SUITEKK GmbH
Last Updated: April 2, 2026
Effective Date: April 2, 2026
IMPORTANT NOTICE TO USERS
Please read these Terms of Service carefully in their entirety before accessing or using the Services provided by SUITEKK GmbH. By registering for and/or using the Services, you agree to be bound by these Terms of Service, our Privacy Policy, and our Data Processing Addendum (where applicable), all of which are incorporated by reference herein.
1. Acceptance of terms
1.1 Agreement to terms
By accessing, browsing, or using the Platform and Services in any manner—including registering for an account, visiting our website, or engaging with our content—you agree to these Terms of Service and all other operating rules, policies, and procedures that may be published from time to time. These terms constitute a legally binding agreement between you and SUITEKK GmbH ("SUITEKK," "Company," "we," "us," or "our").
1.2 Incorporation of additional terms
Certain of the Services may be subject to additional terms and conditions that we specify from time to time. Your use of such Services is subject to those additional terms, which are incorporated into and form part of this Agreement. If there is any conflict between these Terms of Service and any additional terms, the additional terms will control with respect to that specific Service.
1.3 Applicability
These Terms of Service apply to all users of the Services, including:
• Contributors of content, information, and other materials
• Registered and unregistered users
• Individuals accessing educational programs
• Customers purchasing courses or training materials
1.4 No third-party beneficiaries
These Terms of Service create a contract between you and SUITEKK. They do not create any rights for any third party.
2. Eligibility and age requirements
2.1 Minimum age requirement
You represent and warrant that you are at least 16 years of age. If you are under 16 years of age, you may not, under any circumstances, access or use the Services. We may refuse to offer the Services to any person or entity and may change our eligibility criteria at any time, at our sole discretion.
2.2 Right to refuse service
We reserve the right to refuse or terminate access to the Services at any time and for any reason, including if we believe you do not meet the eligibility requirements.
2.3 Compliance with laws
You are solely responsible for ensuring that your access to and use of the Services complies with all applicable laws, rules, and regulations in your jurisdiction. The Services are offered only for your use and not for the use or benefit of any third party.
2.4 Authority to bind
If you are registering with SUITEKK on behalf of an organization, business, or other entity, you represent and warrant that you have full authority to bind that entity to these Terms of Service and that such entity agrees to be bound by these terms.
3. Account registration and security
3.1 Account creation
To use certain features of the Services, you must register for an account ("Account") and provide accurate, complete, and current information. You agree to:
• Provide truthful, accurate, and complete information during registration
• Keep your Account information current and accurate
• Promptly update your information if it changes
• Maintain the confidentiality of your password
3.2 Username requirements
When selecting a username, you agree that you will not:
• Select or use the name of another person with the intent to impersonate that person
• Use a name subject to any rights of another person without appropriate authorization
• Use a name that is offensive, vulgar, obscene, or otherwise inappropriate in our sole discretion
3.3 Account security and responsibility
You are solely responsible for:
• All activity that occurs on or through your Account
• Maintaining the confidentiality and security of your Account password
• Preventing unauthorized access to your Account and device
• Immediately notifying SUITEKK of any:
• Breach of security or unauthorized use of your Account
• Change in your eligibility to use the Services
• Revocation of any licenses from regulatory authorities
You agree that you will never:
• Share your login information with any other person
• Allow any third party to access your Account
• Use another person's account or registration information without permission
3.4 Account termination
You have the ability to delete your Account either directly through our Platform or by submitting a request to SUITEKK. Upon Account termination, we will cease active provision of Services, though we may retain your Personal Data as required by law or for legitimate business purposes.
4. Processing of personal data
4.1 Privacy and data protection
Your personal data will be treated in accordance with:
• SUITEKK's Privacy Policy
• The Swiss Federal Act on Data Protection (FADP)
• The General Data Protection Regulation (GDPR), where applicable
• All other applicable data protection laws
4.2 Data processing addendum
To the extent that you are a data controller who provides SUITEKK with personal data of third parties (including employees, customers, or other data subjects) that is subject to the GDPR or the FADP, you agree to be bound by SUITEKK's Data Processing Addendum or by request.
4.3 Your instructions
When you provide instructions regarding the processing of personal data, you warrant that:
• You have authority to provide such instructions
• Such instructions comply with all applicable laws
• SUITEKK's processing in accordance with your instructions will not violate data protection laws
5. Content
5.1 Definition of content
"Content" includes all information, data, text, photographs, videos, audio clips, written posts and comments, software, scripts, graphics, interactive features, and other materials generated, provided, or accessible on or through the Services. This includes User Content (defined below) as well as Content provided by SUITEKK.
5.2 User content
SUITEKK is not responsible for any Content added, created, uploaded, submitted, or posted by users ("User content"), whether posted publicly or transmitted privately.
You represent and warrant that all User Content you provide is:
• Accurate, complete, and up-to-date
• In compliance with all applicable laws, rules, and regulations
• Not in violation of any third-party rights
• Not offensive, defamatory, or inappropriate
5.3 Content accuracy
You acknowledge that you assume all risk for:
• Any damage or loss resulting from accessing or using Content
• Any accuracy or legality issues with Content
SUITEKK does not guarantee the accuracy, completeness, currency, or legality of any Content accessed through the Services.
5.4 Copyright and intellectual property protection
All Content, including but not limited to our educational materials, course content, videos, and resources, is protected by copyright, trademarks, patents, and other intellectual property laws. You must abide by and maintain all copyright notices, information, and restrictions contained in any Content accessed through the Services.
5.5 Limited use license
Subject to these Terms of Service, SUITEKK grants you a worldwide, non-exclusive, non-sublicensable, and non-transferable license to use (i.e., to download and display locally) Content solely for purposes of using the Services as intended. This license is personal to you and may not be transferred.
Prohibited uses: You may not:
• Sell, license, rent, or otherwise use or exploit any Content for commercial purposes without express written permission
• Reproduce, modify, distribute, or store any Content except as necessary for your personal use
• Use Content in any way that violates third-party rights
• Reverse-engineer, decompile, or attempt to derive underlying ideas or algorithms from any Content
5.6 Availability of content
SUITEKK makes no guarantee regarding the availability of any Content. We reserve the right to, at our sole discretion and without notice:
• Remove, edit, or modify any Content
• Remove or block any Content from the Services
• Discontinue, suspend, or modify any feature or functionality
6. Rules of conduct
6.1 User responsibilities
You are responsible for all of your activity in connection with the Services, including:
• All communications and interactions with other users
• Collection of data from other users
• Ensuring your activity complies with these Terms of Service
6.2 Prohibited conduct
You agree that you will not, and will not permit any third party to, take any action or upload, download, post, submit, or distribute any Content that:
6.2.1 Legal violations
• Infringes any patent, trademark, trade secret, copyright, right of publicity, or other intellectual property right
• Violates any applicable law, rule, or regulation (domestic, foreign, or international)
• Breaches any contractual obligation or duty
• Violates these Terms of Service
6.2.2 False or misleading content
• Is false, misleading, untruthful, or inaccurate
• Constitutes fraud, deception, or misrepresentation
6.2.3 Harmful or inappropriate content
• Is unlawful, threatening, abusive, harassing, defamatory, libelous, or invasive of another's privacy
• Is tortious, obscene, vulgar, pornographic, or sexually explicit
• Contains or depicts nudity or sexual activity
• Is otherwise inappropriate or offensive as determined by SUITEKK in its sole discretion
6.2.4 Unauthorized activities
• Constitutes unauthorized or unsolicited advertising or bulk email ("spamming")
• Impersonates any person or entity, including SUITEKK employees or representatives
• Includes anyone's identification documents or sensitive financial information
6.2.5 Security threats
• Contains software viruses, malware, or other computer codes designed to disrupt, damage, or interfere with functionality
• Is designed to gain unauthorized access to systems, data, passwords, or information
• Interferes with the proper functioning of any software, hardware, or telecommunications equipment
6.3 System and infrastructure rules
You agree not to:
• Take any action that imposes or may impose an unreasonable or disproportionate load on our infrastructure
• Interfere with or attempt to interfere with the proper functioning of the Services
• Bypass, circumvent, or attempt to bypass security measures or access controls
• Run auto-responders or spamming software
• Use manual or automated software, devices, or processes to "crawl" or "spider" our Platform
• Harvest or scrape Content from the Services
• Otherwise violate our usage guidelines or policies
6.4 Intellectual property and reverse engineering
You agree not to:
• Decipher, decompile, disassemble, reverse-engineer, or attempt to derive source code, underlying ideas, or algorithms
• Modify, translate, or create derivative works of any part of the Services
• Copy, rent, lease, distribute, or transfer any rights you receive under this Agreement
You agree to comply with all applicable local, state, national, and international laws and regulations.
