Last updated: 25 May 2026
Data Processing Addendum
This Data Processing Addendum (DPA) forms part of the agreement between the customer (Controller) and Reshift (Processor) for the processing of personal data in connection with the Reshift services.
1. Definitions
Terms such as Personal Data, Processing, Controller, Processor, and Data Subject have the meanings given in the UK GDPR and EU GDPR.
2. Scope and roles
Reshift processes Personal Data only on documented instructions from the Controller, as set out in the agreement and the customer's configuration of the service.
3. Categories of data
Caller identifiers, voice recordings, transcripts, chat messages, contact details, booking and CRM data submitted by end users to the Controller's agents.
4. Sub-processors
The Controller authorises Reshift to engage sub-processors listed in our current sub-processor schedule. We will notify the Controller of any intended changes, allowing 30 days to object.
5. Security measures
Reshift implements appropriate technical and organisational measures as described in our Security page, including encryption, access controls, and incident response procedures.
6. Data subject rights
Reshift will assist the Controller in responding to data subject requests, taking into account the nature of the processing.
7. Breach notification
Reshift will notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a personal data breach.
8. International transfers
Where Reshift transfers Personal Data outside the UK or EEA, transfers are governed by the UK International Data Transfer Addendum or EU Standard Contractual Clauses.
9. Audits
Reshift will make available information necessary to demonstrate compliance, including third-party audit reports, and allow for audits subject to reasonable notice and confidentiality.
10. Deletion
On termination, Reshift will delete or return Personal Data within 30 days, except where retention is required by law.
Questions? Contact us at hello@reshift.agency.