This Data Processing Addendum (“DPA”) forms part of the agreement between you (the “Controller”) and Snowtrek, Inc. (the “Processor”) and reflects the parties' agreement on the processing of personal data in connection with the Service. Where required, it incorporates the EU Standard Contractual Clauses.
Snowtrek processes personal data on your behalf and under your documented instructions, which include this DPA and your use of the Service. You remain the controller of the personal data you submit.
We process repository metadata, changelog content, and account information to provide the Service as described in the agreement, for the duration of your subscription.
Our personnel authorized to process personal data are bound by appropriate confidentiality obligations and receive regular data protection and security training.
We implement technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, logging, and regular testing. A summary is available on our Security page.
You authorize Snowtrek to engage the sub-processors listed on our Sub-processors page. We impose data protection obligations on each sub-processor and remain responsible for their performance. We will give notice of new sub-processors and an opportunity to object.
Where personal data is transferred outside its region of origin, we rely on an appropriate transfer mechanism, including the Standard Contractual Clauses, supplemented by additional safeguards where needed.
We assist you with data subject requests and with your obligations regarding security, impact assessments, and consultation. We will notify you without undue delay after becoming aware of a personal data breach affecting your data.
On termination, we delete or return personal data in accordance with our Privacy Policy and the agreement, unless retention is required by law.