top of page
Channel Chaser

Data Processing Addendum (DPA)

Version: 1.0
Last Updated: 19/11/2025
Processor: Cairncom Communications Ltd (trading as Channel Chaser)
Contactpolicy@cairncoms.co.uk

This Data Processing Addendum (“DPA”) forms part of the agreement, including the Terms of Service (“Principal Agreement”), between the customer identified in the Principal Agreement (“Customer” or “Controller”) and Cairncom Communications Ltd, trading as Channel Chaser (“Channel Chaser”, “Processor”, “we”, “us”).

In the event of a conflict between this DPA and the Principal Agreement, this DPA shall prevail to the extent of the conflict in relation to the processing of personal data.

1. Definitions

For the purposes of this DPA:

  • Applicable Data Protection Law” means all applicable data protection and privacy laws, including UK GDPR, EU GDPR, the Data Protection Act 2018, and, where applicable, CCPA/CPRA.

  • Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing”, “Personal Data Breach”, “Supervisory Authority” have the meanings given in UK GDPR and EU GDPR.

  • Customer Data” means any Personal Data processed by Channel Chaser on behalf of the Customer under the Principal Agreement.

  • Services” means the Channel Chaser SaaS platform and related services provided by the Processor to the Customer.

  • Sub-Processor” means any third party engaged by Channel Chaser to process Personal Data on behalf of the Customer.

  • Standard Contractual Clauses” or “SCCs” means the European Commission’s 2021 SCCs for transfers of personal data to third countries (Module 2 – Controller to Processor) as amended or replaced from time to time.

  • UK Addendum” means the ICO’s International Data Transfer Addendum to the SCCs.

2. Purpose and Scope

This DPA governs Channel Chaser’s processing of Customer Data in connection with the provision of the Services and sets out the rights and obligations of the parties in relation to such processing, as required by Article 28 of the GDPR.

The parties acknowledge that, for the purposes of Applicable Data Protection Law, the Customer is the Controller and Channel Chaser is the Processor of Customer Data.

3. Roles of the Parties
3.1 Customer as Controller

The Customer determines the purposes and means of processing Customer Data and is responsible for ensuring that its instructions to Channel Chaser comply with Applicable Data Protection Law.

3.2 Channel Chaser as Processor

Channel Chaser shall process Customer Data only as a Processor on behalf of the Customer and strictly in accordance with the Customer’s documented instructions, the Principal Agreement, and this DPA.

4. Nature and Purpose of Processing

Channel Chaser processes Customer Data for the following purposes:

  • Receiving reseller and partner deal updates (including by email);

  • Extracting, standardising, and structuring deal-related data;

  • Generating and maintaining automated deal sheets;

  • Synchronising deal and contact data with supported CRM systems (e.g. HubSpot, Zoho) where enabled by the Customer;

  • Providing, maintaining, and improving the Channel Chaser Service;

  • Providing support, troubleshooting, and incident resolution;

  • Implementing security monitoring, logging, and fraud prevention measures.

5. Categories of Data Subjects and Personal Data
5.1 Categories of Data Subjects

Customer Data may relate to the following categories of Data Subjects:

  • Employees and contractors of the Customer;

  • Reseller and partner contacts;

  • CRM contacts and sales prospects;

  • End-customer contacts included in Customer’s CRM or reseller workflows.

5.2 Categories of Personal Data

Customer Data may include, without limitation:

  • Name;

  • Business email address;

  • Contact details and organisation information;

  • Deal notes, updates, and pipeline data;

  • Reseller or partner communication metadata;

  • Email content submitted by resellers relating to deals;

  • CRM record fields synchronised between the Channel Chaser Service and third-party CRM platforms.

The parties do not anticipate the processing of special categories of Personal Data. The Customer shall avoid submitting such data to the Service.

6. Duration of Processing

Channel Chaser will process Customer Data for the duration of the Principal Agreement and any renewal thereof, plus any additional retention period permitted under this DPA (typically ninety (90) days after termination), unless otherwise required by Applicable Data Protection Law.

7. Customer Responsibilities

The Customer shall:

  • ensure that it has a valid legal basis for processing Customer Data and for instructing Channel Chaser to process such data;

  • provide all necessary notices and obtain all necessary consents from Data Subjects where required;

  • not instruct Channel Chaser to process data in a manner that could cause Channel Chaser to violate Applicable Data Protection Law;

  • avoid uploading or synchronising sensitive or special category Personal Data;

  • remain responsible for the accuracy, quality, and lawfulness of Customer Data.

8. Processor Obligations (Channel Chaser)
8.1 Processing on Documented Instructions

Channel Chaser shall process Customer Data only on documented instructions from the Customer, unless required to do so by Applicable Data Protection Law. In such a case, Channel Chaser shall inform the Customer of that legal requirement, unless prohibited by law.

8.2 Confidentiality

Channel Chaser shall ensure that persons authorised to process Customer Data are subject to appropriate confidentiality obligations and receive relevant data protection training.

8.3 Security Measures

Channel Chaser shall implement appropriate technical and organisational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, as further described in Annex II (Technical and Organisational Measures).

8.4 Assistance with Data Subject Requests

Taking into account the nature of the processing, Channel Chaser shall assist the Customer, by appropriate technical and organisational measures, in fulfilling the Customer’s obligations to respond to Data Subject requests under Applicable Data Protection Law. The Customer is responsible for responding to such requests; Channel Chaser will provide reasonable assistance upon request.

