Legal

Data Processing Agreement

This DPA outlines the data protection obligations between you (the Controller) and us (the Processor).

1. Roles & Scope

This Data Processing Agreement ("DPA") forms part of the Terms of Service between the Customer (as "Data Controller") and BCM Technologies (as "Data Processor").

It applies to the processing of personal data by BCM Technologies on behalf of the Customer in the course of providing the TradeBook Service.

2. Types of Personal Data

The personal data processed includes, but is not limited to:

  • Customer Site Contacts: Name, phone number, address, email.
  • Engineer/Staff Data: Location data, schedules, contact info, performance metrics.
  • End-User Data: Any personal information included in job notes, photos, or attachments.

3. Sub-processors

Customer agrees that BCM Technologies may engage third-party sub-processors to assist in providing the Service. Our primary sub-processors include:

  • Amazon Web Services (AWS): Cloud infrastructure and hosting.
  • Stripe: Payment processing services.
  • Postmark/SendGrid: Email delivery services.
  • OpenAI: AI-powered dispatch and analysis (anonymized data).

4. Technical & Organizational Measures

BCM Technologies implements industry-standard security measures to protect Customer Data, including:

  • Encryption of data at rest and in transit.
  • Granular access controls and multi-factor authentication.
  • Regular security training for all personnel.
  • Disaster recovery and business continuity planning.

5. International Data Transfers

If personal data is transferred to a country outside the EEA or UK that does not provide an adequate level of protection, BCM Technologies will ensure that such transfers are subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs).