Last updated: January 2025
This Data Processing Addendum ("DPA") forms part of the Terms of Service between RankSpy ("Processor") and you ("Controller") and governs the processing of personal data in connection with our real-time SERP monitoring services.
Terms such as "Personal Data," "Data Subject," "Processing," and "Controller" shall have the meanings given to them in applicable data protection laws, including the General Data Protection Regulation (GDPR) and other applicable privacy laws.
You, as the Controller, determine the purposes and means of processing personal data. RankSpy acts as a Processor, processing personal data only on your documented instructions. The personal data processed includes account information, keyword monitoring data, and usage analytics.
RankSpy will: (a) process personal data only in accordance with your documented instructions; (b) ensure that persons authorized to process personal data are bound by confidentiality obligations; (c) implement appropriate technical and organizational measures to ensure security of personal data; (d) assist you in responding to data subject requests; and (e) assist you in ensuring compliance with data protection obligations.
RankSpy implements industry-standard security measures including encryption in transit and at rest, access controls, regular security audits, incident response procedures, and secure data center infrastructure. We continuously monitor and improve our security practices to protect your data.
RankSpy may engage sub-processors to assist in providing services. Current sub-processors include cloud infrastructure providers and payment processors. We maintain a list of authorized sub-processors and will provide notice of any changes. You may object to the engagement of new sub-processors on reasonable grounds.
Personal data may be transferred to and processed in countries outside your jurisdiction. Where such transfers occur, RankSpy ensures appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and other legally recognized transfer mechanisms.
RankSpy will assist you in responding to data subject requests, including requests for access, rectification, erasure, restriction of processing, data portability, and objection to processing. We will respond to such requests within the timeframes required by applicable law.
In the event of a personal data breach, RankSpy will notify you without undue delay and within 72 hours of becoming aware of the breach. We will provide all information necessary for you to meet your own notification obligations under applicable data protection laws.
Upon reasonable notice, you may audit RankSpy's compliance with this DPA. We will provide you with all information reasonably necessary to demonstrate compliance with our obligations.
Upon termination of services or at your written request, RankSpy will delete or return all personal data processed on your behalf, unless retention is required by applicable law. Deletion will be completed within 30 days of the request.
For questions regarding data processing or to exercise your rights under this DPA, contact us at support@rankspy.net