Back to WorkVib

Legal

Data Processing Agreement

Effective date: 8 May 2026 - Version 1.0

This Data Processing Agreement forms part of the Terms of Service between you as Controller and Loominfo Limited as Processor for use of WorkVib. It governs our processing of personal data on your behalf.

For customers who require a signed copy, email support@workvib.com with your legal business name and registered address.

1. Definitions

Terms such as personal data, controller, processor, data subject, processing, and personal-data breach have the meanings given in GDPR, UK GDPR, the New Zealand Privacy Act 2020, or equivalent applicable law.

2. Processing details

  • Subject matter: providing WorkVib to the Controller.
  • Duration: while the account remains active, plus the retention periods in the Privacy Policy.
  • Nature and purpose: hosting, storing, displaying, transmitting, securing, supporting, and improving workspace data.
  • Data subjects: workspace users, employees, contractors, clients, guests, and other people whose data is entered into WorkVib.
  • Data categories: contact details, account details, roles, project and task data, chat messages, comments, files, notes, time logs, reports, technical data, and billing metadata.

3. Processor obligations

  • Process personal data only on documented instructions, unless law requires otherwise.
  • Ensure personnel authorized to process personal data are subject to confidentiality obligations.
  • Implement appropriate technical and organizational security measures.
  • Use sub-processors only with general authorization and contractual protections.
  • Assist with data-subject requests, security obligations, DPIAs, and breach notifications where reasonably possible.
  • Delete or return personal data after service termination unless law requires retention.
  • Make information reasonably available to demonstrate compliance with this DPA.

4. Security measures

  • TLS encryption in transit.
  • Password hashing, token protection, and least-privilege access controls.
  • Role-based workspace permissions.
  • Backups, operational logging, rate limiting, and abuse monitoring.
  • Vendor review and contractual safeguards for sub-processors.

5. Breach notification and transfers

If we become aware of a personal-data breach affecting Controller data, we will notify the Controller without undue delay and, where required, within 72 hours of becoming aware.

International transfers are protected by appropriate safeguards such as Standard Contractual Clauses, equivalent contractual measures, encryption, and access controls where required.

6. Sub-processors, audits, and liability

The Controller authorizes the sub-processors listed on the Sub-processors page. We remain responsible for their processing to the extent required by applicable law and our agreement.

Audits may be requested no more than once per year unless there is a reasonable suspicion of breach. The liability limits in the Terms apply to this DPA unless mandatory law says otherwise.

7. Governing law

This DPA is governed by New Zealand law and the courts of New Zealand sitting in Auckland, except where data-protection law grants mandatory rights to data subjects or supervisory authorities.

Contact

Questions can be sent to support@workvib.com. Loominfo Limited, 17A Prictor Street, Papakura, Auckland, New Zealand. Company number: 9429052682902.