Data Processing Agreement
This DPA outlines the data protection obligations between you (the Controller) and us (the Processor).
1. Roles & Scope
This Data Processing Agreement ("DPA") forms part of the Terms of Service between the Customer (as "Data Controller") and BCM Technologies (as "Data Processor").
It applies to the processing of personal data by BCM Technologies on behalf of the Customer in the course of providing the TradeBook Service.
2. Types of Personal Data
The personal data processed includes, but is not limited to:
- Customer Site Contacts: Name, phone number, address, email.
- Engineer/Staff Data: Location data, schedules, contact info, performance metrics.
- End-User Data: Any personal information included in job notes, photos, or attachments.
3. Sub-processors
Customer agrees that BCM Technologies may engage third-party sub-processors to assist in providing the Service. Our primary sub-processors include:
- Amazon Web Services (AWS): Cloud infrastructure and hosting.
- Stripe: Payment processing services.
- Postmark/SendGrid: Email delivery services.
- OpenAI: AI-powered dispatch and analysis (anonymized data).
4. Technical & Organizational Measures
BCM Technologies implements industry-standard security measures to protect Customer Data, including:
- Encryption of data at rest and in transit.
- Granular access controls and multi-factor authentication.
- Regular security training for all personnel.
- Disaster recovery and business continuity planning.
5. International Data Transfers
If personal data is transferred to a country outside the EEA or UK that does not provide an adequate level of protection, BCM Technologies will ensure that such transfers are subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs).
