Member's Login

Data Processing Agreement

Home Data Processing Agreement

Here’s the full Data Processing Agreement (DPA) rewritten professionally for Franstorm AI LLC, replacing all references to “Meet Alfred” with Franstorm AI LLC, and updating the contact details to support@franstorm.com and www.franstorm.com.

Franstorm AI LLC – Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is incorporated into and is subject to the terms and conditions of the Agreement between Franstorm AI LLC and the customer entity that is a party to the Agreement (“Customer” or “you”).

All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement.

Defined Terms

For purposes of this DPA, the following definitions apply:

  • Agreement – means this Data Processing Agreement and its schedules.
  • Controller – has the meaning given to it in:
    (a) the GDPR, if applicable; or
    (b) the UK DPA, if applicable.
  • Data Protection Authority – means:
    (a) if the GDPR is applicable, a “Supervisory Authority” as defined in the GDPR; or
    (b) if the UK DPA is applicable, the Information Commissioner.
  • Data Protection Impact Assessment – means an assessment as described in Article 35 of the GDPR.
  • Data Protection Laws – means:
    (a) the UK DPA;
    (b) the GDPR, Directive 95/46/EC, Directive 2002/58/EC, Directive 2009/136/EC, and any national implementing laws in any EU Member State; and
    (c) any equivalent legislation dealing with the same subject matter, worldwide.
  • Data Subject – has the meaning given to it in the GDPR or UK DPA, as applicable.
  • GDPR – means Regulation (EU) 2016/679, as amended or replaced from time to time.
  • Personal Data – has the meaning given to it in the GDPR or UK DPA, as applicable.
  • Personal Data Breach – has the meaning given to it in the GDPR or UK DPA, as applicable.
  • Personnel – means any employee, contractor, consultant, or temporary staff of either party.
  • Process, Processing, or Processed – have the meanings set forth in the GDPR.
  • Processor – has the meaning given to it in the GDPR.
  • Relevant Personal Data – means the categories of Personal Data described in Schedule 1 and processed in connection with the provision of the Services.
  • Services – means the Franstorm AI web services as described in the Services Agreement.
  • Services Agreement – means the terms of service agreement entered into by the Parties.
  • Subprocessor – means any third party (including affiliates and subcontractors) engaged by Franstorm AI to process Relevant Personal Data.
  • Term – has the meaning given in Clause 2.
  • UK DPA – means the Data Protection Act 2018, as amended or replaced.

1. Obligations of Franstorm AI LLC

1.1 Compliance

Franstorm AI shall, and shall ensure that its Personnel, agents, and Subprocessors comply with all applicable Data Protection Laws.

1.2 Security

Franstorm AI represents and warrants that it implements appropriate technical and organizational measures to protect Relevant Personal Data in accordance with Articles 32–34 of the GDPR. These measures are designed to prevent unauthorized access, alteration, loss, or destruction of data.

Franstorm AI conducts regular internal security reviews and maintains updated documentation of its security framework.

1.3 Roles

The Parties acknowledge that the Customer is the Controller and Franstorm AI is the Processor.

Franstorm AI shall:

(a) Process Personal Data only as instructed by the Customer and in compliance with applicable laws;
(b) Notify the Customer promptly if it cannot comply with any instruction due to legal obligations;
(c) Maintain complete, accurate, and current records of all processing activities for at least four (4) years and provide such records upon request;
(d) Ensure confidentiality by:

  • Limiting data access to authorized Personnel and Subprocessors;
  • Requiring confidentiality commitments from all Personnel and Subprocessors.

1.4 Subprocessors

Franstorm AI shall only engage Subprocessors with prior written authorization from the Customer and shall ensure Subprocessors are bound by equivalent obligations as those in this Agreement.

1.5 Data Subject Rights

At the Customer’s request and expense, Franstorm AI will provide reasonable assistance to respond to Data Subject access or deletion requests.

1.6 Breach Notification

Franstorm AI shall notify the Customer within 24 hours of becoming aware of:

  • Any Personal Data Breach;
  • Any material violation of this DPA; or
  • Any correspondence from a Data Subject or Data Protection Authority concerning processing of Relevant Personal Data.

1.7 Deletion or Return of Data

Within 30 days of termination or expiration of the Agreement, Franstorm AI shall permanently and securely delete or return all Relevant Personal Data, unless retention is required by law.

1.8 Audits

At the Customer’s request and expense, Franstorm AI shall provide audit access to demonstrate compliance with this DPA and Data Protection Laws.

2. General

2.1 Term

This Agreement shall commence upon execution and automatically terminate when the Services Agreement expires or is terminated.

2.2 Counterparts

This Agreement may be executed in counterparts, each constituting an original.

2.3 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of England and Wales, and disputes shall be subject to the exclusive jurisdiction of the English courts.

3. Security

3.1 Cloud Infrastructure

Franstorm AI operates entirely in the cloud and does not manage on-premise routers, servers, or hardware.

3.2 Infrastructure Provider

Franstorm AI’s infrastructure is hosted on Amazon Web Services (AWS), which maintains industry-leading security certifications and compliance standards.

3.3 Data Pseudonymization

Personal Data is pseudonymized wherever possible, ensuring non-essential identifiers are truncated to protect Data Subject privacy.

3.4 Security & Compliance

For full details on technical and organizational measures, refer to our Security & Compliance Policy at www.franstorm.com/security.

Schedule 1 – Data Processing Activities

Scope of Processing

Franstorm AI’s fulfillment of its obligations under the Services Agreement will involve:

  • Provision of automation and CRM services;
  • Service improvement, analytics, and updates.

Duration

Processing of Relevant Personal Data continues for the duration of the Agreement and any legally required retention period.

Data Subjects

  • Customer Personnel;
  • Customer’s clients and prospects;
  • End-users of Customer’s services or integrations.

Categories of Personal Data

  • Contact information (name, email, profile image);
  • Login details (e.g., LinkedIn, Gmail);
  • Time zone and account preferences;
  • Device, browser, and IP information;
  • Metadata and communication logs.

Special Categories of Data

Franstorm AI does not process any Sensitive or Special Categories of Personal Data.

Purposes of Processing

  • Providing and maintaining Franstorm AI’s automation platform;
  • Managing customer accounts and technical support;
  • Enhancing service functionality and security;
  • Ensuring compliance with applicable legal obligations.

Contact Information

If you have questions, requests, or complaints regarding this DPA, please contact:

📧 support@franstorm.com
🌐 www.franstorm.com

Franstorm AI LLC
Empowering Businesses Through Smart Automation & Compliance