Effective date:
Terms for processing third-party personal data when Hey Beaver supports customer websites, forms, hosting, or publication.
Parties
The controller is the customer using the service in relation to third-party personal data collected or processed on customer websites. The processor is Seidr sp. z o.o., ul. Marsz. Józefa Piłsudskiego 74 / 320, 50-020 Wrocław, KRS 0001189184, NIP 8971958342. This DPA is an annex to the Terms or a separate agreement between the parties.
Subject matter and duration
The processing concerns personal data processed in connection with website creation, hosting, publication, contact forms, analytics, and technical support for customer websites. Processing lasts for the term of the main agreement and the period necessary to delete, return, or secure data after termination.
Nature and purpose
Processing includes storage, organisation, display, transmission, protection, deletion, export, and technical processing of data to provide services to the customer.
Categories of data subjects and data
- visitors to customer websites, form submitters, potential customers, employees, contractors, and customer representatives
- name, email, phone number, company name, message content, IP address, technical data, form data, and other data entered by the customer
Controller instructions
We process personal data only on documented instructions from the controller unless law requires otherwise. The Terms, account configuration, service settings, support tickets, and this DPA form documented instructions.
Processor obligations
- maintain confidentiality
- allow processing only by authorised persons
- apply appropriate technical and organisational measures
- reasonably assist with data-subject rights, breaches, DPIAs, and authority consultations
- delete or return data after termination unless law requires storage
- provide information necessary to demonstrate compliance
- allow audits within a reasonable scope after prior agreement
Security
- access control and authentication
- customer data separation where technically appropriate
- backups and encrypted transmission
- security monitoring, incident procedures, and administrative access restrictions
Subprocessors
The customer gives general authorisation to use subprocessors necessary to provide the service. The main subprocessors are published in the Subprocessor List. We will notify material changes in the manner used in the service.
Transfers, breaches, and liability
Transfers outside the EEA are covered by an appropriate legal mechanism where required. We will notify the controller of a personal data breach without undue delay after becoming aware of it. Liability is subject to the limits in the Terms or main agreement unless this would violate mandatory law.