This Data Processing Agreement ("DPA") forms part of the
Terms of Service between you ("Data Controller", "Customer") and Status Blocks ("Data Processor", "we", "us"). It applies when we process personal data on your behalf in connection with providing the Service.
1. Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Status Blocks on behalf of the Customer in connection with the Service.
- "Processing" means any operation or set of operations performed on Personal Data, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
- "Data Protection Laws" means all applicable laws relating to data protection and privacy, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, and any applicable national implementing legislation.
- "Sub-processor" means any third party engaged by Status Blocks to process Personal Data on behalf of the Customer.
- "Data Subject" means the identified or identifiable natural person to whom the Personal Data relates.
2. Scope and Roles
This DPA applies to the processing of Personal Data by Status Blocks on behalf of the Customer.
- The Customer is the Data Controller and determines the purposes and means of processing Personal Data.
- Status Blocks is the Data Processor and processes Personal Data only on behalf of and in accordance with the documented instructions of the Customer.
3. Details of Processing
| Subject Matter |
Provision of the Status Blocks SaaS platform, including status page hosting, metrics tracking, event logging, user analytics, and funnel analysis. |
| Duration |
For the duration of the Customer's use of the Service, plus any period required for data deletion in accordance with Section 10. |
| Nature and Purpose |
Processing is necessary to provide the Service, including storing, analysing, and displaying data submitted by the Customer via the Status Blocks API and dashboard. |
| Categories of Data Subjects |
End users of the Customer's applications and services, as determined by the Customer. |
| Types of Personal Data |
As determined by the Customer, which may include: user identifiers, IP addresses, device information, usage/event data, and any other personal data sent to the Service via the API. |
4. Obligations of the Data Processor
Status Blocks shall:
- Process Personal Data only on documented instructions from the Customer, unless required by applicable law (in which case we will inform the Customer before processing, unless prohibited by law).
- Ensure that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing.
- Not engage another processor (sub-processor) without prior specific or general written authorisation of the Customer.
- Assist the Customer in fulfilling its obligations to respond to Data Subject requests.
- Assist the Customer in ensuring compliance with security, breach notification, impact assessment, and prior consultation obligations under Data Protection Laws.
- At the choice of the Customer, delete or return all Personal Data after the end of the provision of the Service, and delete existing copies unless storage is required by applicable law.
- Make available to the Customer all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits and inspections.
5. Obligations of the Data Controller
The Customer shall:
- Ensure that there is a lawful basis for the processing of Personal Data by Status Blocks, including obtaining any necessary consents from Data Subjects.
- Provide documented processing instructions to Status Blocks.
- Ensure compliance with all applicable Data Protection Laws in relation to its use of the Service.
- Promptly notify Status Blocks of any changes to processing instructions or relevant data protection requirements.
6. Security Measures
Status Blocks implements and maintains appropriate technical and organisational security measures, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and authentication mechanisms
- Regular security assessments and vulnerability testing
- Incident detection and response procedures
- Employee security awareness training
- Physical security of data centre facilities (where applicable)
- Regular backups and disaster recovery procedures
7. Sub-processors
The Customer provides general authorisation for Status Blocks to engage sub-processors. We shall:
- Maintain a list of current sub-processors, available upon request.
- Notify the Customer of any intended additions or replacements of sub-processors, giving the Customer the opportunity to object.
- Ensure that sub-processors are bound by data protection obligations no less protective than those set out in this DPA.
- Remain fully liable to the Customer for the performance of sub-processors' obligations.
8. Data Subject Rights
Status Blocks shall assist the Customer in responding to requests from Data Subjects exercising their rights under Data Protection Laws, including rights of access, rectification, erasure, restriction, portability, and objection.
If Status Blocks receives a request directly from a Data Subject, we will promptly redirect the request to the Customer, unless legally required to respond directly.
9. Data Breach Notification
In the event of a personal data breach, Status Blocks shall:
- Notify the Customer without undue delay (and in any event within 72 hours) after becoming aware of the breach.
- Provide sufficient information to enable the Customer to fulfil its obligations to report the breach to the relevant supervisory authority and affected Data Subjects.
- Cooperate with the Customer and take reasonable steps to assist in the investigation, mitigation, and remediation of the breach.
10. Data Retention and Deletion
Upon termination of the Service or upon the Customer's written request, Status Blocks shall:
- Delete or return all Personal Data processed on behalf of the Customer.
- Delete existing copies of Personal Data within 30 days, unless applicable law requires further storage.
- Provide written confirmation of deletion upon request.
During the term of the agreement, event and metrics data is retained according to the Customer's subscription plan retention period and automatically deleted thereafter.
11. International Transfers
Where Personal Data is transferred outside the European Economic Area (EEA) or the United Kingdom, Status Blocks shall ensure that appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) as approved by the European Commission
- Transfer to countries with an adequacy decision from the European Commission
- Other legally recognised transfer mechanisms under applicable Data Protection Laws
12. Audits
Status Blocks shall make available to the Customer all information necessary to demonstrate compliance with this DPA and shall allow for and contribute to audits, including inspections, conducted by the Customer or an independent auditor mandated by the Customer.
The Customer shall provide reasonable notice of any audit request and shall ensure that audits are conducted during normal business hours with minimal disruption to operations.
13. Liability
Each party's liability under this DPA is subject to the limitations of liability set out in the Terms of Service.
14. Term and Termination
This DPA shall remain in effect for as long as Status Blocks processes Personal Data on behalf of the Customer. It shall automatically terminate when the Customer's use of the Service ends, subject to the data deletion obligations in Section 10.
15. Contact
For questions about this DPA or to exercise any rights under it, please contact us at:
Email: dpa@statusblocks.com