Data processing agreement
Version 1.0 Last updated: May 7th, 2025
This Data Processing Agreement (“DPA”) forms part of the Terms of Service or any other written agreement between the customer (“Data Controller”) and Volcanic Labs SLU (“Data Processor”), operating Biel.ai.
1. Purpose and scope
This DPA governs the processing of personal data by Biel.ai on behalf of the customer in connection with the use of Biel.ai’s Software as a Service (SaaS).
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Data Controller: The entity which determines the purposes and means of the processing of Personal Data.
- Data Processor: The entity which processes Personal Data on behalf of the Data Controller.
- Processing: Any operation performed on Personal Data.
3. Roles and responsibilities
The Data Controller is responsible for ensuring a lawful basis for collecting and processing Personal Data. The Data Processor will only process Personal Data in accordance with documented instructions from the Data Controller.
4. Confidentiality
The Data Processor shall ensure that all personnel authorized to process Personal Data are bound by confidentiality obligations.
5. Security
The Data Processor shall implement appropriate technical and organizational measures to ensure the security of Personal Data. Details are described in our Security Overview.
6. Sub-processors
The Data Processor may engage third-party sub-processors to provide parts of the SaaS infrastructure. A current list of sub-processors is available on request. The Data Processor will enter into agreements with sub-processors ensuring GDPR-compliant processing.
7. Data subject rights
The Data Processor shall assist the Data Controller in fulfilling obligations to respond to data subject requests under GDPR, including requests to access, correct, or delete Personal Data.
8. Data breach notification
In the event of a Personal Data breach, the Data Processor shall notify the Data Controller within 24h after becoming aware of the breach.
9. Data transfers
The Data Processor may transfer Personal Data outside the EEA, provided such transfers are carried out in compliance with Chapter V of the GDPR (e.g., through Standard Contractual Clauses or adequacy decisions).
10. Duration and termination
This DPA remains in effect for as long as Biel.ai processes Personal Data on behalf of the customer. Upon termination, Biel.ai will delete or return all Personal Data, unless legally required to retain it.
11. Limitation of Liability and Scope of Agreement
The obligations and liabilities of the Data Processor under this Data Processing Agreement are expressly limited to the terms and conditions set forth in the Terms of Service, or any other written agreement between the parties. The Data Processor shall not incur any additional obligations or liabilities beyond those expressly outlined in these agreements.
12. Contact
Volcanic Labs SLU
Plaza de Galicia, Local 7, 38612, Santa Cruz de Tenerife, Spain
Email: info@techdocs.studio