DPP
Updated at: Oct 23, 2025
Version: 4
Last update: October 2025
Pursuant to the Agreement, Artificieel provides the Solution and the Services (both as defined below) to the Customer (as defined below). The provision of the Solution and the Service leads to the collection and processing of Personal Data (as defined below) by Artificieel, in its capacity as a data processor, on behalf of the Customer. Therefore, Artificieel provides the Customer with this Data Processing Policy ("DPP") which sets out (i) how Artificieel shall manage, process and secure the Personal Data; as well as (ii) all parties' obligations to comply with the Privacy Legislation (as defined below).
By concluding an Agreement with Artificieel, the Customer has indicated that it has read, understands and accepts the terms and conditions of this DPP, which forms an integral part of said Agreement. Capitalised terms in this DPP shall have the same meaning as in the Agreement.
This DPP may be updated from time to time by Artificieel, in which case Artificieel shall notify the Customer through its website or the Artificieel Solution. In any event, the latest version of this DPP can always be accessed on the website, as well as on the Artificieel Solution.
DEFINITIONS
Capitalised terms shall have the meaning as set out below.
Artificieel: The company ARTIFICIEEL BV, incorporated and existing under the laws of Belgium, with registered office at Sint-Pietersnieuwstraat 11, 9000 Ghent, with VAT/company number BE-1001.403.452
Assignment: All activities, performed by Artificieel for the Customer, and any other form of cooperation whereby Artificieel Processes Personal Data for the Customer, regardless of the legal nature of the agreement under which this Processing takes place
Controller: The entity, which determines the purposes and means of the Processing of Personal Data, meaning the Customer as defined in the Agreement
Customer: The party with whom Artificieel has concluded the Agreement, including its Affiliate(s)
Data Subject: An identified or identifiable natural person where an identifiable natural person should be considered one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Personal Data: Any information relating to an identified or identifiable natural person (i.e. Data Subject)
Personal Data Breach: Unauthorized disclosure, access, abuse, loss, theft or accidental or unlawful destruction of Personal Data, which are processed by Artificieel on behalf of the Customer
Privacy Legislation: The (supra)national privacy legislation applicable to the processing of personal data by the Customer or Artificieel within the scope of the Agreement, such as, but not limited to: (i) the General Data Protection Regulation 2016/679 of April 27, 2016 ("GDPR"); (ii) the Belgian Privacy Law of 30 July 2018; (iii) the ePrivacy Directive 2002/58/EC of 12 July 2002, including future amendments and revisions thereof; and/or (iv) (future) national legislation regarding the implementation of the GDPR
Processor: The entity which Processes Personal Data on behalf of the Controller
Process/Processing: Any operation or set of operations which is performed upon Personal Data or sets of Personal Data, including but not limited to: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data
Services: All services, provided by Artificieel to the Customer with respect to the Solution (such as but not limited to support and maintenance)
Solution: Artificieel's proprietary 'Software as a Service' (SaaS) platform that leverages Artificial Intelligence (AI) to facilitate and accelerate legal due diligence processes by enabling Customers to upload, analyze, and extract insights from legal and other business documents
Subprocessor: Any Processor engaged by Artificieel
Policy Annexes
Annex I: Overview of (i) the Personal Data, which parties expect to be subject of the Processing, (ii) the categories of Data Subjects, which parties expect to be subject of the Processing, the (iii) retention period for each Processing; and (iv) the use (i.e. the way(s) of Processing) of the Personal Data, the purpose and means of such Processing
Annex II: Overview and description of the security measures taken by Artificieel
Annex III: List of Subprocessors engaged by Artificieel
The (uncapitalised) terms "(data) controller"; "personal data"; "personal data breach"; "process"; "processing"; "(data) processor" shall have the meaning attributed to them in the Privacy Legislation.
1. ROLES OF THE PARTIES
1.1 Parties acknowledge and agree that with regard to the Processing of Personal Data as instructed by the Customer, the Customer shall be considered 'Controller' and Artificieel 'Processor'. Artificieel shall be allowed to engage Subprocessor(s) pursuant to the requirements set forth in Article 7.
1.2 Each party shall comply with its respective obligations under the Privacy Legislation with respect to the processing of the Personal Data.