6.5 Reserved right to access and disclose
SUITEKK reserves the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to:
• Satisfy applicable law, regulation, legal process, or governmental request
• Enforce these Terms of Service, including investigation of potential violations
• Detect, prevent, or address fraud, security, or technical issues
• Respond to user support requests
• Protect the rights, property, and safety of SUITEKK, our users, and the public
7. Third-party services and links
7.1 External links
The Services may contain links to third-party websites, services, and resources on the Internet. Other websites may contain links to the Services. These third-party resources are not under our control.
7.2 No endorsement or responsibility
When you access third-party resources through the Services, you do so at your own risk. SUITEKK is not responsible or liable for:
• The content, functions, accuracy, legality, or appropriateness of third-party websites or resources
• Any damage or loss caused by use of or reliance on third-party content
• The inclusion of any link does not imply our endorsement of or association with the third-party operator
7.3 Third-party policies
You acknowledge and agree that SUITEKK is not responsible or liable for any third-party website policies or practices. You should carefully review the terms of service and privacy policies of any third-party services before providing personal information or using their services.
8. Payments and billing
8.1 Paid services
Certain features or courses offered through the Services may be subject to payments now or in the future ("Paid services"). The current Paid Services and their descriptions are available on our Platform.
Any payment terms presented to you during registration or use of Paid Services are deemed part of this Agreement.
8.2 Payment processing and third-party processors
SUITEKK uses third-party payment processors (the "Payment processor"), including Stripe, to process payments. By choosing to use Paid Services, you agree to:
• Pay all charges at the prices then in effect
• Authorize SUITEKK and the Payment Processor to charge your selected payment method
• Be bound by the terms, conditions, and privacy policies of the Payment Processor in addition to these Terms of Service
SUITEKK is not responsible for errors made by the Payment Processor.
8.3 Payment information and security
You agree to:
• Provide accurate, current, and complete payment information
• Authorize SUITEKK to charge your Payment Method for all charges
• Promptly update your payment information if it changes
• Immediately notify SUITEKK if your payment method is canceled or if you become aware of unauthorized use
Changes to payment information can be made at SUITEKK’s contact information below.
8.4 Recurring billing
Some Paid Services may include an initial period (free or at a one-time charge) followed by recurring charges.
By choosing a recurring payment plan, you:
• Acknowledge that such Services have recurring payment features
• Accept responsibility for all recurring charges
• Authorize SUITEKK to submit periodic charges without further authorization until you provide notice of termination
To terminate recurring charges: You must provide prior written notice to SUITEKK. Such notice will not affect charges already submitted.
Important: We may submit periodic charges (e.g., monthly) without further authorization from you until you provide notice of termination. Please allow a reasonable time for such notice to take effect.
8.5 Correction of errors
We reserve the right to correct any errors or mistakes in billing, even if payment has already been requested or received.
8.6 Taxes and VAT
You are responsible for all applicable taxes, value-added taxes (VAT), sales taxes, and similar charges related to your use of Paid Services. In certain jurisdictions, we may be required to collect and remit such taxes on your behalf.
