Chatseeker DPA

Seeker Group Sp. z o.o. as Processor, and the Customer as Controller

Marcina Kasprzaka 31 / 119, 01-234 Warszawa, Poland

KRS 0001235815 · NIP 5273214719 · REGON 544523521

Effective Date: April 13, 2026

1. Subject Matter and Scope

This Data Processing Agreement ("DPA") governs the processing of personal data by Chatseeker on behalf of the Customer in connection with the use of the Service.

The duration of processing corresponds to the duration of the Service.

2. Roles of the Parties

  • The Customer is the Data Controller
  • Chatseeker acts as the Data Processor

Chatseeker processes personal data only on documented instructions from the Customer.

3. Nature and Purpose of Processing

Processing activities include:

  • storage of data
  • organization and structuring
  • retrieval and use
  • transmission and automation workflows

The purpose of processing includes provision of CRM functionality, communication workflows, analytics, and system operation.

4. Categories of Data

Depending on Customer use, data may include:

  • account data
  • chat messages
  • media files (images, videos)
  • behavioral data
  • purchase and transaction data
  • technical usage data

5. Categories of Data Subjects

  • Customers
  • End users (fans / subscribers)
  • platform users
  • employees or team members

6. Sensitive Data

The Customer acknowledges that processing may include special categories of personal data under GDPR.

Chatseeker does not determine such data and processes it only under Customer instructions.

The Customer is solely responsible for obtaining explicit consent where required and ensuring lawful processing.

7. Controller Obligations

The Customer shall:

  • ensure lawful processing under applicable law
  • provide required notices
  • obtain valid consent
  • ensure data subject rights

8. Processor Obligations

Chatseeker shall:

  • process data only on instructions
  • ensure confidentiality
  • implement security measures
  • assist the Customer where required

9. Security Measures

Chatseeker maintains appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and unauthorized access, including:

  • Encryption where appropriate
  • Role-based access controls applying least-privilege principles and multi-factor authentication
  • Network segmentation and firewalls
  • Logging and monitoring
  • Vulnerability management and timely patching
  • Secure development practices
  • Personnel confidentiality obligations and security training
  • Vendor due diligence and contractual security obligations
  • Business continuity and disaster recovery planning
  • A documented incident response process

These measures are designed to reflect the nature of the Services, the categories of personal data processed, and the risks presented by the processing.

10. Subprocessors

Chatseeker may engage subprocessors as reasonably necessary to provide, secure, maintain, and support the Services.

Chatseeker shall ensure that any authorized subprocessor is bound by written obligations that provide a level of data protection appropriate to the processing performed and consistent with applicable data protection law. The Customer authorizes the use of such subprocessors on that basis.

11. International Transfers

The Services and the server infrastructure used to provide them are hosted and operated in the United States, and personal data processed under this DPA may therefore be transferred to and processed in the United States and other jurisdictions as necessary for service delivery.

Where applicable law requires additional safeguards for international transfers, Chatseeker shall implement appropriate transfer mechanisms, including Standard Contractual Clauses or other lawful safeguards, as applicable.

12. Assistance to Controller

Chatseeker shall assist the Customer with data subject requests, security obligations, and compliance requirements to the extent reasonably possible.

13. Data Breach Notification

In case of a personal data breach, Chatseeker shall notify the Customer without undue delay and provide relevant information.

14. Deletion and Return of Data

Upon termination, data will be deleted or returned, unless retention is required by law.

Temporary retention may occur for legal or technical reasons.

15. Audits

The Customer may request reasonable information regarding compliance.

Audits must not disrupt operations and may be limited to documentation or certifications.

16. Confidentiality

Chatseeker ensures that personnel are bound by confidentiality obligations and that access is limited to authorized individuals.

17. Liability

Liability is governed by the Terms of Service.

18. Governing Law

This DPA is governed by the laws of Poland.

19. Priority

In case of conflict, this DPA prevails over the Terms regarding data processing.