Wayroll Data Processing Agreement
Thank you for using Wayroll!
Wayroll is a US based company and our data infrastructure is based in the US. Processing and storing data in a secure, fair, and transparent way is extremely important to us.
This Data Processing Agreement (“DPA”) is an addendum to the Terms of Service between Wayroll and the customer.
If you are accepting this DPA on behalf of your customer, you warrant that: (a) you have full legal authority to bind your customer to this DPA; (b) you have read and understand this DPA; and (c) you agree, on behalf of your customer, to this DPA.
These service terms incorporate the Wayroll Data Processing Agreement (“DPA”), when the General Data Protection regulation (“GDPR”) applies to your use of Wayroll services to process data as defined in the DPA. We protect and secure your data to the high standards set out in the agreement.
Definitions
-
“You” or “customer” refers to the company or organization that signs up to use the Wayroll platform to analyze data.
-
In the course of providing the Wayroll service to customer pursuant to the agreement, Wayroll may process data on behalf of customer.
-
In this Data Processing Agreement (“DPA”), “Data Protection Legislation” means the General Data Protection Regulation (Regulation (EU) 2016/279), and all other applicable laws relating to processing of data and privacy that may exist in any relevant jurisdiction.
-
“data controller”, “data processor”, “data subject”, “personal data” and “processing” shall be interpreted in accordance with applicable Data Protection Legislation.
-
The parties agree that customer is the data controller and that Wayroll is its data processor in relation to data that is processed in the course of providing the service.
Privacy and security of your data
We take many measures to protect and secure your data through backups, redundancies, and encryption. When you use our service to analyze financial data, Wayroll will collect information about your business.
You entrust us with your data and we take that trust to heart. You agree that Wayroll may process your data as described here for no other purpose. We do our best to deserve that trust by being open about who we are, how we work, and keeping an open door to your feedback.
You own all right, title, and interest to your data. We obtain no rights from you to your data. We do not collect and analyze personal information from your data. When using Wayroll, you 100% own and control all of your data. We don’t sell or share your data to any third-parties.
We minimize data collection in general. We obtain only the essential data points from your billing system and transactions and nothing else.
All of the data that we do obtain is kept fully secured, encrypted and hosted on AWS. This ensures that all of the site data is being covered by Amazon Web Services' strict security practices.
Processor’s obligations with respect to the controller
-
Wayroll will process data only in accordance with instructions from customer through the settings of the service, i.e. (a) to operate, maintain and support the infrastructure used to provide the service; (b) to comply with customer’s instructions and processing instructions in their use, management and administration of the service; (c) as otherwise instructed through settings of the service. Wayroll will only process data in accordance with the agreement.
-
Wayroll shall notify customer without undue delay if, in Wayroll’s opinion, an instruction for the processing of data given by customer infringes applicable Data Protection Legislation.
-
Wayroll shall guarantee the confidentiality of data processed hereunder.
-
We as humans can access your data to help you with support requests you make and to maintain and safeguard Wayroll to ensure the security of your data and the service as a whole. Wayroll shall ensure that all Wayroll personnel required to access the data are informed of the confidential nature of the data and comply with the obligations set out in this agreement.
-
Wayroll shall implement and maintain appropriate technical and organizational security measures designed to protect the data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the data and having regard to the nature of the data which is to be protected.
-
We do work with sub-processors. We've listed links to our current sub-processors in our privacy policy. With each vendor, we assess their commitment to privacy and we sign a data processing agreement with them that include the controller-processor Standard Contractual Clauses. Any such subcontractors will be permitted to process data only to deliver the services Wayroll has retained them to provide, and they shall be prohibited from using data for any other purpose.
-
If Wayroll becomes aware of any accidental, unauthorised or unlawful security breach, destruction, loss, alteration, or disclosure of the personal data that is processed by Wayroll in the course of providing the service, it shall without undue delay (not later than 48 hours after having become aware of it), notify customer by email and provide customer with a description of the incident as well as periodic updates to information about the incident, including its impact on customer content. Wayroll shall additionally take action to investigate the incident and reasonably prevent or mitigate the effects of the incident.
-
Wayroll shall not on its own authority rectify, erase or restrict the processing of data that is being processed on behalf of the controller (unless this is required by law or the Processor Terms of Service), but shall only do so on documented instructions from the controller and in accordance to the data retention rules associated to the controller subscription plan.
How we handle delete instructions
You can choose to delete your account at any time. We provide simple no-questions-asked deletion links.
All your data will be permanently deleted immediately when you delete your Wayroll account. We cannot recover this information once it has been permanently deleted.
Customer undertakings and Wayroll assistance
-
Customer warrants that it has all necessary rights to provide to Wayroll the data for processing in connection with the provision of the Wayroll services.
-
Customer shall comply at all times with Data Protection Legislations in respect of all data it provided to Wayroll pursuant to the Agreement.
-
Customer understands, as a controller, that it is responsible (as between customer and Wayroll) for:
-
determining the lawfulness of any processing, performing any required data protection impact assessments, and accounting to regulators and individuals, as may be needed;
-
providing relevant privacy notices to data subjects as may be required in your jurisdiction;
-
implementing your own appropriate technical and organizational measures to ensure and demonstrate processing in accord with this DPA;
-
notifying any relevant regulators or authorities of any incident as may be required by law in your jurisdiction.
-
Liability and Indemnity
- Each party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the indemnified party and arising directly or indirectly out of or in connection with a breach of this DPA.
Duration and Termination
-
The DPA is effective as of August 12, 2022 and replaces and supersedes any previously agreed data processing agreement between you and Wayroll relating to the GDPR.
-
Termination or expiration of this DPA shall not discharge the parties from the confidentiality obligations herein.
Are customers required to sign the Wayroll DPA?
In order to use our products and services, you need to accept our DPA. By using our product you are agreeing to our terms of service, and you are automatically accepting our DPA and do not need to sign a separate document. We provide the same privacy rights and protection to all customers.
Can a customer share the Wayroll DPA with its customers?
Yes. The DPA is a publicly available document and customers who wish to share it with their customers to confirm our security measures and other terms may feel free to do so.
Do customers need to notify anyone upon accepting our DPA?
No. You are not required to notify us or any third party upon accepting our DPA though, as mentioned above, you are free to do so.
Contact Us
If you have a question about the Data Processing Agreement (DPA), please contact us.
Last updated: August 12, 2022