9. Warranties and disclaimers
9.1 AS-IS provision
THE SERVICES AND CONTENT ARE PROVIDED "AS IS," "AS AVAILABLE," AND WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:
• IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE
• WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE OR USAGE OF TRADE
• ANY WARRANTY THAT THE SERVICES WILL BE SECURE, AVAILABLE, UNINTERRUPTED, ERROR-FREE, OR MEET YOUR REQUIREMENTS
9.2 No guarantees
SUITEKK, its directors, employees, agents, suppliers, partners, and content providers do not warrant that:
• The Services will be secure or available at any particular time or location
• Any defects or errors will be corrected
• Any Content or software available through the Services is free of viruses or harmful components
• The results of using the Services will meet your requirements
• The Services will function without interruption or errors
9.3 Interruptions and errors
SUITEKK does not guarantee that the Services will function without interruption or errors. The operation of the Services may be interrupted due to:
• Maintenance and system updates
• System or network failures
• Circumstances beyond our reasonable control
Such interruptions may result in errors or data loss. SUITEKK disclaims all liability for damages caused by such interruptions, errors, or data loss.
9.4 Disclaimer of liability for third parties
We have no special relationship with or fiduciary duty to you. You acknowledge that we have no duty regarding:
• Which users gain access to the Services
• What Content you access through the Services
• How you interpret or use the Content
9.5 State law limitations
Some jurisdictions do not allow limitations on implied warranties. To the extent such limitations are prohibited, they will not apply to you.
10. Limitation of liability
10.1 Liability cap
IN NO EVENT SHALL SUITEKK, NOR OUR DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS, OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE, OR ANY OTHER LEGAL THEORY WITH RESPECT TO THE SERVICES FOR:
1. Direct and/or indirect damages: Any lost profits, data loss, cost of procurement of substitute goods or services, or special, indirect, incidental, punitive, compensatory, or consequential damages of any kind (however arising)
2. Malware: Any bugs, viruses, Trojan horses, or similar malicious code (regardless of source)
10.2 Application to all users
This limitation applies to all users, whether you have given SUITEKK notice of the possibility of such damages.
11. Indemnification
11.1 Your indemnification obligation
You agree to defend, indemnify, and hold harmless SUITEKK, our affiliates, and each of our and their respective employees, contractors, directors, suppliers, and representatives from:
• All liabilities, claims, and expenses (including reasonable attorneys' fees)
• All claims arising from or relating to:
• Your use or misuse of the Services
• Your access to the Services
• Content you provide or generate
• Your violation of these Terms of Service
• Infringement of any intellectual property or other right by you or any third party using your Account or identity in connection with the Services
11.2 Our right to defend
We reserve the right to assume the exclusive defense and control of any matter otherwise subject to indemnification by you. In such cases, you agree to cooperate with us and assist in asserting any available defenses.
12. Governing law and jurisdiction
12.1 Governing law
These Terms of Service shall be governed by and construed in accordance with the laws of Switzerland, specifically:
• The laws of the Canton of Zurich
• The Federal laws of Switzerland
• Excluding Switzerland's conflict of law rules
12.2 Mandatory Swiss jurisdiction
All disputes arising from or relating to these terms of service, the Services, or your use of the platform shall be subject to the exclusive jurisdiction of the competent courts located in:
• Canton of Zurich
• District Court of Zurich (Bezirksgericht Zürich) or Higher Court of Zurich (Obergericht Zürich), depending on the value of the claim
You hereby submit to the exclusive jurisdiction of these courts and waive any objection based on inconvenient venue or any similar grounds.
12.3 Venue
Both parties agree that any legal proceedings shall be brought exclusively in the courts of the Canton of Zurich, and you irrevocably consent to the jurisdiction and venue of such courts.
13. Arbitration clause and class action waiver
13.1 Arbitration for EU/EEA residents (where applicable)
Note: This arbitration clause applies to users in the EU/EEA where Swiss courts are deemed inconvenient. However, the primary governing law and jurisdiction are Swiss (Section 12 above).
For EU/EEA residents who prefer arbitration, disputes may alternatively be resolved through binding arbitration in accordance with Swiss Rules of International Arbitration, before a single arbitrator, in Zurich, Switzerland, in English language proceedings.
13.2 Class action waiver
You agree that any dispute resolution process (whether in court or arbitration) will be conducted on an individual basis and not as part of any class action, collective action, or representative action. Neither you nor SUITEKK will participate in any class action or class-wide arbitration.
