Data Processing Agreement (WIP)

Last updated: Apr 29, 2025

This Data Processing Agreement ("DPA") is entered into by the Tunofy customer identified on the applicable Tunofy ordering or registration document ("Customer") and Tunofy, the company providing the platform and services. It governs the processing of personal data that the Customer uploads or otherwise provides to Tunofy in connection with the use of the Tunofy platform, as well as any personal data that Tunofy uploads or provides to the Customer in connection with the services.

1. Definitions

"Account Data" means Personal Data that relates to Customer’s relationship with Tunofy, including access to Customer’s account and billing information, identity verification, maintaining or improving performance of the Services, providing support, investigating and preventing system abuse, or fulfilling legal obligations.

"Applicable Data Protection Legislation" refers to laws and regulations applicable to Tunofy's processing of personal data under the Agreement, including (a) the GDPR, (b) the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2019 ("UK GDPR") and the Data Protection Act 2018 (together, "UK Laws"), (c) the Swiss Federal Data Protection Act and its implementing regulations ("Swiss DPA"), and (d) CCPA, in each case, as may be amended, superseded or replaced.

"Customer Personal Data" means Personal Data Tunofy processes as a Processor on behalf of Customer.

"CCPA" means the California Consumer Privacy Act of 2018 including regulations adopted in following years, including the California Privacy Rights Act of 2020.

2. Nature of Data Processing

Tunofy processes Customer Personal Data solely for providing its services, including access to Customer’s account and billing information, identity verification, maintaining or improving performance, providing support, investigating and preventing abuse, and fulfilling legal obligations.

3. Compliance with Laws

The parties shall each comply with their respective obligations under all Applicable Data Protection Legislation.

4. Customer Obligations

Customer agrees to:

  1. Provide instructions to Tunofy and determine the purposes and general means of Tunofy’s processing of Customer Personal Data in accordance with the DPA;
  2. Comply with its protection, security, and other obligations with respect to Customer Personal Data prescribed by Applicable Data Protection Legislation for data controllers by:
    • Establishing and maintaining a procedure for the exercise of the rights of the individuals whose Customer Personal Data are processed on behalf of Customer;
    • Processing only data that has been lawfully and validly collected and ensuring that such data will be relevant and proportionate to the respective uses;
    • Ensuring compliance with the provisions of this DPA by its personnel or by any third-party accessing or using Customer Personal Data on its behalf.