed for limited and specified purposes; the Company does not sell or share Personal Data as defined by CPRA and will not retain, use, or disclose Personal Data outside the scope of Customer’s instructions.
9.3. If existing transfer mechanisms become invalid, the Parties will implement lawful alternatives or suspend transfers.
10. Personal Data Breach
The Company will notify Customer without undue delay and, where feasible, within 48 hours after becoming aware of a Personal Data Breach and will cooperate in investigation, mitigation, and regulatory notifications.
11. Deletion or Return of Data
Upon termination of Services, the Company will delete Customer Data within a commercially reasonable period in line with our internal retention policies. If Customer requires accelerated deletion or bespoke retention handling, we will review and, where feasible, accommodate such requests on a case‑by‑case basis. Where a legal obligation necessitates continued storage, the data will be isolated and safeguarded. Upon written request, the Company will certify deletion.
12. Audit and Compliance
12.1. The Company will provide information necessary to demonstrate compliance with this DPA.
12.2. Once per twelve‑month period and on thirty days’ notice, Customer may audit the Company’s Processing. Additional or unplanned audits may incur fees.
12.3. The Company will cooperate with supervisory‑authority inquiries.
13. Liability
Liability is governed by the limitation clauses in the Terms. Nothing limits either Party’s liability for intentional or wilful breach of this DPA.
14. Miscellaneous
14.1. In case of conflict, this DPA prevails over the Terms.
14.2. Amendments require written agreement.
14.3. Notices should be sent to legal@clonepartner.com and Customer’s designated contact.
14.4. If any provision is held invalid, the remainder stays effective.
14.5. Headings are for convenience only and do not affect interpretation.
Schedules
Schedule A – Parties & Governing Law for SCCs
Data Exporter: Customer (as defined in the Terms)
Data Importer: Yin Yang Inc. DBA ClonePartner, 9450 SW Gemini Dr PMB 69868, Beaverton OR 97008‑7105 US, contact: legal@clonepartner.com
For EU SCCs Clause 17, the governing law shall be Irish law
Schedule B – Technical & Organisational Measures
Encryption of data in transit (TLS 1.2+) and at rest (AES‑256)
Encryption‑key management handled by the Company with quarterly rotation
Network segmentation, firewalling, and zero‑trust access policies
Role‑based access control (RBAC) and multi‑factor authentication (MFA)
Continuous monitoring, centralised logging, and intrusion detection
Regular vulnerability scanning, quarterly penetration testing, and prompt patch management
ISO 27001 certification and SOC 2 Type II audit programme
Annual security‑awareness and privacy training for all personnel
Business‑continuity and disaster‑recovery plans with encrypted off‑site backups
Sub‑Processor due‑diligence and contract reviews
Schedule C – Authorised Sub‑Processors
DigitalOcean — Hosting, infrastructure, and database services; storage, recording, organisation, retrieval of Customer‑data assets; engagement ongoing
Cal.com — Scheduling and calendar‑management for migration or implementation sessions; collection, storage, limited processing of contact details and meeting metadata; engagement ongoing
Tally.so — Form and survey capture for intake of migration requirements and feedback; collection, recording, organisation of form submissions; engagement ongoing
Truto.one — Unified API framework powering internal integration orchestration; transmission, storage, transformation of integration metadata; engagement ongoing
The Company updates this list when Sub‑Processors are added or removed and will provide advance notice per Section 8.
Schedule D – UK Addendum
The UK International Data Transfer Addendum (“UK SCCs”) is incorporated for transfers from the United Kingdom, using the details in Schedules A, B, and C.
Schedule E – Description of Processing
Nature and purpose — Provision of the ClonePartner SaaS integration platform and professional migration, backup, recovery, and continuous data‑synchronisation services.
Categories of Data Subjects — Customer employees, contractors, end‑users, and any individuals whose data is present in the source or destination systems involved in migrations or integrations.
Categories of Personal Data — Basic identifiers (name, email, user ID), contact details, role or title, authentication tokens, log data, technical metadata required to operate migrations. Optional configuration or mapping files may include limited Personal Data supplied by Customer.
Sensitive Personal Information — Not intentionally collected. Customer must not transmit special‑category or sensitive Personal Data unless required for the engagement and explicitly authorised in writing.
Retention — For SaaS subscriptions, Personal Data is retained for the active Subscription Term. For one‑off migration or other professional‑services projects, Personal Data is retained for the project term set out in the relevant Order Form or Statement of Work. After the applicable term ends, data is deleted within a commercially reasonable period unless law requires longer storage. Customer may request expedited deletion or alternative retention, which the Company will evaluate case by case.
Frequency of transfer — Continuous or ad‑hoc transfers occur as needed to perform the Services.