14. Modification of terms
14.1 Right to modify
SUITEKK reserves the right to modify or replace any of these Terms of Service at our sole discretion by:
• Posting notice on our Platform
• Sending you notice through the Services, via email, or by other appropriate means of electronic communication
14.2 Effect of changes
Your continued use of the Services after notification of any changes constitutes your acceptance of the modified Terms of Service. It is your responsibility to check these Terms periodically for changes.
14.3 Material changes
For material changes to these Terms, we will provide at least 30 days' notice prior to the changes taking effect. If you do not agree with the modified terms, you may discontinue use of the Services.
15. Termination
15.1 Termination by SUITEKK
SUITEKK may terminate or suspend your Account and access to the Services at any time, with or without cause, and with or without notice. Grounds for termination may include:
• Violation of these Terms of Service
• Unlawful or fraudulent activity
• Inappropriate use of the Services
• Any reason at our sole discretion
15.2 Effect of termination
Upon termination:
• Your right to use the Services immediately ceases
• Any Content you have uploaded may be deleted
• We may retain certain Personal Data as required by law or for legitimate business purposes
• Fees paid are non-refundable unless otherwise specified in writing
15.3 Survival
The following provisions survive termination: Limitation of Liability, Indemnification, Governing Law and Jurisdiction, and any other provision that by its nature should survive.
16. Miscellaneous
16.1 Entire agreement
These Terms of Service (including the Privacy Policy and Data Processing Addendum, where applicable) constitute the entire agreement between you and SUITEKK with respect to the Services and supersede all prior negotiations, understandings, and agreements, whether written or oral.
16.2 Severability
If any provision of these Terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that these Terms will remain in full force and effect. The failure to enforce any right shall not constitute a waiver of that right.
16.3 Force majeure
SUITEKK shall not be liable for any failure to perform obligations under these Terms where such failure results from any cause beyond our reasonable control, including:
• Mechanical, electronic, or communications failures
• Acts of God
• Natural disasters
• Government actions
• Other unforeseen events
16.4 Assignment
These Terms are personal to you and may not be assigned, transferred, or sublicensed by you except with our prior written consent. SUITEKK may assign, transfer, or delegate any of our rights and obligations without consent.
16.5 Agency and relationships
No agency, partnership, joint venture, or employment relationship is created by these Terms. Neither party has authority to bind the other in any respect.
16.6 Notices
Unless otherwise specified in these Terms, all notices will be in writing and deemed given when:
• Personally delivered
• Sent by certified or registered mail (return receipt requested)
• Electronically confirmed if sent by email
• The day after it is sent via recognized overnight delivery service
Electronic notices should be sent to: info@suitekk.com
16.7 No waiver
Our failure to enforce any part of these Terms shall not constitute a waiver of our right to enforce that or any other part. Waiver of compliance in one instance does not constitute waiver in future instances.
16.8 Headings
Section and paragraph headings in these Terms are for convenience only and do not affect their interpretation.
16.9 Language
These Terms of Service are provided in English. Any translation into other languages is for convenience only. In case of conflict, the English version prevails.
17. Complaints and contact information
If you have complaints, questions, or concerns regarding the Services or these Terms, please contact us:
SUITEKK GmbH
Address:
Splügenstrasse 10
8002 Zürich
Switzerland
Email:
Response Time: We will address complaints and inquiries within 30 days or as required by applicable law.
18. Regulatory compliance
18.1 Swiss regulatory compliance
SUITEKK operates in compliance with:
• Swiss Federal Act on Data Protection (FADP)
• Swiss Consumer Protection Laws
• Swiss E-Commerce Laws
• Applicable Swiss financial regulations
18.2 GDPR compliance
For users in the EU, EEA, or UK, the Services comply with the General Data Protection Regulation (GDPR).
18.3 General compliance
SUITEKK complies with all applicable laws, rules, and regulations in the jurisdictions where the Services are offered.
Effective date: April 2, 2026
Last updated: April 2, 2026
By using the Services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.
