Data Processing Agreement

This DPA applies when RaketaLabs processes customer personal data on behalf of a business customer through MeetBridge and data protection law requires processor terms.

The customer agreement, order form, and this DPA form one agreement. If they conflict on data protection matters, a signed DPA or negotiated customer agreement controls.

The customer is the controller or processor that appoints MeetBridge as its processor or subprocessor. RaketaLabs processes customer personal data only on documented instructions, including instructions inherent in use of configured service features.

If an instruction appears unlawful, RaketaLabs may notify the customer and pause the affected processing until the issue is resolved.

The subject matter is the provision, security, support, and authorized improvement of MeetBridge. Processing continues for the customer term plus the period needed for return, deletion, backups, security, disputes, and law.

The customer is responsible for lawful instructions, transparency, legal bases, participant notices, required permissions, data accuracy, access controls, retention settings, and responding as controller to data subject requests.

The customer must not submit special-category, biometric, criminal-offence, health, payment, or other highly sensitive data unless it has established a lawful basis and appropriate safeguards and the parties have agreed the use where required.

RaketaLabs will ensure personnel authorized to process customer personal data are bound by confidentiality duties and receive access only as needed for their responsibilities.

RaketaLabs will maintain risk-appropriate technical and organizational measures designed to protect customer personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

The customer authorizes RaketaLabs to use subprocessors for service functions such as hosting, storage, security, communications, authentication, payments, support, speech processing, translation, and generated speech.

RaketaLabs will impose data-protection obligations appropriate to the services performed and remains responsible for its processor obligations. Current subprocessor information can be requested through the MeetBridge contact page or security review process.

Where required by contract or law, RaketaLabs will provide notice of a material new subprocessor and a reasonable opportunity to object on legitimate data-protection grounds.

If customer personal data is transferred internationally, the parties will use an applicable transfer mechanism such as an adequacy decision, standard contractual clauses, recognized contractual safeguards, or another lawful basis.

RaketaLabs will implement supplementary measures where reasonably required by applicable law and the transfer risk.

Taking into account the nature of processing, RaketaLabs will provide reasonable assistance for customer responses to access, correction, deletion, restriction, portability, objection, or consent-withdrawal requests.

If RaketaLabs receives a request concerning customer personal data, it may direct the requester to the customer unless law prohibits doing so.

RaketaLabs will notify the customer without undue delay after confirming a personal data breach involving customer personal data and will provide available information reasonably needed for the customer's legal obligations.

Notification is not an admission of fault. The customer is responsible for controller notifications unless the parties agree otherwise.

RaketaLabs will provide reasonable information and assistance for data protection impact assessments and regulator consultations relating to customer use of MeetBridge, taking into account the nature of processing and information available.

RaketaLabs will make available information reasonably necessary to demonstrate compliance with processor obligations. The parties should first use current security documentation, questionnaires, certifications, or independent reports where available.

Any additional audit must be legally required or reasonably necessary, scheduled with advance notice, limited in scope and frequency, protect other customers and confidential information, and avoid unreasonable disruption. The requesting customer bears reasonable costs unless a material breach is found.

At the end of service and on documented request, RaketaLabs will return or delete customer personal data according to product capability, the customer agreement, legal obligations, security needs, and backup cycles.

Data required by law or retained in restricted backups remains protected and is not used for other purposes.

This DPA does not apply to personal data RaketaLabs independently controls for account administration, billing, security, legal compliance, website operations, or direct customer relationship management. That processing is described in the Privacy Policy.