2. USE OF THE SOLUTION AND/OR THE SERVICES
2.1 The Customer acknowledges explicitly that:
2.1.1 Artificieel purely acts as a facilitator of the Solution and/or the Services. Hence, the Customer shall be solely responsible on how and to what extent he/she makes use of the Solution and/or the Services as well as for all Personal Data collected through the Solution
2.1.2 It is responsible for all acts and omissions of Users (i.e. in case the User does (not) take sufficient measures to protect its account on the Solution)
2.1.3 As a result of the use of the Solution, a number of connections between the Customer's technological infrastructure and the Solution shall be made. Data shall however only be uploaded upon approval of the Customer
2.1.4 It is responsible for the material and/or data provided by the Data Subject. The Customer is, as Controller, thus responsible for complying with the Privacy Legislation and/or any other regulations with regard to aforementioned material and/or data
2.1.5 It shall comply with all laws and regulations (such as, but not limited to: with regard to the retention period or rights of the Data Subject) imposed on it by making use of the Solution and/or Services
2.2 The Customer shall avoid any misuse of the Solution and/or Services. In case of misuse by the Customer of the Solution and/or the Services, the Customer agrees that Artificieel can never be held liable in this respect nor for any damage that would occur from such misuse.
2.3 The Customer therefore undertakes to safeguard Artificieel when such misuse would occur as well as for any claim from a Data Subject and/or third party due to such misuse.
3. OBJECT
3.1 Customer acknowledges that as a consequence of making use of the Solution and/or the Services of Artificieel, the latter shall Process Personal Data as collected by the Customer. The nature and purpose of said processing, as well as a description of the Personal Data and categories of Data Subjects processed under the Agreement are further specified in Annex I.
3.2 Artificieel shall always Process the Personal Data in a proper and careful way and in accordance with the Privacy Legislation and other applicable rules concerning the Processing of Personal Data.
3.3 More specifically, Artificieel shall:
3.3.1 During the performance of the Assignment — provide all its know-how in order to perform the Assignment according to the industry standards, as it fits a specialised and 'good' processor
3.3.2 Adopt, to the best of its abilities, the necessary security measures (cfr. Annex II) and provide all its know-how in order to perform the Service in accordance with the industry standards
3.4 The Customer keeps full control concerning the following: (i) how the Personal Data must be processed by Artificieel; (ii) the types of Personal Data processed; (iii) the categories of Data Subjects whose Personal Data is subjected to the processing; (iv) the purpose of the processing; and (v) the fact whether such processing is proportionate.
3.5 This DPP is without prejudice to the provisions of the Agreement with regard to 'Data Protection'.
4. INSTRUCTIONS FROM / RESPONSIBILITY OF THE CUSTOMER
4.1 Instructions
Artificieel shall only process the Personal Data upon the Customer's request and in accordance with the Customer's lawful instructions in Annex I, unless any legal obligation states otherwise. Artificieel shall inform the Customer, if in its opinion, the instructions infringe the Privacy Legislation. If the Customer subsequently cannot guarantee the validity or legality of the instruction or fails or refuses to change the unlawful instruction so that it no longer violates the Privacy Legislation, Artificieel shall be entitled to (i) suspend/refuse the performance of said instruction and (ii) at its discretion, to either continue to process the Personal Data in accordance with previously provided instructions or to stop the processing altogether, until the Customer has revised its instruction so that it no longer violates the Privacy Legislation.
4.2 Responsibilities
Furthermore, the Customer acknowledges that it is responsible for:
4.2.1 The accuracy, quality and legality of (the collection and transfer of) the Personal Data
4.2.2 Compliance with all transparency and lawfulness requirements under the Privacy Legislation for the collection and processing of the Personal Data and the transfer thereof to Artificieel
4.2.3 Ensuring compliance of its instructions (cfr. Annex I) with the Privacy Legislation
4.3 Customer shall inform Artificieel without undue delay if it is not able to comply with its responsibilities under this Section or the Privacy Legislation.
