Get in Touch
Get in Touch

Kuhlekt – Data Processing Addendum (DPA)

  • Home
  • Kuhlekt – Data Processing Addendum (DPA)

 

Kuhlekt – Data Processing Addendum (DPA)

Effective Date: April 12th, 2025
Last Updated: April 12th, 2025

1. Purpose

This Data Processing Addendum (“DPA”) forms part of the Kuhlekt Terms of Service and governs Kuhlekt’s processing of personal data on behalf of the Customer as required under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Definitions

  • “Customer” means the entity that has engaged Kuhlekt for the use of its SaaS platform.
  • “Kuhlekt” means the data processor providing AR automation, collections, and reporting services.
  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • Terms such as “Data Controller,” “Data Processor,” “Sub-processor,” and “Processing” shall have the meanings given in the GDPR.

3. Scope of Processing

Kuhlekt processes personal data solely to provide its cloud-based services, which include AR automation, dispute management, reporting, and integrations with third-party payment providers (e.g., Stripe).

4. Customer Instructions

Kuhlekt will process personal data only on documented instructions from the Customer, including with regard to transfers of personal data to a third country, unless required by law.

5. Confidentiality

Kuhlekt ensures that all personnel who access personal data are under confidentiality agreements or statutory obligations of confidentiality.

6. Sub-processors

Kuhlekt may engage sub-processors to support the delivery of services. Current sub-processors include:

  • Stripe, Inc. – Payment processing
  • Amazon Web Services (AWS) – Cloud infrastructure

Kuhlekt will inform the Customer of any changes to sub-processors and provide an opportunity to object.

7. Security Measures

Kuhlekt implements technical and organizational security measures appropriate to the risk, including:

  • Data encryption in transit and at rest
  • Access control and audit logging
  • Regular vulnerability assessments

8. Data Subject Rights

Kuhlekt shall assist the Customer in fulfilling data subject requests, including rights to access, rectification, erasure, and portability, where applicable.

9. Personal Data Breach

In the event of a personal data breach, Kuhlekt will notify the Customer without undue delay and provide relevant information as required by law.

10. Data Transfers

If personal data is transferred outside the European Economic Area (EEA), Kuhlekt ensures appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms.

11. Audits and Inspections

The Customer may conduct reasonable audits (including inspections) to verify Kuhlekt’s compliance with this DPA. Kuhlekt will cooperate fully, provided that such audits do not interfere unreasonably with its business operations.

12. Termination and Return of Data

Upon termination of services, Kuhlekt will, at the Customer’s request, return or delete all personal data in its possession unless otherwise required by law to retain it.

13. Governing Law

This DPA is governed by and construed in accordance with the laws of Queensland, Australia, unless otherwise required by applicable data protection law.

14. Contact Information

For all data protection-related inquiries:

Email: privacy@kuhlekt.com
Web: https://kuhlekt.com

 

Prev
Next
Drag
Map