DATA PROCESSING ADDENDUM
SUITEKK GmbH
Last Updated: April 2, 2026
Effective Date: April 2, 2026
Preamble
This Data Processing Addendum ("DPA") is entered into by and between SUITEKK GmbH, a company domiciled at Splügenstrasse 10, 8002 Zürich, Switzerland ("SUITEKK" or "Data controller"), and any customer or user who provides SUITEKK with personal data of third parties ("Data exporter" or "Contracting party").
This DPA supplements and forms part of the Terms of Service and Privacy Policy between the parties (the "Principal agreement").
Purpose: This DPA establishes the terms and conditions governing the processing of personal data in accordance with:
• The Swiss Federal Act on Data Protection (FADP), effective September 1, 2023
• The General Data Protection Regulation (GDPR), EU Regulation (EU) No. 2016/679
• The UK GDPR and Data Protection Act 2018
• All other applicable data protection laws and regulations
This DPA is required where the Data Exporter is a controller under data protection laws who provides SUITEKK with personal data of data subjects (customers, employees, or other individuals) for processing in connection with the Services.
1. Definitions
1.1 Parties
• "Data exporter" (or "Contracting Party"): The customer or user who provides personal data to SUITEKK, acting as a controller under applicable data protection laws.
• "Data importer": SUITEKK GmbH, acting as a processor on behalf of the Data Exporter.
• "Processor": Any legal or natural person, public authority, agency, or other body which processes personal data on behalf of a controller (in this case, SUITEKK).
1.2 Definitions relating to data protection
• "Personal data": Any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
• "Processing": Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• "Data subject": The individual to whom personal data relates.
• "Data subject request": A request by a data subject to exercise rights such as access, rectification, erasure, data portability, restriction, objection, or withdrawal of consent.
• "Personal data breach": A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
1.3 Legal frameworks
• "FADP": The Swiss Federal Act on Data Protection of June 19, 1992, as revised by the Federal Act on Data Protection of September 25, 2020, effective September 1, 2023.
• "GDPR": The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.
• "UK GDPR": The GDPR as it forms part of the law of England and Wales and Scotland, Northern Ireland, and other parts of the United Kingdom.
• "Data protection laws": Collectively, the FADP, GDPR, UK GDPR, and all other applicable data protection laws and regulations.
• "Standard contractual clauses" (SCCs): The standard contractual clauses for the transfer of personal data to third countries approved by the European Commission (Commission Decision 2021/914) and the UK Addendum thereto.
• "Data privacy framework": The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and/or the Swiss-U.S. Data Privacy Framework, as applicable.
1.4 Other definitions
• "Subprocessor": Any natural or legal person, public authority, agency, or other body to which SUITEKK transfers personal data for processing, whether or not as part of a group of undertakings.
• "Processing activities": The specific operations performed on personal data, including the subject matter, nature, purposes, duration, types of personal data, and categories of data subjects.
2. Subject matter and scope
2.1 This DPA applies when
This DPA applies and becomes effective only when:
1. The Data Exporter (customer) provides personal data to SUITEKK relating to identifiable individuals (data subjects); AND
2. The Data Exporter acts as a "controller" or "joint controller" under Data Protection Laws with respect to such personal data; AND
3. SUITEKK processes such personal data on behalf of the Data Exporter in accordance with the Principal Agreement and this DPA.
2.2 Scope
This DPA governs the processing of all personal data provided by Data Exporter to SUITEKK in connection with:
• Registration and use of SUITEKK's Services
• Marketing and educational platform activities
• Online training program delivery and administration
• Customer support and communications
• Analytics and service optimization
• Any other processing activities specified in Exhibit A
2.3 Exclusions
This DPA does not apply to:
• Personal data processed by SUITEKK as an independent controller (such as SUITEKK's own contact information, billing data, or usage analytics used for business purposes), except as specified herein.
• Anonymous or aggregated data that cannot identify individuals.
• Data that has been properly pseudonymized and the Data Exporter cannot, alone or with SUITEKK, identify the individuals.
