Data Processing Agreement

The Customer acts as data controller within the meaning of the GDPR. Catch before they bounce acts as data processor and processes data only on the Customer's documented instructions, within the scope necessary to provide the service.

Catch before they bounce may process any data provided by the Customer or generated in the course of using the service, including but not limited to technical, usage, contact, approximate location and analysis data necessary for the provision, security and improvement of the service.

Data is processed for the purposes of providing the service, operational management, usage analysis, feature improvement, producing information for the Customer, and, more generally, any purpose necessary for the performance of the service.

Events and session replays are retained for 6 months on the Starter plan, 24 months on the Pro plan, and without limit on the Scale plan, then purged automatically. Identification data is retained while the account is active and can be deleted at any time upon written request.

• Obtain explicit, free and informed consent from visitors before any loading of the Catch before they bounce script, in accordance with the GDPR and ePrivacy Directive.
• Implement a compliant and functional consent banner (cookie banner).
• Update its own privacy policy to mention Catch before they bounce as an analytics processor, the purposes, and the retention periods.
• Be the single point of contact for visitors exercising their rights (access, rectification, erasure, portability, objection).
• Never transmit to Catch before they bounce any sensitive data within the meaning of Article 9 GDPR.

Catch before they bounce may engage third-party providers for the operation, delivery and improvement of the Service, including in the areas of hosting, infrastructure, security, authentication and associated services.

These providers act as sub-processors within the meaning of the GDPR and are bound by appropriate confidentiality and security obligations.

Any transfers to sub-processors located outside the European Economic Area are covered by the Standard Contractual Clauses adopted by the European Commission.

Catch before they bounce implements and maintains appropriate technical and organizational measures designed to ensure a level of security appropriate to the risks, in particular to preserve the confidentiality, integrity, availability and resilience of the processed data, and to prevent any unauthorized access, disclosure, alteration or destruction.

In the event of a data breach affecting the Customer, Catch before they bounce will notify the Customer without undue delay and at the latest within 72 hours of becoming aware, providing the elements needed for the Customer's own notification to the supervisory authority.

Upon termination, Catch before they bounce returns or deletes, at the Customer's option, all processed data, unless required by law to retain it.

For any question regarding this DPA: contact@cherine.app