Purpose

This Data Processing Agreement (DPA) governs the processing of personal data by Settleu in accordance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Definitions

• Controller: The entity that determines the purposes and means of data processing.
• Processor: Settleu, which processes data on behalf of the Controller.
• Personal Data: Any information relating to an identifiable individual.

Responsibilities

Settleu agrees to:

• Process personal data only on documented instructions from the Controller.
• Implement appropriate technical and organizational measures to protect personal data.
• Ensure confidentiality obligations for personnel with access to personal data.
• Assist the Controller in fulfilling obligations under GDPR and CCPA.

Subprocessors

Settleu may engage subprocessors for data processing. A list of subprocessors will be provided upon request, and the Controller will be notified of changes.

Data Subject Rights

Settleu will assist the Controller in responding to data subject requests, including access, rectification, deletion, and data portability.

Data Breaches

Settleu will notify the Controller without undue delay upon becoming aware of a data breach affecting personal data.

Data Transfers

Settleu ensures that data transfers outside the European Economic Area (EEA) comply with applicable legal requirements, including Standard Contractual Clauses where necessary.

Retention and Deletion

Upon termination of the agreement, Settleu will delete or return all personal data to the Controller unless required by law to retain it.

Contact Us

If you have any questions about this Data Processing Agreement, please contact us:

• Email: privacy@settleu.eu
• Phone: +34 685 535 263
• Address: Ribera 14, Barcelona, Spain