Last updated: 29th April 2025
This Data Processing Agreement ("") forms part of the Terms of Service ("") between ("Processor", "we", "us", or "our") and you ("Controller", "Customer", "you").
This DPA reflects the parties' agreement with respect to the Processing of Personal Data in accordance with the requirements of the applicable Data Protection Laws, including the General Data Protection Regulation (EU) 2016/679 ("").
- "" means any information relating to an identified or identifiable natural person.
- "" means any operation performed on Personal Data, such as collection, storage, use, transfer, or deletion.
- "" means the entity that determines the purposes and means of Processing Personal Data.
- "" means the entity that processes Personal Data on behalf of the Data Controller.
- "" means any third party appointed by the Processor to assist with Processing activities.
You, as the Customer, are the of any Personal Data collected through forms created on Youform.Youform acts as the , processing Personal Data on your behalf.
We shall:
- Process Personal Data only on your documented instructions, unless required by law to act without such instructions.
- Ensure that persons authorized to process Personal Data are under an appropriate contractual or statutory obligation of confidentiality.
- Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
- Assist you, insofar as possible, in fulfilling your obligations to respond to Data Subject requests.
- Provide reasonable assistance in ensuring compliance with obligations relating to security, breach notifications, data protection impact assessments, and consultations with supervisory authorities.
- Upon termination of services, at your choice, delete or return all Personal Data, unless otherwise required by law.
Youform may engage Subprocessors to process Personal Data on your behalf.A current list of Subprocessors is available here . We will notify Customers of any changes to Subprocessors in accordance with applicable Data Protection Laws.
When transferring Personal Data outside the European Economic Area (EEA), Youform will ensure such transfers are made in compliance with applicable Data Protection Laws.We rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs), for such transfers.
We shall assist you, to the extent reasonably possible, in fulfilling your obligations to respond to requests by Data Subjects to exercise their rights under the GDPR, including rights of access, rectification, erasure, and portability of their Personal Data.
Youform has implemented and maintains appropriate technical and organizational security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
Details about our security practices are available upon request.
In the event of a Personal Data breach affecting your Personal Data, Youform will notify you without undue delay and provide all necessary information to enable you to comply with your breach notification obligations under GDPR.
Upon termination of the Principal Agreement, you may request deletion of your Personal Data processed by Youform.We shall comply with such a request within a reasonable time unless otherwise required to retain the data under applicable law.
This DPA shall be governed by and construed in accordance with the laws of India.
By using Youform, you agree to this Data Processing Agreement.