Data Processing Agreement (DPA)
Last updated: [01/04/2025]
This Data Processing Agreement (“DPA”) forms part of the Terms and Conditions between Kokoon Academy Ltd. (“Processor”) and the Customer (“Controller”) and governs the processing of personal data by Kokoon on behalf of the Customer in connection with the provision of the Services.
1. Definitions
Personal Data: Any information relating to an identified or identifiable natural person.Processing: Any operation performed on Personal Data (e.g. collection, storage, use, deletion).
Data Protection Laws: All applicable data protection laws and regulations, including the UK GDPR and Data Protection Act 2018.
Sub-processor: A third party appointed by Kokoon to process personal data on behalf of the Customer.
2. Roles of the Parties
The Customer is the Data Controller, and Kokoon Academy Ltd. is the Data Processor. The Processor shall only process Personal Data on documented instructions from the Controller unless otherwise required by law.
3. Subject Matter and Duration
This DPA applies for the duration that Kokoon processes Personal Data on behalf of the Customer in connection with its provision of the Services.
4. Nature and Purpose of Processing
Kokoon processes personal data in order to deliver AI-powered manager assistant services through Slack. This includes analysis, tracking, and personalised productivity assistance for authorised users.
5. Categories of Data Subjects
Data subjects may include: Employees or authorised users of the Customer’s Slack workspace.
6. Categories of Personal Data
Kokoon may process the following types of personal data: Name or display name, Slack user ID, Email address (if shared via Slack), Team or company metadata, Message content and usage metadata. Kokoon does not intentionally collect special category data (e.g. health, race, religion, biometric data).
7. Sub-processors
Kokoon may engage Sub-processors to support delivery of the Services. Kokoon shall ensure Sub-processors are subject to equivalent data protection obligations. A list of current Sub-processors can be found at https://www.wearekokoon.com/subprocessors
8. Security Measures
Kokoon implements appropriate technical and organisational measures to protect Personal Data, including: Encryption in transit and at rest, Access controls and role-based permissions, Monitoring, logging, and audit trails, Regular review of infrastructure and vendor security
9. Data Subject Rights
Kokoon shall assist the Customer in responding to data subject requests under applicable law, including requests to access, correct, or delete personal data.
10. Personal Data Breaches
In the event of a confirmed personal data breach, Kokoon will notify the Customer without undue delay and provide relevant information and support in compliance with applicable law.
11. International Data Transfers
If data is transferred outside the UK or EEA, Kokoon ensures that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.
12. Return or Deletion of Data
Upon termination of the Services or upon written request, Kokoon will delete or return all Personal Data, unless otherwise required by law to retain it.
13. Audit Rights
The Customer may request, no more than once annually, reasonable evidence of Kokoon’s compliance with its data processing obligations. Any formal audit may be conducted at the Customer’s expense with reasonable notice.
14. Governing Law
This DPA is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
