1. Scope

This DPA applies where Rabbit SaaS Limited ("Processor") processes personal data on behalf of a Business Customer ("Controller") via the CronRabbit service.

2. Processing of Data

The Processor shall process personal data only on the written instructions of the Controller (which includes the Terms of Service) and in accordance with Article 28 of the UK GDPR.

3. Security

The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest.

4. Sub-processors

The Controller authorizes the Processor to use the following sub-processors:

Stripe: (Payments)
DigitalOcean & Amazon AWS: (Hosting)
Email Providers: (Alerts)

The Processor will notify the Controller of any intended changes to this list.

5. Assisting the Controller

The Processor shall assist the Controller in responding to data subject requests and in ensuring compliance with security and breach notification obligations.

6. Deletion

Upon termination of the Service, the Processor shall delete all personal data unless UK law requires its retention.