Duration of Processing — For SaaS subscriptions, Processing continues for the Subscription Term. For migration or other professional‑services engagements, Processing continues for the project term. Limited Processing may continue thereafter only as required by law or agreed retention arrangements.
The Customer is deemed to have executed this DPA, including incorporated SCCs, by accepting the Terms of Service or signing an Order Form
Data Processing Agreement (DPA)
Last Updated: 6 June 2025
Introduction
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Yin Yang Inc. DBA ClonePartner ("Company") and the entity that accepts the Terms ("Customer"). It applies whenever the Company processes Personal Data on Customer’s behalf.
Our Data‑Protection Officer may be contacted at dpo@clonepartner.com
Our EU representative under GDPR Art 27 is Rickert Rechtsanwaltsgesellschaft mbH – YIN YANG, INC. – Colmantstraße 15, 53115 Bonn, Germany – art-27-rep-yinyang@rickert.law
Our UK representative under UK GDPR Art 27 is Rickert Services Ltd UK – YIN YANG, INC. – PO Box 1487, Peterborough PE1 9XX, United Kingdom – art-27-rep-yinyang@rickert-services.uk
A signed version of this DPA is available on request to legal@clonepartner.com
Both parties agree to comply with applicable data‑protection laws, including GDPR, UK GDPR, Swiss FADP, CCPA/CPRA, and any superseding legislation ("Data Protection Laws").
1. Definitions
Unless defined here, capitalised terms have the meanings in the Terms or relevant legislation.
Controller, Processor, Data Subject, Processing, Personal Data Breach – as in GDPR
Personal Data – any data relating to an identified or identifiable natural person contained in Customer Data
Restricted Transfer – a cross‑border transfer requiring safeguards under Data Protection Laws
Standard Contractual Clauses (SCCs) – EU SCCs (governed by Irish law), UK International Data Transfer Addendum, or Swiss SCCs, as applicable
Sub‑Processor – any Processor engaged by the Company to assist in fulfilling obligations under this DPA
Service Term – the period during which the Company provides Services to the Customer: for SaaS, the subscription term; for migration or other professional‑services engagements, the project term stated in the applicable Order Form or Statement of Work
2. Roles and Scope
2.1. Customer acts as Controller (or Processor on behalf of a Controller). The Company acts as Processor (or Sub‑Processor).
2.2. The Company processes Personal Data only on documented instructions from Customer.
2.3. Each Party will comply with its obligations under Data Protection Laws.
3. Term and Termination
This DPA remains in effect while the Company processes Personal Data for Customer. Termination follows the Terms or mutual written agreement. Clauses intended to survive (e.g., Confidentiality, Liability) will do so.
4. Processing Instructions
4.1. The Company will process Personal Data only as necessary to deliver the Services, as set out in the Terms, Order Forms, this DPA, or later written instructions.
4.2. If an instruction appears to violate Data Protection Laws, the Company will promptly inform Customer.
5. Personnel
The Company restricts Personal Data access to authorised personnel bound by confidentiality and security obligations.
6. Data‑Subject & Regulatory Assistance
6.1. The Company will, taking into account the nature of Processing, assist Customer by appropriate technical and organisational measures to fulfil obligations to respond to Data‑Subject requests, conduct Data‑Protection Impact Assessments, and engage in prior consultations with supervisory authorities.
6.2. Any such assistance beyond routine self‑service features may be chargeable on a time‑and‑materials basis, subject to advance written approval by Customer.
7. Security Measures
The Company maintains appropriate technical and organisational measures ("TOMs") to safeguard Personal Data. A high‑level summary is provided in Schedule B. Detailed documentation (including ISO 27001 certification and SOC 2 Type II report) is available under NDA upon request to legal@clonepartner.com
8. Sub‑Processors
8.1. General Authorisation – Customer authorises the Sub‑Processors listed in Schedule C.
8.2. The Company will notify Customer at least thirty days before adding or replacing a Sub‑Processor and allow reasonable objections based on data‑protection grounds.
8.3. All Sub‑Processors sign data‑processing agreements imposing obligations equivalent to this DPA, and the Company remains fully liable for their acts and omissions.
8.4. Upon written request, the Company will provide summary audit reports or certifications demonstrating the Sub‑Processor’s compliance.
9. International & Regional Compliance
9.1. Restricted Transfers – safeguarded by the SCCs or alternative lawful mechanisms.
9.2. California – Service Provider – The Parties acknowledge that Personal Data is processed for limited and specified purposes; the Company does not sell or share Personal Data as defined by CPRA and will not retain, use, or disclose Personal Data outside the scope of Customer’s instructions.
9.3. If existing transfer mechanisms become invalid, the Parties will implement lawful alternatives or suspend transfers.
10. Personal Data Breach
The Company will notify Customer without undue delay and, where feasible, within 48 hours after becoming aware of a Personal Data Breach and will cooperate in investigation, mitigation, and regulatory notifications.