3. Roles and responsibilities
3.1 Data exporter's role and responsibilities
The Data exporter:
1. Acts as controller: Determines the purposes and means of processing personal data provided to SUITEKK.
2. Responsibility for lawfulness: Is solely responsible for ensuring that the provision of personal data to SUITEKK and the processing instructions are lawful and do not violate Data Protection Laws or the rights of data subjects.
3. Authority: Warrants that it has obtained all necessary consents, rights, and authorizations from data subjects to provide their personal data to SUITEKK for processing.
4. Accuracy and quality: Is responsible for the accuracy, quality, and legality of:
• All personal data provided to SUITEKK
• The means by which the personal data was obtained
• The processing instructions provided to SUITEKK
5. Compliance: Shall ensure that processing of personal data in accordance with SUITEKK's instructions will not cause SUITEKK to violate Data Protection Laws.
6. Instruction: Provides instructions to SUITEKK regarding the processing of personal data and ensures such instructions comply with Data Protection Laws.
7. Indemnification: Shall indemnify SUITEKK from all claims, damages, and losses arising from Data Exporter's violation of this DPA or Data Protection Laws.
3.2 SUITEKK'S Role And Responsibilities
SUITEKK:
1. Acts as processor: Processes personal data only on behalf of and in accordance with documented instructions from the Data Exporter.
2. Processing limitations: Shall not process personal data:
• For purposes other than those specified in the Principal Agreement and this DPA
• In a manner inconsistent with this DPA or the Data Exporter's documented instructions
• In violation of Data Protection Laws
3. Data protection officer: Designates a Data Protection contact person available to respond to data protection inquiries.
4. Authorized personnel: Ensures that individuals authorized to process personal data are bound by confidentiality or appropriate legal obligations.
5. Assistance and cooperation: Provides reasonable assistance and cooperation to the Data Exporter in:
• Responding to data subject requests
• Conducting data protection impact assessments
• Cooperating with regulatory authorities
• Investigating and responding to personal data breaches
6. Security: Implements appropriate technical and organizational measures to ensure security of personal data.
4. Scope of processing
4.1 Processing activities
The parties agree that the subject matter, nature, purpose, and duration of processing, as well as the types of personal data and categories of data subjects, are as follows:
Subject matter of processing:
• Personal data provided by Data Exporter customers, employees, or end-users through the Services
Duration of processing:
• For the term of the Principal Agreement and as long as necessary to fulfill contractual obligations
• Following termination, until deletion or return as required
Categories of data subjects:
• Data Exporter's customers, clients, and end-users
• Data Exporter's employees
• Other individuals whose personal data is provided by Data Exporter
Types of personal data:
• Identification data (name, email address, postal address, phone number)
• Account and registration information
• Payment and transaction information
• Course enrollment and progress data
• Communication and support data
• Device and usage data (IP address, browser type, device identifiers)
• Cookies and tracking data
• Any other personal data provided by Data Exporter
Purposes of processing:
• Providing the Services as specified in the Principal Agreement
• Delivering educational content and training programs
• Processing course registrations and payments
• Providing customer support
• Analyzing and improving the Services
• Complying with legal obligations
• Preventing fraud and ensuring security
4.2 Detailed processing information
Additional details regarding the processing are set forth in Exhibit A of this DPA.
5. Data exporter's instructions
5.1 Processing instructions
The Data exporter hereby instructs SUITEKK to process personal data:
1. As specified: In accordance with the Principal Agreement and this DPA
2. For stated purposes: For the purposes specified in Section 4
3. In compliance: With all requirements of Data Protection Laws
4. As directed: In accordance with any documented instructions from the Data Exporter
5.2 Modification of instructions
The Data Exporter may modify processing instructions by providing written notice to SUITEKK. SUITEKK shall implement reasonable modifications within a reasonable timeframe and shall inform the Data Exporter of any modifications that conflict with legal obligations or materially increase SUITEKK's compliance burden.
5.3 SUITEKK'S obligation to refuse unlawful instructions
If SUITEKK believes an instruction violates Data Protection Laws or breaches the rights of data subjects, SUITEKK shall immediately notify the Data Exporter. SUITEKK may refuse to execute instructions it reasonably believes violate Data Protection Laws.
