Be AI Assist Logo Be AI Assist

Data Processing Agreement

Last Updated: 14 September 2025

1. Introduction

This Data Processing Agreement ("DPA") is entered into by and between you, the Client ("Controller"), and Be AI Assist Ltd ("Processor"), and is incorporated into the Terms of Service. This DPA reflects the parties’ agreement with regard to the processing of Personal Data.

2. Definitions

Terms such as "Personal Data," "Data Subject," "Processing," "Controller," and "Processor" shall have the meanings ascribed to them in the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

3. Details of Processing

  • Nature and Purpose of Processing: To provide AI automation consultancy and implementation services, including connecting client systems, managing automated workflows, and providing related support and maintenance as per the agreed Services.
  • Duration of Processing: For the duration of the service agreement between the Controller and the Processor, and thereafter as required by law or our data retention policies.
  • Categories of Data Subjects: The Personal Data processed will concern the following categories of data subjects: employees, customers, clients, suppliers, and other business contacts of the Controller.
  • Types of Personal Data: Name, email, phone number, job title, company data, and any other Personal Data the Controller chooses to process through the automation workflows we build and manage.

4. Obligations of the Processor

The Processor agrees to:

  • Only process Personal Data on the documented instructions of the Controller.
  • Ensure that persons authorised to process the Personal Data have committed themselves to confidentiality.
  • Implement and maintain appropriate technical and organisational measures to ensure the security of the Personal Data.
  • Assist the Controller in fulfilling its obligations to respond to Data Subject rights requests.
  • Notify the Controller without undue delay upon becoming aware of a Personal Data breach.
  • At the choice of the Controller, delete or return all Personal Data to the Controller after the end of the provision of services.

5. Sub-processors

The Controller provides general written authorisation for the Processor to engage third-party sub-processors to support the Services. The Processor shall maintain a list of its current sub-processors and will inform the Controller of any intended changes. The Processor will impose on its sub-processors the same data protection obligations as set out in this DPA.

6. International Transfers

The Processor shall not transfer Personal Data outside the United Kingdom or the European Economic Area (EEA) without ensuring that appropriate safeguards are in place as required by the UK GDPR, such as an adequacy decision or Standard Contractual Clauses (SCCs).

7. Audit Rights

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

8. Governing Law

This DPA shall be governed by and construed in accordance with the laws of England and Wales.