5. SECURITY OF PROCESSING
5.1 Artificieel takes the security of the Processing activities very seriously. Artificieel shall at least implement the technical and organizational measures specified in Annex II to ensure the security of the Personal Data. This includes protecting the data against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to the data (Personal Data Breach). In assessing the appropriate level of security, Artificieel and the Customer shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing and the risks involved for the Data Subjects.
6. SUBPROCESSORS
6.1 Approval of Subprocessor list
6.1.1 The Customer acknowledges and agrees that Artificieel may engage Subprocessors in connection with provision of the Services (and the performance of the Agreement). In such case, Artificieel shall ensure that the Subprocessors are at least bound by the same obligations by which Artificieel is bound under this DPP.
6.1.2 Artificieel has currently appointed as Subprocessors its Affiliates and other third parties as listed in Annex III.
6.1.3 Artificieel shall be liable for the acts and omissions of its Subprocessors to the same extent as if it would be performing the Services/processing of the Personal Data itself, directly under the terms of this DPP.
6.2 Update of the Subprocessor list
6.2.1 Artificieel shall:
Update the list whenever a Subprocessor changes (e.g. a new Subprocessor was added, a Subprocessor was substituted, etc.)
Clearly indicate the changes in the list
Add a timestamp (i) when the list was updated, and (ii) when the change of the Subprocessor went or will go into effect
6.2.2 Artificieel shall notify the Customer (e.g. on the website or through the Solution) when changes to the list are made.
6.3 Objection
6.3.1 If the Customer wishes to exercise its right to object to a new Subprocessor, it shall notify Artificieel in writing (cfr. Article 10) and based on reasonable grounds by the latest within thirty (30) days after the notification. If the Customer fails to object within the aforementioned timeframe it shall be deemed to have waived its right to object and to have authorized Artificieel to engage the new Subprocessor.
6.3.2 In the event aforementioned objection is not found unreasonable by Artificieel, parties will discuss the Customer's concerns with a view to achieving a reasonable solution. Such solution may include, at Artificieel's discretion, to (i) make available to the Customer a change in the Services; or (ii) recommend a commercially reasonable change to the Customer's use of the Services to avoid the processing of the Personal Data by the objected new Subprocessor without unreasonably burdening the Customer.
6.3.3 If the parties are, however, unable to come to a solution within a reasonable period of time (which shall not exceed thirty (30) days following the objection of the Customer), the Customer may terminate the Services (in whole or partly) if:
The Services/Solution cannot be used by the Customer without appealing to the objected new Subprocessor; or
Such termination solely concerns that part of the Services which cannot be provided by Artificieel without appealing to the objected new Subprocessor
And this by providing written notice thereof to Artificieel (cfr. Article 15) within a reasonable time.
6.3.4 Termination of the Services within the meaning of Article 7.3.3 shall be without liability to either party (but without prejudice to any Fees incurred by the Customer prior to suspension or termination of the Services).
7. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
7.1 The Personal Data shall be processed within the European Economic Area ("EEA").
7.2 However, the Customer recognizes that Artificieel is entitled to transfer and store the Personal Data to countries outside the EEA for the purpose of providing the Service and fulfilling its obligations under the Agreement, and provided that such transfer/storage is done in accordance with the Privacy Legislation regarding additional safeguards. In particular, any transfer of Personal Data outside the EEA by Artificieel to a third party whose domicile or registered office is in a country which does not fall under an adequacy decision enacted by the European Commission, shall be additionally subject to one or more of the listed EU-approved safeguards:
7.2.1 European Commission Adequacy decision
7.2.2 Closing a data transfer agreement: with the third country recipient, which shall contain the standard contractual clauses, as referred to in the 'European Commission implementing decision of 4 June 2021 (Decision (EU) 2021/914) on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council', including the performance of a transfer impact assessment. Before the transfer takes place, the recipient of the Personal Data/Subprocessor of Artificieel in the third country has to guarantee Artificieel that an adequate level of privacy compliance is ensured in this third party country
7.2.3 Binding corporate rules: As it is the case for standard contractual clauses, the recipient of Personal Data/Subprocessor of Artificieel in the third country has to guarantee Artificieel that an adequate level of privacy compliance is ensured in the third party country
7.2.4 Certification mechanisms
7.3 In the event the transfer (or disclosure) of the Personal Data to a third country is required by EU law or EU member state law to which Artificieel is subject to, Artificieel shall inform the Customer of that legal requirement before the transfer/disclosure, unless that law prohibits such information on important grounds of public interest.
8. CONFIDENTIALITY
8.1 Artificieel shall maintain the Personal Data confidential and thus not disclose nor transfer any Personal Data to third parties, without the prior permission of the Customer, unless in accordance with Article 7 of this DPP or when such disclosure and/or announcement is required by law or by a court or other government decision (of any kind). In such case Artificieel shall, prior to any disclosure and/or announcement, inform you in full transparency on the scope and manner thereof.
8.2 Artificieel shall ensure that its personnel, engaged in the performance of the Agreement, are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Artificieel shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
8.3 Artificieel shall ensure that its access to Personal Data is limited to such personnel performing the Assignment in accordance with the Policy.
8.4 The Customer acknowledges the login information to be strictly personal and ensures not to share this information with any third parties.
9. NOTIFICATION
9.1 Notification
Artificieel shall use its best efforts to inform the Customer as soon as reasonably possible when it:
9.1.1 Receives a request for information, a subpoena or a request for inspection or audit from a competent public authority (incl. supervisory authority) in relation to the processing of the Personal Data
9.1.2 Receives a request from a Data Subject invoking its privacy rights under the Privacy Legislation (cfr. Article 10.3)
9.1.3 Has the intention to disclose Personal Data to a competent public authority (incl. supervisory authority)
9.1.4 Determines or reasonably suspects a personal data breach has occurred in relation to the Personal Data
9.2 Personal data breach
In case of a personal data breach, Artificieel:
9.2.1 Shall notify the Customer without undue delay after becoming aware of this personal data breach and, to the extent possible, provide the information as required by Privacy Legislation (e.g. Article 33.3 GDPR). Upon request of the Customer, Artificieel shall provide — to the extent possible — assistance with respect to the Customer's reporting obligation under the Privacy Legislation
9.2.2 Undertakes — as soon as reasonably possible — to take appropriate remedial actions to make an end to the personal data breach (if such has occurred under its responsibility) and to prevent and/or limit any future personal data breaches
9.3 Rights of Data Subjects
9.3.1 Artificieel shall promptly notify the Customer if it receives a request from a Data Subject invoking its privacy rights under the Privacy Legislation. Artificieel shall not respond to any such Data Subject request without the Customer's prior written consent, except to confirm that the request relates to the Customer to which the Customer hereby agrees.
9.3.2 If a Data Subject requests to exercise his/her/their rights, it is the Customer's responsibility to assist the Data Subject in its request. Only if the Customer does not have the ability to correct, amend, block or delete the Personal Data (as required by Privacy Legislation), Artificieel shall assist the Customer (as long as commercially reasonable).
9.3.3 Notwithstanding the foregoing, the Customer remains responsible for compliance of such Data Subject requests.
9.4 Data Protection Impact Assessment
Taking into account the nature of the processing and to the extent that (i) a data protection impact assessment is required under Privacy Legislation and (ii) the required information is reasonable available to Artificieel and the Customer does not otherwise have access to said information, Artificieel shall — upon request of the Customer — provide reasonable assistance to the Customer with the execution of a data protection impact assessment and possible prior consultation with the competent supervisory authorities. To the extent permitted by the Privacy Legislation, the Customer shall be responsible for any costs arising from Artificieel's provisions of such assistance.
10. LIABILITY
10.1 Both parties are solely liable for all damage, claims and/or fines of third parties, competent supervisory authorities or Data Subjects that are the result of their own breach of or non-compliance with (i) the provisions of this DPP, and (ii) the Privacy Legislation or other applicable rules concerning Personal Data. Each party shall indemnify the other party in this regard.
10.2 In case of breach/non-compliance as described in Article 9.1 the infringing party is liable to the other party and must reimburse the latter for all damages and costs, including reasonable attorney's fees, (legal) expenses and damage resulting from such a breach/non-compliance.