11. Deletion or Return of Data
Upon termination of Services, the Company will delete Customer Data within a commercially reasonable period in line with our internal retention policies. If Customer requires accelerated deletion or bespoke retention handling, we will review and, where feasible, accommodate such requests on a case‑by‑case basis. Where a legal obligation necessitates continued storage, the data will be isolated and safeguarded. Upon written request, the Company will certify deletion.
12. Audit and Compliance
12.1. The Company will provide information necessary to demonstrate compliance with this DPA.
12.2. Once per twelve‑month period and on thirty days’ notice, Customer may audit the Company’s Processing. Additional or unplanned audits may incur fees.
12.3. The Company will cooperate with supervisory‑authority inquiries.
13. Liability
Liability is governed by the limitation clauses in the Terms. Nothing limits either Party’s liability for intentional or wilful breach of this DPA.
14. Miscellaneous
14.1. In case of conflict, this DPA prevails over the Terms.
14.2. Amendments require written agreement.
14.3. Notices should be sent to legal@clonepartner.com and Customer’s designated contact.
14.4. If any provision is held invalid, the remainder stays effective.
14.5. Headings are for convenience only and do not affect interpretation.
Schedules
Schedule A – Parties & Governing Law for SCCs
Data Exporter: Customer (as defined in the Terms)
Data Importer: Yin Yang Inc. DBA ClonePartner, 9450 SW Gemini Dr PMB 69868, Beaverton OR 97008‑7105 US, contact: legal@clonepartner.com
For EU SCCs Clause 17, the governing law shall be Irish law
Schedule B – Technical & Organisational Measures
Encryption of data in transit (TLS 1.2+) and at rest (AES‑256)
Encryption‑key management handled by the Company with quarterly rotation
Network segmentation, firewalling, and zero‑trust access policies
Role‑based access control (RBAC) and multi‑factor authentication (MFA)
Continuous monitoring, centralised logging, and intrusion detection
Regular vulnerability scanning, quarterly penetration testing, and prompt patch management
ISO 27001 certification and SOC 2 Type II audit programme
Annual security‑awareness and privacy training for all personnel
Business‑continuity and disaster‑recovery plans with encrypted off‑site backups
Sub‑Processor due‑diligence and contract reviews
Schedule C – Authorised Sub‑Processors
DigitalOcean — Hosting, infrastructure, and database services; storage, recording, organisation, retrieval of Customer‑data assets; engagement ongoing
Cal.com — Scheduling and calendar‑management for migration or implementation sessions; collection, storage, limited processing of contact details and meeting metadata; engagement ongoing
Tally.so — Form and survey capture for intake of migration requirements and feedback; collection, recording, organisation of form submissions; engagement ongoing
Truto.one — Unified API framework powering internal integration orchestration; transmission, storage, transformation of integration metadata; engagement ongoing
The Company updates this list when Sub‑Processors are added or removed and will provide advance notice per Section 8.
Schedule D – UK Addendum
The UK International Data Transfer Addendum (“UK SCCs”) is incorporated for transfers from the United Kingdom, using the details in Schedules A, B, and C.
Schedule E – Description of Processing
Nature and purpose — Provision of the ClonePartner SaaS integration platform and professional migration, backup, recovery, and continuous data‑synchronisation services.
Categories of Data Subjects — Customer employees, contractors, end‑users, and any individuals whose data is present in the source or destination systems involved in migrations or integrations.
Categories of Personal Data — Basic identifiers (name, email, user ID), contact details, role or title, authentication tokens, log data, technical metadata required to operate migrations. Optional configuration or mapping files may include limited Personal Data supplied by Customer.
Sensitive Personal Information — Not intentionally collected. Customer must not transmit special‑category or sensitive Personal Data unless required for the engagement and explicitly authorised in writing.
Retention — For SaaS subscriptions, Personal Data is retained for the active Subscription Term. For one‑off migration or other professional‑services projects, Personal Data is retained for the project term set out in the relevant Order Form or Statement of Work. After the applicable term ends, data is deleted within a commercially reasonable period unless law requires longer storage. Customer may request expedited deletion or alternative retention, which the Company will evaluate case by case.
Frequency of transfer — Continuous or ad‑hoc transfers occur as needed to perform the Services.
Duration of Processing — For SaaS subscriptions, Processing continues for the Subscription Term. For migration or other professional‑services engagements, Processing continues for the project term. Limited Processing may continue thereafter only as required by law or agreed retention arrangements.
The Customer is deemed to have executed this DPA, including incorporated SCCs, by accepting the Terms of Service or signing an Order Form
ClonePartner
Bespoke data migration and custom integration services for your best customers.
ClonePartner
Bespoke data migration and custom integration services for your best customers.
ClonePartner
Bespoke data migration and custom integration services for your best customers.