Logo

Data processing agreement

Version 1.0 Last updated: May 7th, 2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service or any other written agreement between the customer (“Data Controller”) and Volcanic Labs SLU (“Data Processor”), operating Biel.ai.

1. Purpose and scope

This DPA governs the processing of personal data by Biel.ai on behalf of the customer in connection with the use of Biel.ai’s Software as a Service (SaaS).

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Controller: The entity which determines the purposes and means of the processing of Personal Data.
  • Data Processor: The entity which processes Personal Data on behalf of the Data Controller.
  • Processing: Any operation performed on Personal Data.

3. Roles and responsibilities

The Data Controller is responsible for ensuring a lawful basis for collecting and processing Personal Data. The Data Processor will only process Personal Data in accordance with documented instructions from the Data Controller.

4. Confidentiality

The Data Processor shall ensure that all personnel authorized to process Personal Data are bound by confidentiality obligations.

5. Security

The Data Processor shall implement appropriate technical and organizational measures to ensure the security of Personal Data. Details are described in our Security Overview.

6. Sub-processors

The Data Processor may engage third-party sub-processors to provide parts of the SaaS infrastructure. A current list of sub-processors is available on request. The Data Processor will enter into agreements with sub-processors ensuring GDPR-compliant processing.

7. Data subject rights

The Data Processor shall assist the Data Controller in fulfilling obligations to respond to data subject requests under GDPR, including requests to access, correct, or delete Personal Data.

8. Data breach notification

In the event of a Personal Data breach, the Data Processor shall notify the Data Controller within 24h after becoming aware of the breach.

9. Data transfers

The Data Processor may transfer Personal Data outside the EEA, provided such transfers are carried out in compliance with Chapter V of the GDPR (e.g., through Standard Contractual Clauses or adequacy decisions).

10. Duration and termination

This DPA remains in effect for as long as Biel.ai processes Personal Data on behalf of the customer. Upon termination, Biel.ai will delete or return all Personal Data, unless legally required to retain it.

11. Limitation of Liability and Scope of Agreement

The obligations and liabilities of the Data Processor under this Data Processing Agreement are expressly limited to the terms and conditions set forth in the Terms of Service, or any other written agreement between the parties. The Data Processor shall not incur any additional obligations or liabilities beyond those expressly outlined in these agreements.

12. Contact

Volcanic Labs SLU

Plaza de Galicia, Local 7, 38612, Santa Cruz de Tenerife, Spain

Email: info@techdocs.studio