Legal Center
Legal

Data Processing & Treatment

How GROWJOLT processes personal information on behalf of clients, including service-provider obligations, security, subprocessors, and data requests.

Effective date / last updated: [EFFECTIVE DATE]

This Data Processing & Treatment notice describes how [LEGAL COMPANY NAME, LLC] ("GROWJOLT") handles personal information that it processes on behalf of a client in the course of providing the Services. Where we determine the purposes and means of processing (for example, for our own marketing or site analytics), our Privacy Policy applies instead.

01Roles of the parties

When we process personal information of a client's end users at the client's direction, the client acts as the "business" / "controller" and GROWJOLT acts as a "service provider" / "processor." The client is responsible for having a lawful basis and appropriate notices and consents for the data it provides to us.

02Scope & instructions

We process personal information only:

  • to provide the Services described in the applicable Order;
  • on documented instructions from the client; and
  • as otherwise permitted or required by applicable law.

Consistent with the CCPA/CPRA, we do not "sell" or "share" client personal information, do not retain, use, or disclose it for any purpose other than performing the Services (or as otherwise permitted by law), and do not combine it with information from other sources except as permitted.

03Subprocessors

We use trusted third-party subprocessors (such as hosting, content-delivery, email-delivery, and analytics providers) to help deliver the Services. We impose data-protection obligations on subprocessors that are consistent with this notice and remain responsible for their performance of the obligations we delegate to them.

04Security measures

We maintain commercially reasonable administrative, technical, and physical safeguards appropriate to the nature of the information, which may include access controls, encryption in transit, network security, and least-privilege practices. No safeguards are perfectly secure, and our obligations are limited as described in our Terms of Service.

05Assistance with data requests

Taking into account the nature of the processing, we provide reasonable assistance to enable the client to respond to verified consumer/data-subject requests (such as access, correction, and deletion) and to meet the client's own legal obligations. If we receive a request directly from the client's end user, we will refer that person to the client unless legally required to respond.

06International transfers

We are based in and process personal information in the United States. Where data originates from outside the United States, the client is responsible for ensuring an appropriate transfer mechanism is in place, and we will reasonably cooperate to support it.

07Incident notification

If we become aware of a confirmed breach of security leading to the unauthorized access, disclosure, or destruction of personal information we process for a client, we will notify the affected client without undue delay and provide information reasonably available to us to assist the client's response, consistent with applicable law.

08Return or deletion & contact

On termination of an engagement, and at the client's written request, we will return or delete personal information we processed on the client's behalf, except where retention is required by law or for the establishment, exercise, or defense of legal claims, and subject to our standard backup cycles.

Data-processing inquiries: [PRIVACY EMAIL]
[LEGAL COMPANY NAME, LLC], [MAILING ADDRESS — STREET, CITY, STATE ZIP]
← Back to Legal Center