Data Processing Addendum

1. Introduction

This Data Processing Addendum ("DPA") forms part of the Terms of Service between CK Flows ("Processor") and the client ("Controller") and governs the processing of personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy regulations.

2. Definitions

• "Controller" means the entity that determines the purposes and means of processing personal data
• "Processor" means CK Flows, which processes personal data on behalf of the Controller
• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on personal data, including collection, storage, and analysis
• "Data Subject" means the individual to whom personal data relates

3. Processing Details

3.1 Categories of Personal Data

We may process the following categories of personal data:

• Contact information (names, email addresses, phone numbers)
• Professional information (job titles, company details, department information)
• System access credentials and user account information
• Communication records and correspondence
• Technical data (IP addresses, device information, usage analytics)

3.2 Processing Purposes

Personal data is processed for the following purposes:

• Providing Salesforce Flow consulting services
• Managing client relationships and communications
• System administration and technical support
• Compliance with legal and regulatory requirements
• Improving service quality and user experience

4. Processor Obligations

CK Flows agrees to:

• Process personal data only on documented instructions from the Controller
• Ensure that persons authorized to process personal data are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Assist the Controller in responding to data subject requests
• Provide information necessary to demonstrate compliance with this DPA
• Notify the Controller of any personal data breaches without undue delay
• Delete or return personal data upon termination of services

5. Security Measures

CK Flows implements the following security measures:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Employee training on data protection practices
• Incident response and breach notification procedures
• Regular backup and recovery procedures
• Physical security measures for data centers and offices

6. Subprocessors

CK Flows may engage subprocessors to assist in service delivery. Current subprocessors include:

• Salesforce, Inc. - Cloud platform services
• Cloud hosting providers - Infrastructure and hosting services
• Communication tools - Email and collaboration services
• Analytics providers - Website and service analytics

We ensure that all subprocessors are bound by data protection obligations equivalent to those in this DPA. We will notify the Controller of any changes to subprocessors and provide an opportunity to object.

7. Data Subject Rights

CK Flows will assist the Controller in responding to data subject requests, including:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

8. Contact Information

For questions regarding this Data Processing Addendum, please contact us: