Biqli
Features Pricing Integrations
Login Sign Up

Data Processing Addendum

Last Updated: September 16, 2025

1. Introduction & Scope

This Data Processing Addendum ("DPA") is incorporated into and forms an integral part of the Terms of Service ("Agreement") between Biqli LLC ("Biqli", "we", "us") and you, the customer ("Customer", "you"). This DPA applies when Biqli processes Personal Data on behalf of the Customer in the course of providing the Services.

This DPA is intended to satisfy the requirements of Article 28(3) of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and similar requirements under other applicable Data Protection Laws.

2. Definitions

For the purposes of this DPA, the following terms shall have the meanings set out below. Capitalized terms not defined herein shall have the meaning given to them in the Agreement or under applicable Data Protection Laws.

  • "Data Protection Laws" means all applicable data protection and privacy laws, including but not limited to GDPR, the UK GDPR, and the California Consumer Privacy Act (CCPA) as amended.
  • "Data Subject" means an identified or identifiable natural person to whom Personal Data relates.
  • "Personal Data" means any information relating to a Data Subject that is processed by Biqli on behalf of the Customer as a result of the Agreement.
  • "Processing" means any operation or set of operations which is performed on Personal Data, such as collection, recording, organization, storage, adaptation, use, disclosure, or erasure.
  • "Controller", "Processor", "Supervisory Authority", and "Personal Data Breach" shall have the meanings ascribed to them in GDPR.

3. Roles and Responsibilities

3.1. Parties' Roles

The parties acknowledge and agree that with regard to the Processing of Personal Data, the Customer is the Controller and Biqli is the Processor. Each party will comply with its respective obligations under Data Protection Laws.

3.2. Purpose Limitation

Biqli shall process Personal Data only for the purposes described in the Agreement and in accordance with the Customer’s documented lawful instructions. Biqli will not process Personal Data for any other purpose unless required to do so by applicable law, in which case Biqli shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

4. Details of Data Processing

  • Subject Matter: The subject matter of the processing is the provision of the Services as defined in the Agreement.
  • Duration: The duration of the processing is for the term of the Agreement, and until all Personal Data is returned or deleted in accordance with Section 9 of this DPA.
  • Nature and Purpose: The nature and purpose of the processing are to provide, maintain, and improve the link management, QR code, and analytics services as subscribed to by the Customer.
  • Categories of Data Subjects: Data Subjects may include the Customer's employees, contractors, business partners, and end-users who interact with the Customer's Biqli Products (e.g., click on a link or scan a QR code).
  • Types of Personal Data: Personal Data processed may include account registration data (name, email), IP addresses, device information (browser, OS), geolocation data, and URLs which may themselves contain Personal Data.

5. Security of Processing

Biqli will implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as described in our Privacy Policy and security documentation. These measures are designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

6. Sub-processors

6.1. Use of Sub-processors

The Customer grants Biqli general authorization to engage third-party sub-processors for processing Personal Data on the Customer’s behalf. Biqli will maintain an up-to-date list of its sub-processors.

6.2. Obligations

Biqli will enter into a written agreement with each sub-processor containing data protection obligations no less protective than those in this DPA. Biqli shall remain fully liable to the Customer for the performance of the sub-processor's data protection obligations.

6.3. Changes to Sub-processors

Biqli will provide the Customer with at least 30 days' prior written notice of any intended changes concerning the addition or replacement of sub-processors. The Customer may object to a new sub-processor on reasonable data protection grounds within 14 days of such notice. If the parties cannot resolve the objection, the Customer may terminate the Agreement.

7. Data Subject Rights

Biqli will, to the extent legally permitted, promptly notify the Customer if it receives a request from a Data Subject to exercise their rights under Data Protection Laws (e.g., access, rectification, erasure). Biqli shall, at the Customer's expense, provide reasonable assistance to the Customer in fulfilling its obligation to respond to such requests.

8. Personal Data Breach

In the event of a Personal Data Breach, Biqli will notify the Customer without undue delay after becoming aware of the breach. The notification will include information required by Data Protection Laws, allowing the Customer to meet its own breach notification obligations.

9. Return and Deletion of Data

Upon termination of the Agreement, Biqli will, at the choice of the Customer, delete or return all Personal Data to the Customer. Biqli shall delete all existing copies unless applicable law requires storage of the Personal Data. This process is further detailed in the "Data Retention" section of our Privacy Policy.

10. Audits and Records

Biqli will make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. Such audits shall be conducted during reasonable times, with reasonable advance notice, and subject to confidentiality obligations. The Customer shall bear the costs of any such audit.

11. International Transfers

Where the processing of Personal Data by Biqli involves a transfer of that data outside the European Economic Area (EEA) or the UK, Biqli shall ensure that adequate safeguards, such as the Standard Contractual Clauses (SCCs), are in place to protect the Personal Data in accordance with the requirements of Data Protection Laws.