Skribby logoSkribby
Page

Data Processing Agreement (DPA)

Last updated on October 18, 2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (“Agreement”) between you (“Customer” or “Controller”) and Skribe VOF, Lode Zielenslaan 38, 8930 Menen, Belgium (“Processor”, “we”, “us”). By using our services, you agree to this DPA.

1. Definitions

  • GDPR: Regulation (EU) 2016/679.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on Personal Data.
  • Sub-processor: Any third party engaged by us to process Personal Data.

2. Subject Matter and Duration

This DPA governs our processing of Personal Data on your behalf in connection with the provision of our meeting bot, recording, and transcription services. This DPA remains in effect as long as we process Personal Data for you.

3. Nature and Purpose of Processing

  • Nature: Collection, recording, storage, transcription, and transfer of meeting audio/video and related data.
  • Purpose: To provide meeting recording, transcription, and related features as described in our Agreement.

4. Types of Personal Data and Data Subjects

  • Types of Data: Audio/video recordings, transcripts, participant names, email addresses, meeting metadata, and any other data provided by you.
  • Data Subjects: Meeting participants, your users, and any individuals whose data is included in the recordings.

5. Our Obligations as Processor

We will:

  • Process Personal Data only on your documented instructions, including with regard to transfers of Personal Data to a third country.
  • Ensure persons authorized to process Personal Data are bound by confidentiality.
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Assist you in responding to data subject requests.
  • Assist you in ensuring compliance with GDPR Articles 32-36 (security, breach notification, DPIA, etc.).
  • At your choice, delete or return all Personal Data after the end of the provision of services, unless EU law requires storage.
  • Make available all information necessary to demonstrate compliance and allow for audits.

6. Sub-processing

  • We may engage sub-processors listed at Sub-processor List.
  • We will inform you of any intended changes to sub-processors, giving you the opportunity to object.
  • We will ensure sub-processors are bound by data protection obligations no less protective than those in this DPA.

7. International Data Transfers

  • If Personal Data is transferred outside the EEA, we will ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

8. Security

We implement appropriate technical and organizational measures, including but not limited to:

  • Encryption of data in transit and at rest
  • Access controls
  • Regular security assessments
  • Adhering to the principle of least privilege

A summary of our security measures is available at Security Summary.

9. Data Breach Notification

We will notify you without undue delay after becoming aware of a Personal Data breach.

10. Data Subject Rights

We will assist you in fulfilling obligations to respond to data subject requests (access, rectification, erasure, etc.).

11. Audit

You may audit our compliance with this DPA, subject to reasonable notice and confidentiality.

12. Termination

Upon termination, we will, at your choice, delete or return all Personal Data, unless retention is required by law.

13. Miscellaneous

  • This DPA is governed by the laws of Belgium.
  • In the event of conflict, this DPA prevails over the Agreement regarding data protection.

No signature required. By using our services, you accept this DPA.