This Data Processing Agreement ("DPA") is an integral part of the Terms of Service ("Agreement") entered into between the Customer ("you") and BravoClient ("BravoClient," "we," "our," "us").
It governs the processing of personal data carried out by BravoClient on behalf of the Customer in connection with the use of the BravoClient platform and services, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and any other relevant legislation.
Data Controller: the party that determines the purposes and means of processing personal data.
Data Processor: the party that processes personal data on behalf of the Data Controller.
Data Subject: any identified or identifiable natural person whose personal data is processed.
Personal Data: any information relating to an identified or identifiable natural person.
Processing: any operation performed on personal data, such as collection, recording, use, modification, or deletion.
Sub-processor: any third party engaged by BravoClient to process personal data on behalf of the Customer.
Customer as Data Controller: the Customer acts as the Data Controller and warrants the lawfulness of the data collected, including obtaining any required consent.
BravoClient as Data Processor: BravoClient acts as the Data Processor and processes personal data solely in accordance with the Customer's instructions and this DPA.
BravoClient may process the following categories of personal data on behalf of the Customer:
End User Data: names, email addresses, customer reviews, video testimonials, feedback, profile photos, and any other content provided by users.
Customer (Business) Data: company name, contact person, email address, phone number, business location(s), login credentials.
Usage Data: IP address, browser or device information, logs, and activity data related to the use of the BravoClient platform.
BravoClient processes personal data for the following purposes:
Aggregating and centralizing customer reviews from connected platforms (e.g., Google, Facebook, TripAdvisor).
Responding to reviews using AI-assisted suggestions, with Customer approval for sensitive content.
Sending and tracking review request campaigns via email, SMS, or QR code.
Displaying reviews on websites through customizable widgets.
Providing reporting and performance dashboards.
Optimizing the Customer's reputation management and customer feedback.
BravoClient processes personal data for the duration of the contractual relationship or until the Customer requests deletion, unless a legal obligation requires retention.
BravoClient commits to:
Processing data only on the Customer's instructions.
Ensuring the confidentiality of its personnel and sub-processors with access to personal data.
Implementing appropriate security measures to protect data against unauthorized access, loss, or disclosure.
Assisting the Customer in fulfilling its GDPR obligations (e.g., portability, erasure).
Notifying the Customer without undue delay in the event of a personal data breach.
As the Data Controller, the Customer commits to:
Ensuring the lawfulness of processing instructions.
Providing Data Subjects with appropriate data protection information.
Obtaining required consents where necessary.
Managing Data Subject requests, with BravoClient's assistance upon request.
BravoClient may engage Sub-processors to provide its services. In doing so, BravoClient commits to:
Imposing obligations on all Sub-processors equivalent to those in this DPA.
Informing the Customer of any changes regarding Sub-processors and allowing any legitimate objection.
Remaining fully liable for the actions of its Sub-processors.
The current list of Sub-processors is available upon request.
In the event of data transfers outside the European Economic Area (EEA), BravoClient will implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or any equivalent legal mechanism.
BravoClient implements technical and organizational measures appropriate to the level of risk, including:
Encryption of data in transit.
Role-based access control and secure authentication.
Hosting on secure infrastructure (e.g., servers hosted by Infomaniak or equivalent).
Regular vulnerability assessments and data protection audits.
BravoClient assists the Customer in enabling Data Subjects to exercise their rights, including:
Right of access, rectification, or erasure.
Right to restriction of or objection to processing.
Right to data portability (where applicable).
All such requests are managed by the Customer. BravoClient does not respond directly to Data Subjects unless expressly instructed by the Customer.
Upon termination of the Agreement and at the Customer's request, BravoClient commits to:
Returning or deleting all personal data, unless a legal obligation requires its retention.
The Customer may audit BravoClient's compliance with this DPA by written request.
BravoClient may, at its discretion:
Provide supporting documentation, or
Authorize an audit, subject to reasonable notice and without disrupting its operations.
Each party's liability under this DPA is subject to the limitations of liability set forth in the Agreement, unless otherwise required by applicable data protection law.
This DPA is governed by and construed in accordance with French law, without regard to conflict of law rules.
This DPA remains in effect for as long as BravoClient processes data on behalf of the Customer or retains personal data under the Agreement.
For any questions regarding this DPA, please contact:
BravoClient
[email protected].
Ask your questions, request a demo, or message us directly on WhatsApp.
