Data Processing Agreement (DPA)

  • Trusted & backed by our five-star reviews.

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (“Agreement”) between [Customer Name] (“Customer,” “you,” “your”) and Starbee (“the Software,” “Processor,” “we,” “our,” “us”). This DPA governs the processing of personal data we perform on behalf of the Customer in connection with the provision of the Software, in compliance with applicable data protection laws, including the Privacy Act 1988, the Australian Privacy Principles (APPs), and other relevant regulations.



1. Definitions

  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes personal data on behalf of the Data Controller.
  • Data Subject: Any identified or identifiable individual whose personal data is processed.
  • Personal Data: Any information relating to an identified or identifiable individual.
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or erasure.
  • Sub-Processor: Any third party appointed by the Processor to process personal data on behalf of the Customer.



2. Roles and Responsibilities

  • Customer as Data Controller: The Customer acts as the Data Controller for all personal data processed through the Software. The Customer is responsible for determining the legal basis for processing and ensuring compliance with applicable data protection laws.
  • Starbee as Data Processor: Starbee acts as the Data Processor and processes personal data on behalf of the Customer according to this DPA and the Customer’s instructions.



3. Types of Personal Data Processed

Starbee processes the following types of personal data on behalf of the Customer:

  • End-User Data: Names, email addresses, reviews, feedback, video testimonials, and other information submitted through review requests or landing pages.
  • Customer Data: Names, email addresses, contact details, login credentials, and other business-related information.
  • Usage Data: IP addresses, device information, and data related to the use of the Software.

The scope of data processed may vary depending on the services provided, and the Customer will be informed accordingly.



4. Purpose of Processing

Starbee processes personal data for the following purposes:

  • Aggregating reviews from platforms such as Google and Facebook.
  • Responding to reviews using artificial intelligence on behalf of the Customer.
  • Sending review request campaigns and processing feedback.
  • Sharing reviews via widgets and social media platforms.
  • Performing analytics for reputation management.
  • Automating processes, including the sending of review requests.



5. Duration of Processing

Data processing will continue for the duration of the Agreement unless required otherwise by law or upon the Customer’s request for data deletion.



6. Processor Obligations

Starbee agrees to:

  • Process Data Only on Instructions: Process personal data solely as necessary to provide the Software and in line with the Customer’s instructions.
  • Maintain Confidentiality: Ensure all employees or contractors involved in processing are bound by confidentiality obligations.
  • Implement Security Measures: Use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure.
  • Assist the Customer: Support the Customer in responding to data subject requests (e.g., access, rectification, deletion) and ensuring compliance with applicable laws, including conducting data protection impact assessments where required.
  • Notify of Data Breaches: Inform the Customer promptly of any personal data breaches and provide relevant details to address the issue.



7. Customer Obligations

As the Data Controller, the Customer agrees to:

  • Provide Lawful Instructions: Ensure all instructions given to Starbee comply with applicable data protection laws.
  • Inform Data Subjects: Provide necessary privacy notices to data subjects and obtain required consents where applicable.
  • Ensure Legal Basis for Processing: Establish a valid legal basis for processing personal data (e.g., consent, legitimate interest, contract performance).
  • Respond to Data Subject Requests: Handle requests from data subjects regarding personal data processed through the Software, with Starbee providing support as needed.


8. Sub-Processors

Starbee may engage Sub-Processors to process personal data. Starbee will:

  • Ensure Sub-Processors provide the same level of protection as required under this DPA.
  • Notify the Customer of any new Sub-Processors, allowing them to object.
  • Remain fully responsible for Sub-Processors’ actions.

A list of current Sub-Processors is available upon request.



9. International Data Transfers

Starbee may transfer personal data outside Australia to countries with different data protection laws. Such transfers will include appropriate safeguards, such as using Standard Contractual Clauses (SCCs) or other lawful mechanisms, to protect the data.



10. Security Measures

Starbee implements technical and organisational measures, including:

  • Encryption of personal data during transmission.
  • Access controls to prevent unauthorised data access.
  • Regular security assessments and audits.
  • Incident response plans for managing data breaches.



11. Data Subject Rights

Starbee will assist the Customer in ensuring compliance with data subjects’ rights, such as:

  • Accessing their personal data.
  • Rectifying inaccurate or incomplete data.
  • Requesting erasure of data (“right to be forgotten”).
  • Restricting or objecting to data processing.
  • Receiving data in a portable format (if applicable).

Requests from data subjects will be forwarded to the Customer for resolution, with Starbee providing necessary support.



12. Data Retention and Deletion

Upon termination of the Agreement, Starbee will, at the Customer’s request:

  • Return all personal data processed on behalf of the Customer, or
  • Delete all personal data unless retention is required by law.



13. Audit Rights

The Customer may request an audit of Starbee’s processing activities to verify compliance with this DPA. Such audits will be conducted at the Customer’s expense, with reasonable notice and minimal disruption to operations.



14. Liability

Both parties agree that liability under this DPA is subject to the limitations outlined in the Agreement, except where prohibited by applicable laws.



15. Governing Law

This DPA is governed by the laws of New South Wales, Australia, without regard to conflict of law principles.



16. Termination

This DPA remains in effect for as long as Starbee processes personal data on behalf of the Customer. Upon termination of the Agreement, the terms of this DPA will continue to apply to retained data.



17. Contact Information

For questions or concerns regarding this DPA or data privacy, contact us via Starbee’s Contact Page.