We use cookies to improve your experience, analyse traffic, and personalise content. By clicking "Accept All", you consent to our use of cookies. Read our Cookie Policy.
    🎉 Founding Member Offer: The first 10 signups get their first 3 months of software completely FREE on any monthly plan! (Only 7 spots left)
    Stone Signal DigitalStone Signal Digital
    Log inGet Started

    Data Processing Agreement

    How we process and protect your clients' data.

    This Data Processing Agreement ("DPA") forms part of the Terms of Service between Stone Signal Digital ("Data Processor") and you, the client ("Data Controller"). It reflects the parties' agreement with regard to the processing of personal data.

    1. Definitions

    • "Personal Data" means any information relating to an identified or identifiable natural person processed by the Processor on behalf of the Controller.
    • "Data Protection Laws" means the UK GDPR, the Data Protection Act 2018, and any other applicable privacy laws.
    • "Sub-processor" means any third party engaged by the Processor to process Personal Data on behalf of the Controller.

    2. Processing of Personal Data

    2.1. Roles of the Parties: The parties acknowledge and agree that with regard to the Processing of Personal Data, the client is the Data Controller, and Stone Signal Digital is the Data Processor.

    2.2. Purpose of Processing: The Processor will process Personal Data only to provide the services outlined in the Terms of Service, specifically for lead capture, CRM management, automated follow-ups, and booking facilitation.

    2.3. Nature of Data: The data processed typically includes names, email addresses, phone numbers, appointment details, and communication histories of the Controller's leads and customers.

    3. Processor Obligations

    3.1. Compliance: The Processor shall comply with all applicable Data Protection Laws in the processing of Personal Data.

    3.2. Security: The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, protecting against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

    3.3. Confidentiality: The Processor ensures that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

    4. Sub-processing

    4.1. The Controller authorises the Processor to engage Sub-processors to assist in providing the Services (e.g., hosting providers, communication APIs like Twilio/SendGrid).

    4.2. The Processor shall enter into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA.

    5. Data Subject Rights

    The Processor shall, to the extent legally permitted, promptly notify the Controller if it receives a request from a Data Subject to exercise their rights under Data Protection Laws. The Processor shall assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to such requests.

    6. Personal Data Breach

    The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data Breach. The Processor shall provide reasonable assistance to the Controller in investigating and mitigating the breach.

    7. Deletion or Return of Data

    Upon termination of the Services, the Processor shall, at the choice of the Controller, delete or return all Personal Data to the Controller and delete existing copies unless applicable law requires storage of the Personal Data.

    If you have any questions about this DPA, please contact us at support@stonesignal.co.uk.

    Last updated: 27 December 2025

    Avatar
    Hi I'm an AI Customer Support Bot. Do you have a question or want to book a demo call? I can help!