Data Processing Addendum (DPA) | THICKRIM

1. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
"Controller" means the entity that determines the purposes and means of processing Personal Data.
"Processor" means the entity that processes Personal Data on behalf of the Controller.

2. Scope and Application

This DPA applies to all Processing of Personal Data by THICKRIM LLC on behalf of our clients in connection with our services, including but not limited to:

• Website development and hosting services
• Digital marketing and analytics services
• CRM and lead management services
• Email marketing and automation services

3. Processing Details

Subject Matter

The subject matter of processing is the provision of digital marketing and web development services as described in our service agreements.

Duration

Processing will continue for the duration of the service agreement and as necessary to fulfill legal obligations or legitimate business purposes.

Nature and Purpose

Processing is performed for the purposes of providing, maintaining, and improving our services, including analytics, customer support, and service delivery.

Types of Personal Data

We may process contact information, usage data, technical data, and other information as described in our Privacy Policy.

4. Our Obligations

As a Processor, we agree to:

• Process Personal Data only in accordance with your documented instructions
• Ensure persons authorized to process Personal Data are bound by confidentiality
• Implement appropriate technical and organizational measures to ensure security
• Assist you in responding to data subject requests
• Assist you in ensuring compliance with GDPR obligations
• Return or delete Personal Data at the end of the service relationship
• Make available information necessary to demonstrate compliance

5. Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication
• Incident detection and response procedures
• Regular backups and disaster recovery plans
• Employee training on data protection

6. Sub-Processors

We may engage sub-processors to assist in providing our services. We maintain a list of sub-processors and will notify you of any changes. You may object to new sub-processors by contacting us within 30 days of notification.

Current Sub-Processors

• Google Analytics (analytics services)
• HubSpot (CRM and marketing automation)
• Supabase (database and hosting services)
• Vercel (hosting and CDN services)

7. Data Subject Rights

We will assist you in responding to requests from data subjects to exercise their rights under GDPR, including:

• Right to access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object

8. Data Breach Notification

In the event of a personal data breach, we will notify you without undue delay after becoming aware of the breach. We will provide you with information necessary to help you meet your obligations to report the breach to supervisory authorities and data subjects.

9. International Transfers

If we transfer Personal Data outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Contact Information

For questions about this DPA or to exercise your rights, please contact us:

THICKRIM LLC

privacy@thickrim.com

1. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.

"Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.

"Controller" means the entity that determines the purposes and means of processing Personal Data.

"Processor" means the entity that processes Personal Data on behalf of the Controller.

2. Scope and Application

This DPA applies to all Processing of Personal Data by THICKRIM LLC on behalf of our clients in connection with our services, including but not limited to:

• Website development and hosting services

• Digital marketing and analytics services

• CRM and lead management services

• Email marketing and automation services

3. Processing Details

Subject Matter

The subject matter of processing is the provision of digital marketing and web development services as described in our service agreements.

Duration

Processing will continue for the duration of the service agreement and as necessary to fulfill legal obligations or legitimate business purposes.

Nature and Purpose

Processing is performed for the purposes of providing, maintaining, and improving our services, including analytics, customer support, and service delivery.

Types of Personal Data

We may process contact information, usage data, technical data, and other information as described in our Privacy Policy.

4. Our Obligations

As a Processor, we agree to:

• Process Personal Data only in accordance with your documented instructions

• Ensure persons authorized to process Personal Data are bound by confidentiality

• Implement appropriate technical and organizational measures to ensure security

• Assist you in responding to data subject requests

• Assist you in ensuring compliance with GDPR obligations

• Return or delete Personal Data at the end of the service relationship

• Make available information necessary to demonstrate compliance

5. Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including:

• Encryption of data in transit and at rest

• Regular security assessments and audits

• Access controls and authentication

• Incident detection and response procedures

• Regular backups and disaster recovery plans

• Employee training on data protection

6. Sub-Processors

Current Sub-Processors

• Google Analytics (analytics services)
• HubSpot (CRM and marketing automation)
• Supabase (database and hosting services)
• Vercel (hosting and CDN services)