1. Scope and Applicability
This DPA applies where Temso processes personal data on behalf of the Customer in the course of providing its Services. It supplements the Terms of Service and forms part of the agreement between Temso and the Customer.
2. Roles and Responsibilities
Customer is the data controller.
Temso is the data processor (as defined under GDPR Article 4).
Both parties shall comply with their respective obligations under applicable data protection laws.
3. Types of Personal Data
Temso may process the following categories of personal data:
Name
Email address
Company information
IP addresses
Usage logs and activity metadata
Website data (if integrated)
Temso does not knowingly process special categories of personal data (e.g. racial or ethnic origin, political opinions, health data).
4. Purpose of Processing
Temso processes personal data solely for the purpose of:
Providing and improving the Services
Enabling AI-powered features (e.g., insights, analysis, performance)
Ensuring account and billing management
Monitoring system performance and security
Temso does not process customer data for advertising or model training without explicit consent.
5. Subprocessors
Temso uses vetted subprocessors to help provide the Services (e.g., GCP, Stripe, analytics tools). A full list is available at [temso.ai/legal/subprocessors].
All subprocessors are bound by contractual terms equivalent to this DPA.
Customers may subscribe to change notifications or object (reasonably) to new subprocessors.
6. Data Transfers
Where personal data is transferred outside the EEA, UK, or Switzerland, Temso ensures adequate protection through:
Standard Contractual Clauses (SCCs)
Data Privacy Framework (DPF) (where applicable)
Additional security controls
7. Security Measures
Temso implements appropriate technical and organizational security measures, including:
Data encryption in transit and at rest
Access controls and user authentication
Network monitoring and intrusion detection
Regular vulnerability scanning and audits
Employee confidentiality agreements and training
8. Data Subject Rights
Temso will assist the Customer in responding to data subject requests related to:
Access
Correction
Erasure
Portability
Restriction or objection to processing
Temso will promptly notify the Customer of any such requests.
9. Breach Notification
In the event of a personal data breach, Temso shall:
Notify the Customer without undue delay
Provide relevant details of the incident
Assist in any investigation or regulatory communication
10. Data Deletion and Return
Upon termination or expiration of the Agreement, Temso will:
Delete Customer data within 30 days (unless legally required to retain it)
Provide confirmation of deletion upon written request
Allow for secure export of Customer data prior to deletion
11. Audits and Certifications
Temso will:
Make available relevant information to demonstrate compliance (e.g., security documentation, audit logs)
Allow audits by Customer or third-party auditors with reasonable notice
Maintain compliance with data protection certifications or frameworks (as applicable)
12. Governing Law
This DPA is governed by the same jurisdiction as the main agreement, unless otherwise required by applicable law.
13. Contact
For all data protection inquiries:
📧 Email: support@temso.ai
🏢 Address: Temso Ltd, 86-90 Paul Street, London, Greater London, England, EC2A 4NE