10.3 In case of a proven breach by Artificieel of its obligations under this DPP or under the Privacy Legislation, Artificieel shall:
10.3.1 Be liable for the proven direct damages incurred by the Customer
10.3.2 Not be liable for indirect, immaterial and/or consequential damages, including (but not limited to:) loss of profit, loss of opportunities, loss of and/or damage to data, loss of reputation, sanctions and/or fines, and unforeseeable damages
10.4 Artificieel's liability towards the Customer shall in any case be limited to the total amount paid by the Customer to Artificieel during the last twelve (12) months under the Agreement.
10.5 The provisions in this Article shall be without prejudices to any other liabilities as agreed upon in the Agreement.
11. TERM
11.1 The total term of this DPP shall be the term of the Agreement. If no term is determined, this DPP shall remain in force as long as the Service has not come to an end.
12. RETURN AND DELETION OF PERSONAL DATA
12.1 Artificieel shall only retain the Personal Data as long as needed to provide the Services or for the term of the Agreement (cfr. Article 12). The Customer accepts that Artificieel may create back-ups of the Personal Data stored on the Solution.
12.2 Upon termination of the Service or the Agreement, the following shall apply:
12.2.1 The Services and Solution shall be deactivated. Any Personal Data, stored on the Solution shall as from that moment no longer be available to the Customer
12.2.2 The Customer may request the Personal Data to be returned ('export') within twenty (20) days following the end of the Agreement or the Services, upon which Artificieel shall assess whether such export is technically feasible. In any event, Artificieel may, at its sole discretion, determine the format of the export. Artificieel reserves the right to charge any costs relating to such exports to the Customer
12.2.3 After said twenty (20) days-period, the Personal Data on the Artificieel Solution shall be deleted, unless it is required by applicable law to retain the Personal Data
12.2.4 The Personal Data may be present on back-ups. The Personal Data shall be deleted once the last back-up containing the Personal Data is overwritten
12.3 Please note that data or material provided to or submitted to Artificieel by the Customer during the use of the Services may be further stored and processed by Artificieel for further optimisation of the product and services following the termination of the Agreement or the Services.
13. COMPLIANCE / INSPECTIONS
13.1 Compliance
Upon the Customer's request, Artificieel shall make available to the Customer all information necessary and to the extent as requested by law to demonstrate its compliance with its obligations under this DPP.
13.2 Inspections
13.2.1 Artificieel shall allow the Customer (or a third party on its behalf) to carry out inspections — such as, but not limited to: an audit — and shall provide the necessary assistance thereto.
13.2.2 However, the Customer shall limit its initiatives to perform an inspection to a maximum of once a year. The Customer must notify Artificieel at least thirty (30) working days in advance. The performance of inspections may in any case not cause any delay in the performance of the Service by Artificieel.
13.2.3 The Customer shall impose sufficient confidentiality obligations on its (internal/external) auditors. As to ensure the confidentiality of other Customers, Artificieel has the right to require from the Customer and its auditors to sign a non-disclosure agreement before the start of the inspection and to limit the scope of the inspection or the access of the Customers to certain premises.
13.2.4 All inspection costs are exclusively borne by the Customer, except if (and to the extent that) a severe security incident/personal data breach (at Artificieel/under Artificieel's responsibility) or a violation of this DPP is determined during the inspection.
14. CONTACT ARTIFICIEEL
14.1 Notifications by the Customer under this DPP and/or any questions or concerns with regard to the provisions of this DPP must be directed at info@jurimesh.com.
15. MISCELLANEOUS
15.1 If one or more provisions of this policy are found to be invalid, illegal or unenforceable, in whole or in part, the remainder of that provision and of this agreement shall remain in full force and effect as if such invalid, illegal or unenforceable provision had never been contained herein. Moreover, in such event, Parties shall negotiate to replace the invalid provision by an equivalent provision in accordance with the spirit of this agreement. If Parties do not reach an agreement, then the competent court may mitigate the invalid provision to what is (legally) permitted.
15.2 Deviations, alterations and/or additions to this Policy shall only be valid and binding to the extent that they have been accepted in writing by both Parties.
15.3 This Policy and the corresponding rights and obligations that exist in respect of the Parties, cannot be transferred, directly or indirectly, without the prior written consent of the other party.
