Skip to main content
All CollectionsSecurity
General Data Processing Terms
General Data Processing Terms

Doodle's General Terms and Conditions for Data Processing ensure protection and compliance with data privacy regulations.

Ashley Young avatar
Written by Ashley Young
Updated over 6 months ago

General Data Processing Terms

By using certain Doodle products, you acknowledge that this possibly involves the transmission of personal data to Doodle. To the extent that Doodle processes such data as your data processor, these General Terms and Conditions of the Processing of Personal Data apply in addition to the applicable general Terms of Service. In the event of a conflict with the Terms of Service, these Terms and Conditions of the Processing of Personal Data shall prevail. Doodle and you agree on the following:

1. Doodle processes personal data only in accordance with the applicable General Terms and Conditions and its Privacy Policy;

2. Doodle will employ appropriate technical and organizational measures to protect personal data;

3. Doodle will support you with appropriate technical and organizational measures (taking into account the type of processing) to fulfill your obligation to respond to requests to exercise the data protection rights of the data subject;

4. Doodle will delete the personal data upon termination of the contractual relationship with you as soon as possible and at the latest within a maximum period of 180 days, unless Swiss law, EU law, or the law of the respective EU member state requires a longer storage of the data; in this context, Doodle may keep the personal data longer if this is necessary for the provision of other services used by you;

5. Doodle shall provide you with all information necessary to prove Doodle’s compliance with its obligations as a processor.

6. You agree that Doodle may assign its data processing obligations to a sub-processor in accordance with its Privacy Policy and these Terms of Use for Data Processing. However, this can only be done by means of a written agreement with the sub-processor that imposes on the sub-processor obligations that are no less onerous than those imposed on Doodle by these Terms of Use for Data Processing. If a sub-processor does not comply with such obligations, Doodle remains fully liable for the performance of the sub-processor’s obligations towards you. You hereby authorize Doodle to engage Doodle’s subcontractors as its subprocessor(s). If you have objections against such additional subcontractor(s), you may inform Doodle in writing of the reasons for your objections. However, this does not constitute a legal right to influence any additional subcontractors. Please use an alternative service to Doodle if you have objections against such additional subcontractors.

7. Upon Doodle’s discovery of any actual or suspected violation of the protection of your personal data, Doodle will notify you immediately. Such notification will include at least the following information: Details about the nature of the violation, the number of datasets involved, the category and approximate number of data subjects, the likely consequences of the violation, and any measures already taken or immediately planned to mitigate the possible adverse effects of the violation, taking into account all circumstances. The notification may also be provided in stages, taking into account the information available.

8. Doodle may also transfer your personal information to sub-processors located outside of your country as appropriate for the data processing purposes described in the Privacy Policy. These subprocessors are required to comply with the same data protection obligations as Doodle itself. If the level of data protection in a country does not correspond to the Swiss level, Doodle will contractually ensure that the protection of your personal data is always equivalent to that in Switzerland. Doodle ensures this in each case through one or more of the following measures:

  • By entering into EU Model Clauses with the contracted service providers, see the Standard contractual clauses for data transfers between EU and non-EU countries.

  • through the presence of Binding Corporate Rules (BCR), recognized by a European data protection authority, at the service providers commissioned; see details here.

Did this answer your question?