1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Payment Hunter ("Processor") and the customer ("Controller") for the provision of invoice management and payment reminder services.

This DPA reflects the parties' agreement with respect to the processing of personal data in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
"Data Subject" means the individual to whom Personal Data relates.
"Sub-processor" means any third party engaged by the Processor to process Personal Data.

3. Scope of Processing

The Processor shall process Personal Data only for the following purposes:

Extracting and storing invoice data uploaded by the Controller
Managing client contact information for payment reminders
Sending automated payment reminder emails on behalf of the Controller
Providing analytics and reporting on invoice and payment status

4. Processor Obligations

The Processor agrees to:

Process Personal Data only on documented instructions from the Controller
Ensure that personnel processing Personal Data are bound by confidentiality obligations
Implement appropriate technical and organizational security measures
Assist the Controller in responding to Data Subject requests
Notify the Controller without undue delay of any Personal Data breach
Delete or return all Personal Data upon termination of services, at the Controller's choice
Make available all information necessary to demonstrate compliance with this DPA

5. Security Measures

The Processor implements the following security measures:

Encryption of data in transit using TLS 1.2 or higher
Encryption of data at rest
Access controls and authentication mechanisms
Regular security assessments and updates
Secure data backup procedures
Incident response and breach notification procedures

6. Sub-processors

The Controller provides general authorization for the Processor to engage Sub-processors. The Processor shall:

Maintain a list of current Sub-processors available upon request
Notify the Controller of any intended changes to Sub-processors
Ensure Sub-processors are bound by data protection obligations no less protective than this DPA
Remain liable for the acts and omissions of its Sub-processors

7. International Data Transfers

Where Personal Data is transferred outside the European Economic Area (EEA), the Processor shall ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Transfers to countries with adequate data protection levels as determined by the European Commission
Other valid transfer mechanisms under applicable data protection law

8. Data Subject Rights

The Processor shall assist the Controller in fulfilling its obligations to respond to Data Subject requests, including requests to:

Access their Personal Data
Rectify inaccurate Personal Data
Erase Personal Data ("right to be forgotten")
Restrict processing of Personal Data
Data portability
Object to processing

9. Audits

The Processor shall make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, conducted by the Controller or an auditor mandated by the Controller, subject to reasonable notice and confidentiality obligations.

10. Term and Termination

This DPA shall remain in effect for the duration of the Processor's processing of Personal Data on behalf of the Controller. Upon termination of services, the Processor shall, at the Controller's election, delete or return all Personal Data and certify such deletion, unless retention is required by applicable law.

11. Contact

For questions about this DPA or to request a signed copy, please contact us at:

Email: legal@paymenthunter.bot