Last Updated: December 16, 2025
This Data Processing Agreement ("DPA") forms part of the Master Service Agreement between Hybrid Reply ("Processor") and the Customer ("Controller").
"Customer Data" means any personal data processed by Hybrid Reply on behalf of the Customer pursuant to or in connection with the Agreement.
"Sub-processor" means any third party appointed by or on behalf of Hybrid Reply to process Customer Data.
We shall process Customer Data only on documented instructions from the Customer. We ensure that persons authorized to process the personal data have committed themselves to confidentiality.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest.
The Customer grants general authorization to Hybrid Reply to engage third-party Sub-processors. Our primary sub-processors include:
We shall assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer's obligation to respond to requests for exercising the data subject's rights (e.g., right to be forgotten).
Upon termination of the Service Agreement, Hybrid Reply shall delete all Customer Data within 30 days, unless applicable law requires storage of the personal data.