BlogTarifsDemander une démoTester Eli

Data Processing Agreement

Overview

This standard Data Processing Agreement (DPA) governs the processing of personal data by Eli on behalf of enterprise customers, ensuring compliance with GDPR Article 28 and other applicable privacy laws.

When You Need a DPA

Enterprise customers typically require a formal DPA for:

  • Processing employee personal data (names, emails, engagement activities)

  • Compliance with internal privacy policies

  • Regulatory audit requirements

  • Legal department due diligence

Small to medium customers are covered by data protection clauses in our standard Terms of Service.

Key DPA Elements

Data Processing Details

Subject Matter: Employee engagement platform services Duration: Length of service agreement Nature of Processing: Collection, storage, analysis of employee engagement data Purpose: Workplace wellbeing and engagement improvement

Data Categories

Personal Data Types:

  • Employee names and email addresses

  • Engagement scores and activity participation

  • Social posts and interactions

  • Device and usage information

Data Subject Categories:

  • Organization employees and participants

  • Administrative users (HR, managers)

Security & Compliance

Technical Measures:

  • Encryption in transit and at rest

  • Access controls and authentication

  • Regular security monitoring

  • Secure data centers

Organizational Measures:

  • Staff privacy training

  • Confidentiality agreements

  • Incident response procedures

  • Regular compliance reviews

Sub-Processors

We maintain a list of sub-processors in our Who We Work With documentation. Key sub-processors include:

  • Cloud hosting providers

  • Authentication services

  • Email delivery services

Sub-processor Changes: Customers will be notified of any sub-processor changes with advance notice and opportunity to object as required by applicable privacy laws.

Data Subject Rights

We assist customers in responding to data subject requests by:

  • Providing data export capabilities

  • Enabling data correction through admin tools

  • Supporting data deletion requests

  • Response commitment: Within 48 hours of customer request

International Transfers

For transfers outside the EU/EEA:

  • Adequate countries: Direct transfers (UK, Canada, Japan, South Korea)

  • Non-adequate countries: Standard Contractual Clauses when required

  • Technical safeguards: Encryption for all international data flows

Data Return & Deletion

At contract termination:

  • Customer data export available for 30 days

  • Complete data deletion within 60 days

  • Deletion confirmation provided upon request

How to Execute a DPA

For New Customers

  1. Request during procurement - Let us know you need a DPA when requesting proposals

  2. Review and customize - We'll create a DPA based on your requirements

  3. Execute alongside service agreement - Both documents signed together

For Existing Customers

  1. Contact our team - Email [email protected]

  2. Review requirements - We assess your specific needs

  3. Provide executed DPA - Typically within 5 business days

DPA Template

Ready to proceed? Contact [email protected] to discuss DPA requirements and creation for your organization.Languages Available: English, French

For DPA requests and data processing questions, contact: [email protected]

Last Updated: August 2025

PrécédentWhat data we handleSuivantSecurity operations

Mis à jour