Data Processing Agreement

The tenant acts as the controller for staff scheduling, ratings, and related operational data. Schedula acts as the processor for that data. For account-security, billing, and direct product communications, Schedula is the controller and the tenant is a recipient of the relevant notices.

The subject matter of the processing is the operation of the Schedula workforce-management service for the tenant. Processing continues for the duration of the tenant's subscription, plus a 30-day grace window after termination or deletion.

Schedula processes the categories of personal data described in the Privacy Policy for the purposes of providing scheduling, swap, notification, gamification, customer-rating, and burnout-prevention features.

Data subjects are: managers and staff employed or engaged by the tenant; in some flows, customers who provide ratings; and authorised support contacts.

Schedula uses the sub-processors listed on the Sub-processors page. Tenants accept the current list at the start of their subscription. We will notify tenants at least 30 days before adding or replacing a sub-processor; tenants may object on documented grounds, in which case we will work in good faith to find an alternative or, failing that, allow contract termination.

Schedula maintains the technical and organisational measures described in the Privacy Policy and security documentation: encryption, audit logging, access controls, password hashing, rate limiting, and tested backup procedures.

Schedula provides tenants with tooling to fulfil access, erasure, and portability requests. Where Schedula receives a request directly, it forwards the request to the tenant when the data is under the tenant's controllership.

Schedula will notify the tenant without undue delay, and in any case within 72 hours, of becoming aware of a personal data breach affecting tenant data, providing the information required by Article 33(3) GDPR as it becomes available.

When sub-processors operate outside the EU/EEA, transfers rely on Standard Contractual Clauses or an adequacy decision. Specific transfer mechanisms are listed on the Sub-processors page.

Schedula will make available all information necessary to demonstrate compliance with Article 28 GDPR and will allow audits — including inspections — by the tenant or an auditor mandated by the tenant, on reasonable notice and subject to confidentiality.

On termination, Schedula will, at the tenant's choice, delete or return all personal data, except where Union or Member State law requires storage. The 30-day grace window in the Privacy Policy applies.