Data Processing Addendum

Data processing terms for business customers (B2B)

Last updated: January 2025

B2B Document

This Data Processing Addendum (DPA) applies when Pro Boost processes personal data on behalf of business customers as a Data Processor. For direct-to-consumer services, our Privacy Policy governs our data practices.

1. Roles

Customer = Data Controller (the entity that determines the purposes and means of processing)
Pro Boost = Data Processor (the entity processing personal data on behalf of the Controller)

2. Subject Matter

Generation and evaluation of professional documents using AI tooling, including:

Resume and CV generation
Business card generation
Email signature generation
Resume evaluation services

3. Categories of Data

Personal Data Processed:

Identification: Name, email, role, company
Professional Information: Resume content (experience, education, skills)
Payment Metadata: Processed by Stripe as separate processor

4. Sub-processors

Pro Boost engages the following sub-processors to provide the services:

Stripe, Inc. - Payment processing (Privacy Policy)
Google LLC - AI content generation/evaluation (Gemini API) (Privacy Policy)
Railway - Hosting infrastructure (Privacy Policy)

Pro Boost maintains equivalent liability and ensures all sub-processors comply with GDPR requirements.

5. International Data Transfers

Personal data may be transferred outside the European Economic Area (EEA) to sub-processors located in the United States and other countries.

All international transfers are protected by:

Standard Contractual Clauses (SCCs) approved by the European Commission
GDPR adequacy decisions where applicable
Complementary safeguards where required

6. Data Subject Rights Assistance

Pro Boost assists Customer in fulfilling data subject rights requests, including:

Access: Providing copies of personal data
Rectification: Correcting inaccurate data
Erasure: Deleting personal data when requested
Portability: Providing data in a structured format
Objection: Processing limitations based on legitimate interest

For data subject requests, contact: info@pro-boost.pt

7. Security Measures

Pro Boost implements appropriate technical and organizational measures to protect personal data:

Encryption: HTTPS/TLS for all data transmission
Access Control: Principle of least privilege for data access
Audits: Regular review of sub-processor compliance
Confidentiality: Staff training and confidentiality agreements

8. Data Deletion and Return

Upon termination or Customer request, Pro Boost will:

Delete Customer data from active systems within 30 days
Return or delete backup copies within 90 days
Maintain data where required by law (e.g., tax records)

Customer may request earlier deletion for documented business reasons.

9. Contact

For questions about this DPA or data processing practices:

Email: info@pro-boost.pt

DRAFT - NOT FOR PRODUCTION USE

This Data Processing Addendum is a template and must be customized and reviewed by legal counsel before use with business customers. The terms should be negotiated based on the specific relationship and data processing activities.