Data Processing Addendum

This Data Processing Addendum (“DPA”) applies where Service Desk Builder processes personal data on behalf of a business customer in connection with the Service, including the Freshservice AI Readiness Audit.

If you need a signed version or a customer-specific DPA, email hello@servicedeskbuilder.com.

The customer is controller for personal data contained in its Freshservice instance and for instructions given to Service Desk Builder. Service Desk Builder acts as processor when it processes that customer personal data solely to provide the audit, report, storage, support, and related Service functionality.

Service Desk Builder acts as controller for its own account, billing, security, support, website, and business administration data as described in the Privacy Policy.

Service Desk Builder will process customer personal data only on documented instructions from the customer, including through product configuration, use of the Service, these terms, and any written agreement between the parties, unless required by law.

• Subject matter: Freshservice audit collection, scoring, report generation, storage, support, and deletion
• Duration: the customer's use of the Service plus any lawful retention period
• Categories of data subjects: customer personnel, service desk agents, requesters, and account users
• Categories of data: account details, service desk configuration, ticket metadata, limited ticket quality signals, and generated audit outputs
• Special category data: not intentionally collected and should not be provided by the customer

Service Desk Builder will ensure people authorised to process customer personal data are subject to confidentiality obligations. We will maintain appropriate technical and organisational measures designed to protect customer personal data against unauthorised access, loss, alteration, or disclosure.

The customer authorises Service Desk Builder to use subprocessors needed to provide the Service. Current key subprocessors are listed in the Privacy Policy and include providers for hosting, authentication, payments, storage, email, analytics, and optional AI-generated content.

Service Desk Builder remains responsible for subprocessor performance to the extent required by applicable data protection law. Customers may request current subprocessor details by email.

Where customer personal data is transferred internationally, Service Desk Builder will rely on appropriate transfer safeguards required by applicable data protection law, such as adequacy regulations, Standard Contractual Clauses, or the UK International Data Transfer Addendum, as applicable.

Taking into account the nature of the processing and information available to us, Service Desk Builder will provide reasonable assistance with data subject requests, security obligations, data protection impact assessments, and regulator enquiries related to the Service.

If Service Desk Builder becomes aware of a personal data breach affecting customer personal data processed under this DPA, we will notify the affected customer without undue delay and provide reasonable information available to us to help the customer meet its own notification obligations.

On request or account deletion, Service Desk Builder will delete or return customer personal data processed under this DPA unless retention is required by law, fraud prevention, dispute handling, security, or legitimate business recordkeeping.

Service Desk Builder will make reasonable information available to demonstrate compliance with this DPA. This may include written responses to security questionnaires or procurement reviews. On-site audits are not available unless separately agreed in writing.

If this DPA conflicts with the Terms of Service, this DPA controls for processing of customer personal data as a processor. A signed customer-specific DPA controls over this web DPA if expressly agreed by both parties.