15.4 (Repeatedly) non-enforcement by a party or by both parties of any right or provision of this Policy, shall not be construed as a waiver of right, and does not lead to forfeiture.
15.5 This Policy prevails to any other agreement between the parties.
16. GOVERNING LAW & JURISDICTION
16.1 This DPP, including its Annexes, shall be governed by the law and subject to the jurisdiction clause as provided in the Agreement.
ANNEX I — DATA PROCESSING
Description of the processing activities
CUSTOMER & USER ONBOARDING & LIFECYCLE MANAGEMENT (SOLUTION)
Purpose: Managing the account of the Customer and the Users on the Solution, from onboarding (creation of the account) on the Solution until offboarding
Data Subjects: (New) Customers and Users of the Solution
Personal Data:
First name
Last name
(Business) email address
Company name
Home address
Proof of address
Phone number
Gender
ID Data
Device OS
Date of birth
User IDs
Retention: Retention up until one (1) year following termination of the Agreement
LEGAL DOCUMENT ANALYSIS & DUE DILIGENCE (CORE FUNCTION)
Purpose: To enable the core functionality of the Solution, which involves processing, analysing, and structuring legal documents uploaded by the Customer to perform legal due diligence, risk analysis, and reporting
Data Subjects: Individuals whose personal data is contained within the legal documents and contracts provided by the Customer
Personal Data:
First name
Last name
(Business) email address
ID Data
Home address
Company name
Date of birth
Job title, role, department
Gender
Financial data: (financial details, payment information, bank account information, tax information, and compensation details)
Retention: Upon termination, the data will be handled as specified in Article 13 of the DPP
SUPPORT
Purpose: Providing support to the Customer and/or Users regarding (the use of) the Solution
Data Subjects: Users of the Solution
Personal Data:
First name
Last name
(Business) email address
Home address
Date of birth
Gender
Phone number
Device OS
User IDs
IP-address
Retention: Retention up until one (1) year following termination of the Agreement
The use (= way(s) of Processing) of the Personal Data and the purposes and means of Processing
Use of Personal Data
Ways of processing:
Collect and store
Align, combine and create
Structure and analyse
Transfer
Retrieve
Update
Consult
Erase and destroy
Means of processing
Means:
Solution
Electronic communication
Third party software (Subprocessors)
Services
Artificieel's internal systems and databases
Purpose of processing
Purpose of processing:
Providing the Solution
Maintaining the Solution
Supporting the User in case of problems/requests
Account management, including creation, maintenance and termination
Billing and payment
Service improvement to enhance the functionality and performance of the Solution
Marketing
Training and onboarding
ANNEX II — TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
Artificieel has implemented and will maintain appropriate technical and organizational security measures intended to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
The implemented technical and organizational measures are described in detail and are regularly updated at: https://trust.jurimesh.com
Artificieel reserves the right to amend and update these measures to reflect technological advancements and legal requirements, in which case Artificieel shall notify the Customer through its website or the Solution. The Customer can access the most up-to-date version of these measures at the aforementioned URL.
ANNEX III — SUBPROCESSORS
Artificieel engages the following Subprocessors to assist in providing the Solution and Services:
Google Cloud
Nature of processing: Cloud services and data storage for the core platform, including Customer data and Customer files
Territory: EEA
Safeguard: Adequacy decision: EU-US Data Privacy Framework
Microsoft Azure
Nature of processing: Provision of cloud infrastructure
Territory: EEA
Safeguard: Adequacy decision: EU-US Data Privacy Framework
Amazon AWS
Nature of processing: Provision of cloud infrastructure
Territory: EEA
Safeguard: Adequacy decision: EU-US Data Privacy Framework
HubSpot
Nature of processing: Marketing and sales automation platform used for managing customer and prospect contact information and communication
Territory: EU
Safeguard: Adequacy decision: EU-US Data Privacy Framework
Intercom
Nature of processing: Customer support and communication management (e.g., support tickets)
Territory: US
Safeguard: Adequacy decision: EU-US Data Privacy Framework
Slack
Nature of processing: Customer-related information may be shared in internal team channels for support or collaboration
Territory: EU
Safeguard: Adequacy decision: EU-US Data Privacy Framework