Data Processing Addendum

This DPA applies where Triprr LTD processes personal data on behalf of a customer (controller) under the GDPR. It is incorporated into our Terms of Service.

Scope

Subject matter: provision of the Triprr service. Nature: collaborative trip planning. Categories of data subjects: customer's authorised users and invited members. Categories of personal data: as listed in the Privacy Policy.

Processor obligations

We process personal data only on documented instructions from the controller, ensure persons authorised to process have committed to confidentiality, implement appropriate security measures, and assist the controller with data subject requests and breach notification.

Subprocessors

The current list is at /legal/subprocessors. We give controllers prior notice of new subprocessors and a reasonable opportunity to object.

International transfers

Where personal data is transferred outside the EEA we rely on the EU Standard Contractual Clauses (2021/914) module 3 as incorporated by reference.

Return and deletion

On termination, we delete or return personal data within 60 days, except where retention is required by law.

Need a signed DPA? Email info@triprr.ai from your work address and we'll send one.