Worklyne/Resources / DPA
// DPA

Data Processing
Addendum.

Our standard DPA for enterprise customers, aligned with GDPR, UK GDPR, and other regulations.

Trust Center Request countersignature

This Data Processing Addendum ("DPA") forms part of the agreement between Worklyne, Inc. ("Processor") and the Customer ("Controller") for the processing of personal data under the Worklyne service.

1. Scope & roles

For personal data submitted to the service, Customer is the Controller and Worklyne is the Processor, processing personal data only on Customer's documented instructions.

2. Subject matter & duration

The subject matter is the provision of the Worklyne service. Duration matches your subscription term plus any data-export period.

3. Nature & purpose

To deliver, secure, support, and improve the service. Specific processing activities are described in the Annex of your signed DPA.

4. Sub-processors

A current list of sub-processors is maintained in our Trust Center. We provide advance notice of changes and an opportunity to object.

5. International transfers

Where personal data is transferred internationally, we rely on appropriate safeguards including the Standard Contractual Clauses and applicable supplementary measures.

6. Security

Worklyne implements technical and organizational measures described in our Security page and Annex II of the DPA, including encryption, access controls, audit logging, and incident response.

7. Data subject requests

Worklyne provides tooling for Controllers to fulfill data-subject rights (access, correction, deletion, portability, restriction) and assists where reasonably required.

8. Personal data breaches

Worklyne notifies Customer without undue delay (within 72 hours where feasible) after becoming aware of a personal-data breach affecting Customer data.

9. Audit rights

Customer may audit Worklyne's compliance with this DPA, subject to confidentiality, frequency, and scope limits. Third-party audit reports (SOC 2, ISO 27001) satisfy this obligation in most cases.

10. Deletion & return

Upon termination, Worklyne deletes or returns personal data within 30 days, unless retention is required by law.

To countersign our standard DPA, contact legal@worklyne.com. A signed copy is typically returned within two business days.

This page summarizes our standard DPA. Negotiated terms in your master agreement govern.