Skip to content
Get started

Data Processing Agreement (DPA)

Instructions and Effectiveness

1.1 This DPA has been pre-signed by our Data Protection Officer on behalf of BotRoom Ltd. If you are a BotRoom customer, and you have agreed to our Terms and Conditions, this DPA is automatically effective, as it forms part of the Agreement, and renders any prior DPA ineffective. Effective Date: June 24, 2025.

1.2 If the details of this DPA are not acceptable to the Customer, or the Customer would like to request a change, please contact us at contact@botroom.ai. Where Customer makes any deletions or other revisions to this DPA without the approval and updated signature of our Data Protection Officer, this DPA will be null and void.

1.3 If the Customer would like to be strictly bound by a paper copy, they can complete the following:

To enter into a paper form of this DPA, Customer must:

  • (a) be a customer of BotRoom
  • (b) complete the signature block and provide all relevant information; and
  • (c) submit the completed and signed DPA to BotRoom at contact@botroom.ai

DATA PROCESSING AGREEMENT (DPA)

Data Controller: 
Address: 
Email: 

Data Processor: BotRoom Ltd. (Company Registration Number: 16161854)
Address: 3rd Floor Suite, 207 Regent Street, London, England, W1B3HH
Email: contact@botroom.ai

Effective Date: June 24, 2025.

2. DEFINITIONS

2.1 Terms used in this DPA have the meanings set out in the UK GDPR and Data Protection Act 2018.

2.2 "Customer Data" means personal data processed by BotRoom on behalf of the Customer in connection with the provision of services.

2.3 "Sub-processor" means any third party appointed by BotRoom to process Customer Data.

3. SCOPE AND DURATION

3.1 Scope
This DPA governs the processing of personal data by BotRoom as a Data Processor on behalf of the Customer as Data Controller in connection with the BotRoom.ai services.

3.2 Duration
This DPA remains in effect for the duration of the Customer Service Agreement and any period during which BotRoom processes Customer Data.

4. DATA PROCESSING DETAILS

4.1 Categories of Data Subjects

  • Customer employees and representatives
  • Customer contacts and prospects
  • End users of Customer's services

4.2 Categories of Personal Data

  • Contact information (names, email addresses, phone numbers)
  • Professional information
  • Usage data and analytics
  • Communication recordings and transcripts (where applicable)

4.3 Purpose of Processing

  • Provision of BotRoom.ai platform services
  • Sales analytics and reporting
  • Customer support and service improvement
  • Platform maintenance and optimization

5. OBLIGATIONS OF THE DATA PROCESSOR

5.1 Processing Instructions
BotRoom shall process Customer Data only:

  • On documented instructions from the Customer
  • As necessary for the provision of services under the Customer Service Agreement
  • As required by applicable law

5.2 Confidentiality
BotRoom ensures that persons authorized to process Customer Data are bound by confidentiality obligations.

5.3 Security Measures
BotRoom implements appropriate technical and organizational measures to ensure security of Customer Data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Incident response procedures

5.4 Data Subject Rights
BotRoom shall assist the Customer in responding to data subject requests and exercising their rights under UK GDPR.

5.5 Data Breach Notification
BotRoom shall notify the Customer without undue delay (within 24 hours where possible) upon becoming aware of a personal data breach affecting Customer Data.

6. SUB-PROCESSORS

6.1 Authorized Sub-processors
Customer provides general authorization for BotRoom to engage the following sub-processors:

1. OpenAI

  • Purpose: AI-driven analysis and real-time audio processing
  • Location: United States
  • Safeguards: Standard Contractual Clauses, adequate security measures

2. Vercel 

  • Purpose: Hosting and delivery of frontend services
  • Location: United States
  • Safeguards: Standard Contractual Clauses, adequate security measures

3. Supabase

  • Purpose: Cloud infrastructure, database, and auth services
  • Location: United States / United Kingdom / European Union
  • Safeguards: Standard Contractual Clauses, adequate security measures

6.2 Sub-processor Requirements
BotRoom ensures that:

  • Sub-processors provide sufficient guarantees regarding technical and organizational security measures
  • Written contracts impose equivalent data protection obligations
  • Sub-processors are regularly monitored for compliance

6.3 Changes to Sub-processors
BotRoom will inform Customer of any intended changes concerning addition or replacement of sub-processors, giving Customer opportunity to object to such changes.

7. INTERNATIONAL TRANSFERS

7.1 Transfer Mechanisms
Where Customer Data is transferred outside the UK/EEA, BotRoom ensures appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions where applicable
  • Additional technical and organizational measures as required

8. DATA RETENTION AND DELETION

8.1 Retention Period
BotRoom retains Customer Data only for as long as necessary to provide services or as required by law.

8.2 Data Return/Deletion
Upon termination of services, BotRoom will:

  • Return or delete Customer Data as instructed by the Customer
  • Provide certification of deletion upon request
  • Retain data only where required by applicable law

9. AUDIT AND COMPLIANCE

9.1 Audit Rights
Customer has the right to conduct audits of BotRoom' data processing activities, subject to reasonable notice and confidentiality obligations.

9.2 Compliance Documentation
BotRoom shall make available information necessary to demonstrate compliance with this DPA and allow for audits.

10. LIABILITY AND INDEMNIFICATION

10.1 Liability
Each party's liability under this DPA is subject to the terms of the Customer Service Agreement.

10.2 Data Protection Impact Assessments
BotRoom shall assist Customer with data protection impact assessments where required.

11. GOVERNING LAW AND JURISDICTION

11.1 This DPA is governed by the laws of England and Wales.

11.2 Any disputes shall be subject to the exclusive jurisdiction of the English courts.

12. CONTACT INFORMATION

Data Protection Officer/Contact:
Email: contact@botroom.ai
Address: 3rd Floor Suite, 207 Regent Street, London, England, W1B3HH

SIGNATURES

DATA CONTROLLER (CUSTOMER)

Signature: _________________________
Name: _________________________
Title: _________________________
Date: _________________________

DATA PROCESSOR (BOTROOM LTD.)

Signature: _________________________
Name: Oleg Matckevich
Title: Director
Date: _________________________

This DPA has been designed to ensure compliance with UK GDPR requirements for data processing relationships.

This DPA is automatically effective for all BotRoom customers who have agreed to our Terms and Conditions. For paper copies or modifications, please contact contact@botroom.ai.