Back to Trust Center

Data Processing Addendum (DPA)

Terms governing Jooni’s processing of personal data on behalf of customers. This DPA is designed for B2B deployments and primarily covers business contact data and device/service telemetry associated with company accounts.

Request signed copy

Related: Privacy Statement, Subprocessors, and Security.

1. Scope and applicability

This DPA applies where Jooni processes Personal Data on behalf of a business customer in connection with the services described in the applicable agreement (Terms of Use or a signed order). The parties agree that Jooni acts as a Processor and Customer acts as a Controller (or equivalent under applicable law) with respect to Customer Personal Data.

2. Customer instructions

Jooni will process Customer Personal Data only on documented instructions from Customer, including as necessary to provide, maintain, and secure the services; to comply with law; and as otherwise set forth in this DPA and the agreement. Customer is responsible for providing lawful instructions.

3. Nature and purpose of processing

  • Provision of cloud services, device connectivity, telemetry ingestion, and related support.
  • Account administration, service monitoring, troubleshooting, incident response, and security.
  • Billing (via payment processor) and service communications.

4. Categories of data and data subjects

  • Personal Data (typical, B2B): business contact details (name, email, role), account identifiers; authentication artifacts.
  • Operational data: device and sensor telemetry associated with Customer deployments. This data generally does not identify natural persons and is processed to operate the services.
  • Special categories: not intended to be processed. Customer will not submit such data unless the parties agree in writing.
  • Data subjects: Customer personnel and authorized users.

5. Subprocessors

Customer authorizes Jooni to engage subprocessors to support the services. Jooni will impose data protection terms no less protective than this DPA and remains responsible for subprocessors’ performance. The current list is published at Subprocessors and may be updated from time to time.

6. International transfers

Where Customer Personal Data is transferred internationally, Jooni will implement appropriate safeguards such as the EU Standard Contractual Clauses and any required UK/Swiss addenda, as applicable. Data residency options may be available depending on product and capacity (see Security for details).

7. Security measures

Jooni maintains administrative, technical, and physical measures to protect Customer Personal Data, including encryption in transit and at rest, access controls, logging and monitoring, vulnerability management, backups and disaster recovery, and secure software development practices. See Security for a high‑level overview.

8. Assistance and data subject rights

Taking into account the nature of processing, Jooni will assist Customer in meeting obligations to respond to data subject requests (e.g., access, correction, deletion) and to perform data protection impact assessments and consultations with authorities, as required by law.

9. Incident notification

Jooni will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data and will provide information available to assist Customer in meeting obligations, consistent with our SLA and incident response processes.

10. Retention and deletion

Customer Personal Data is retained only as long as necessary to provide the services or as required by law. Upon request or termination, Jooni will delete or return Customer Personal Data (at Customer’s option), except to the extent retention is required by law or for standard backup integrity, after which data is overwritten in the ordinary course.

11. Audit rights

Upon reasonable prior notice, and no more than once annually (unless required by law or following a confirmed incident), Customer may audit Jooni’s compliance with this DPA through questionnaires or review of third‑party attestations. On‑site reviews may be conducted subject to confidentiality and safety requirements.

12. Confidentiality

Jooni ensures personnel authorized to process Customer Personal Data are subject to confidentiality obligations and receive appropriate training.

13. Government and law enforcement requests

Where permitted by law, Jooni will notify Customer of legally binding requests for disclosure of Customer Personal Data and will challenge unlawful or overbroad requests as appropriate.

14. Precedence and changes

In the event of conflict between this DPA and the agreement, this DPA will control to the extent of the conflict regarding the subject matter herein. Jooni may update this DPA as required by law or to reflect changes in the services; material changes will apply prospectively and be posted on this page.

15. Definitions

“Personal Data”, “Controller”, “Processor”, “Data Subject”, “Personal Data Breach”, and “processing” have the meanings set out in applicable data protection laws (e.g., GDPR). “Customer Personal Data” means Personal Data submitted to the services by or for Customer.