New Fireside Chat with Ian Mizon: Why Contractors Struggle to Scale (and What Actually Fixes It) Watch now

PaperDrop

Data Processing Agreement

Last updated: January 2025

Important Notice

This Data Processing Agreement ("DPA") forms part of our Terms & Conditions and governs the processing of personal data by PaperDrop Limited as a data processor on behalf of our customers who act as data controllers.

For more information about your privacy rights, see our Privacy Policy.

1. Definitions

Data Controller
The Customer who determines the purposes and means of processing personal data
Data Processor
PaperDrop Limited, who processes personal data on behalf of the Data Controller
Personal Data
Any information relating to an identified or identifiable natural person
Processing
Any operation performed on personal data, including collection, storage, use, and deletion
GDPR
General Data Protection Regulation (EU) 2016/679 and UK GDPR

2. Scope and Application

This DPA applies to the processing of personal data by PaperDrop Limited in the provision of our job management services, where:

  • The Customer acts as the Data Controller
  • PaperDrop Limited acts as the Data Processor
  • The processing is carried out in accordance with the Customer's documented instructions

3. Data Processing Details

3.1 Categories of Personal Data

We may process the following categories of personal data:

  • Employee identification data
  • Contact information
  • Employment details
  • Training and certification records
  • Performance data
  • Health and safety information
  • Time and attendance records
  • Job-related communications
  • Financial information (expenses, payments)
  • Location data (job sites)

3.2 Categories of Data Subjects

  • Employees and contractors of the Customer
  • Job site personnel
  • Customer contacts and representatives
  • Third-party service providers

3.3 Purposes of Processing

  • Providing job management services
  • Employee scheduling and task assignment
  • Time tracking and attendance monitoring
  • Communication and collaboration tools
  • Reporting and analytics
  • Compliance with legal obligations

4. Data Security Measures

Technical and Organisational Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Technical Measures

  • Encryption of personal data in transit and at rest
  • Regular security updates and patches
  • Access controls and authentication mechanisms
  • Network security and firewall protection
  • Regular security monitoring and incident detection

Organisational Measures

  • Staff training on data protection
  • Confidentiality agreements for all personnel
  • Data breach response procedures
  • Regular security audits and assessments
  • Vendor management and due diligence

5. Data Subject Rights

We will assist the Data Controller in fulfilling their obligations to respond to data subject requests, including:

  • Right of access to personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

6. Data Retention and Deletion

Retention Period

We will retain personal data only for as long as necessary to provide the services or as instructed by the Data Controller, but no longer than:

  • 2 years after termination of the service agreement
  • As required by applicable law
  • As instructed by the Data Controller

Secure Deletion

Upon termination of the agreement or upon request, we will securely delete or return all personal data to the Data Controller, unless retention is required by law.

7. Contact Information

Data Protection Officer

PaperDrop Limited
Data Protection Officer
Allia Future Business Centre,
London Rd,
Peterborough PE2 8AN,
United Kingdom

Email: dpo@paperdrop.com
Phone: 01733 612860
    01733 612860