Data Processing Addendum
Data Processing Addendum (DPA) outlining the terms and conditions for processing personal data in compliance with GDPR.
-
DATA PROCESSING ADDENDUM
Last Updated: October 24, 2025 at 03:20 PM
This Data Processing Addendum (“DPA”) forms part of the Master Services Agreement (“Agreement”) between Reaktif Yazılım Teknolojileri (“Raktive”) and the Customer.
1. Definitions
Terms such as “Personal Data,” “Data Controller,” “Data Processor,” and “Processing” shall have the meanings set out in the GDPR. For the purposes of this DPA, Customer is the Data Controller, and Raktive is the Data Processor.
2. Processing of Personal Data
2.1. Instructions. Raktive will process Personal Data only on the documented instructions of the Customer, as set out in the Agreement and this DPA.
2.2. Details of Processing. The subject matter, duration, nature, purpose of the processing, types of Personal Data, and categories of Data Subjects are detailed in Appendix 1.
3. Security
Raktive will implement and maintain appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, as detailed in Appendix 2.
4. Sub-processors
Raktive will not engage any sub-processor without the Customer’s prior general written authorization. Raktive will maintain a list of its sub-processors and will inform the Customer of any intended changes, giving the Customer an opportunity to object. Raktive remains fully liable for the acts and omissions of its sub-processors.
5. Data Subject Rights
Raktive will provide reasonable assistance to the Customer to enable the Customer to respond to Data Subject requests to exercise their rights under Applicable Law.
6. Personal Data Breaches
Raktive will notify the Customer without undue delay after becoming aware of a Personal Data Breach.
7. International Transfers
For transfers of Personal Data from the EEA, UK, or Switzerland to a country not deemed to provide an adequate level of data protection, the parties agree that the Standard Contractual Clauses (“SCCs”) will apply.
8. Audits
Upon reasonable request, Raktive will make available to the Customer all information necessary to demonstrate compliance with this DPA and will allow for and contribute to audits conducted by the Customer or its mandated auditor.
9. Data Deletion
Upon termination of the Agreement, Raktive will, at the Customer’s choice, delete or return all Personal Data to the Customer.
Appendix 1: Details of Processing
- Subject Matter: Provision of SaaS marketing tools as described in the Agreement.
- Duration: For the term of the Agreement.
- Nature and Purpose: To host, store, and process Personal Data as necessary to provide the Services.
- Categories of Data Subjects: End-users, employees, and contacts of the Customer.
- Types of Personal Data: Contact details, usage data, and any other data uploaded by the Customer.
Appendix 2: Technical and Organizational Measures
Raktive maintains security measures including:
- Encryption: Encryption of data in transit (TLS) and at rest (AES-256).
- Access Control: Role-based access controls and the principle of least privilege.
- Network Security: Firewalls and intrusion detection systems.
- Regular Testing: Periodic security assessments and penetration testing.