This Data Processing Agreement details the rights and obligations of both parties regarding the processing of personal data.
Last updated January 21, 2026
This Data Processing Agreement ("DPA") forms part of the Sheetful Terms of Service and applies to the processing of personal data by Sheetful ("Processor") on behalf of the customer ("Controller").
By using Sheetful, you accept the terms of this DPA.
The Processor shall process Personal Data only on documented instructions from the Controller, unless required to do so by Union or Member State law. The Subject Matter, Duration, Nature and Purpose of the processing, and the categories of data subjects are defined in the Sheetful Data Policy.
The Processor ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
The Processor takes all measures required pursuant to Article 32 of the GDPR (Security of processing), including encryption, ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services.
The Processor has the Controller's general authorization to engage third-party subprocessors. The current list of subprocessors is available in our Data Policy. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of other processors.
Taking into account the nature of the processing, the Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller's obligation to respond to requests for exercising the data subject's rights.
At the choice of the Controller, the Processor shall delete or return all the personal data to the Controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the personal data.