8.5 Assistance with Compliance

Channel Chaser shall provide reasonable assistance to the Customer with data protection impact assessments (DPIAs) and consultations with supervisory authorities, where required and related to the Services.

8.6 Data Return and Deletion

Upon termination of the Services, Channel Chaser shall, at the choice of the Customer, delete or return all Customer Data in its possession, except where storage is required by law. Unless otherwise agreed, Customer Data will be retained for up to ninety (90) days following termination, during which the Customer may export data. Thereafter, Customer Data will be permanently deleted from active systems and removed from backups in accordance with standard retention cycles.

8.7 Records of Processing

Channel Chaser shall maintain records of processing activities carried out on behalf of the Customer as required by Article 30(2) of the GDPR and shall make such records available to supervisory authorities upon request.

9. Personal Data Breach Notification

In the event of a Personal Data Breach affecting Customer Data, Channel Chaser shall notify the Customer without undue delay after becoming aware of the breach. Such notification will include, where reasonably available:

  • a description of the nature of the breach;

  • the likely consequences of the breach;

  • the measures taken or proposed to address the breach and mitigate possible adverse effects.

The Customer is responsible for complying with any applicable notification obligations to supervisory authorities or affected Data Subjects, unless otherwise agreed or required by law.

10. Sub-Processors
10.1 Authorised Sub-Processors

The Customer authorises Channel Chaser to engage Sub-Processors to support the delivery of the Services. A current list of Sub-Processors is maintained at Sub Processors Register

10.2 Sub-Processor Obligations

Channel Chaser shall ensure that any Sub-Processor is bound by written obligations that are substantially equivalent to those set out in this DPA. Channel Chaser shall remain responsible for the performance of its Sub-Processors.

10.3 Notice and Objection

Channel Chaser will provide the Customer with advance notice (typically thirty (30) days) of any intended addition or replacement of Sub-Processors. The Customer may object on reasonable grounds by notifying Channel Chaser in writing. If the parties cannot resolve the objection, the Customer may discontinue use of the affected Services, subject to the terms of the Principal Agreement.

11. International Data Transfers

Customer Data may be transferred outside the United Kingdom and/or European Economic Area (EEA), including to the United States, where Sub-Processors or hosting facilities are located.

Where such transfers occur, Channel Chaser shall ensure that:

  • the SCCs (Module 2) are incorporated where required; and/or

  • the UK Addendum is applied for transfers subject to UK GDPR; and

  • appropriate additional safeguards and transfer impact assessments are implemented where necessary.

12. Audit and Inspection

Channel Chaser shall make available to the Customer all information reasonably necessary to demonstrate compliance with this DPA and, where required, shall allow for and contribute to audits, including inspections, conducted by the Customer or an independent auditor mandated by the Customer.

Any audit:

  • shall occur no more than once in any twelve (12) month period, unless required by a supervisory authority or in response to a Personal Data Breach;

  • shall be conducted during normal business hours and in a manner that minimises disruption;

  • may be subject to reasonable confidentiality and security controls; and

  • shall be at the Customer’s expense.

13. CCPA/CPRA (California)

Where Customer Data relates to residents of California and the CCPA/CPRA applies, Channel Chaser shall act as a “Service Provider” or “Contractor” and shall:

  • not sell or share Personal Data as those terms are defined in CCPA/CPRA;

  • not retain, use, or disclose Personal Data for any purpose other than providing the Services or as otherwise permitted by law;

  • not use Personal Data for cross-context behavioural advertising;

  • assist the Customer, where reasonably possible, in responding to consumer requests under CCPA/CPRA.

14. Liability

The limitations and exclusions of liability set out in the Principal Agreement apply also to this DPA. Nothing in this DPA shall limit or exclude liability that cannot be limited or excluded under Applicable Data Protection Law.

15. Order of Precedence

In the event of any conflict between this DPA and the Principal Agreement, this DPA shall prevail in relation to the processing of Customer Data. In the event of a conflict between this DPA and the SCCs or the UK Addendum, the SCCs or UK Addendum (as applicable) shall prevail.

16. Term and Termination

This DPA shall remain in effect for as long as Channel Chaser processes Customer Data on behalf of the Customer under the Principal Agreement. Upon termination of the Principal Agreement and completion of data deletion or return obligations, this DPA shall automatically terminate.

17. Governing Law

This DPA shall be governed by and construed in accordance with the governing law specified in the Principal Agreement, subject to any mandatory requirements of the SCCs or UK Addendum for international transfers.

Annex B – Technical and Organisational Measures

Channel Chaser implements technical and organisational measures including, but not limited to:

  • Encryption of data in transit (TLS) and at rest;

  • Access controls, including unique user IDs and MFA for administrative access;

  • Role-based access and least-privilege principles;

  • Audit logging and monitoring of access and system events;

  • Secure software development practices and vulnerability management;

  • Regular backups and business continuity planning;

  • Employee training on data protection and security awareness;

  • Vendor due diligence and Sub-Processor security assessments.

Annex A– Sub-Processors

A current list of authorised Sub-Processors used by Channel Chaser is maintained at Sub Processors Register

This list may be updated from time to time in accordance with Section 10 of this DPA.

18. Contact

For any questions relating to this DPA or data protection matters, please contact:

Data Protection Officer
Cairncom Communications Ltd
Email: policy@cairncoms.co.uk

bottom of page