6. Confidentiality and access
6.1 Confidentiality obligations
SUITEKK shall ensure that:
1. All personnel, employees, and agents authorized to access personal data are:
• Bound by written confidentiality obligations
• Trained in data protection obligations
• Subject to strict limitations on access
2. Access to personal data is limited to those with a need to know for the purposes of performing their duties.
3. Confidentiality obligations survive the termination of employment or engagement.
6.2 Authorized personnel
SUITEKK may disclose personal data to:
• Its employees and contractors who need access to perform their functions
• Its advisors, auditors, and professional service providers as reasonably required
• Subprocessors authorized under Section 7
7. Subprocessors
7.1 Authorization of subprocessors
The Data exporter acknowledges and agrees that SUITEKK may engage subprocessors (including its affiliates and third-party service providers) to process personal data. By accepting this DPA, the Data Exporter provides general authorization for SUITEKK to:
1. Engage its Affiliates to process personal data
2. Engage third-party subprocessors as necessary to provide the Services
3. Transfer personal data to subprocessors in jurisdictions outside the EEA, UK, or Switzerland
7.2 List of subprocessors
The list includes:
• Cloud infrastructure providers (hosting and data storage)
• Payment processors (transaction processing)
• Email and communication service providers
• Analytics and analytics providers
• Customer support service providers
• Marketing and advertising partners
7.3 Notification and objection Process
Notice of new subprocessors:
• At least 15 days before engaging a new subprocessor, SUITEKK will notify the Data Exporter in writing
• SUITEKK will update the subprocessor list and make it available to the Data Exporter
• The Data Exporter may object to the engagement of a new subprocessor on reasonable grounds relating to data protection
Objection procedure:
• Data Exporter must object in writing within 15 days of receiving notice
• The objection must be based on reasonable grounds related to data protection
• If SUITEKK receives an objection, SUITEKK and Data Exporter will meet to discuss alternative arrangements
• If no suitable alternative is available, the Data Exporter may discontinue use of the affected Services
7.4 SUITEKK'S subprocessor agreements
SUITEKK shall:
1. Impose equivalent data protection obligations on subprocessors through written agreements
2. Remain liable to the Data Exporter for subprocessor performance
3. Ensure subprocessors provide sufficient guarantees of data protection compliance
4. Take all reasonable steps to ensure subprocessor compliance with data protection laws
7.5 International transfers through subprocessors
Where SUITEKK engages subprocessors in jurisdictions outside the EEA, UK, or Switzerland, SUITEKK shall ensure appropriate transfer mechanisms are in place (Data Privacy Framework, Standard Contractual Clauses, or equivalent).
8. Data subject rights
8.1 Assistance with data subject requests
SUITEKK's obligations:
1. Notification: Upon receipt of any Data Subject Request, SUITEKK shall, without undue delay:
• Notify the Data Exporter of the request
• Provide the Data Exporter with copies of the request
• Not respond directly to the data subject unless instructed by Data Exporter or required by law
2. Cooperation: SUITEKK shall provide reasonable cooperation and assistance to enable the Data Exporter to respond to Data Subject Requests, including:
• Providing access to personal data in the requested format
• Assisting with erasure or restriction of processing
• Facilitating data portability requests
• Providing information necessary to demonstrate compliance
3. Technical capabilities: SUITEKK shall, where technically feasible:
• Allow the Data Exporter to exercise data subject rights through the Services
• Provide tools for managing data subject preferences and consents
• Facilitate the transmission of data in machine-readable formats
8.2 Data subject request types
Data subject requests typically include requests for:
• Access: Obtaining copies of personal data and information about its processing
• Rectification: Correcting inaccurate or incomplete personal data
• Erasure: Deletion of personal data ("right to be forgotten")
• Restriction: Limiting processing of personal data
• Portability: Receiving personal data in a structured, commonly-used format
• Objection: Opposing certain processing activities
• Automated decision-making: Objecting to automated profiling or decisions
8.3 Expenses
SUITEKK may charge reasonable costs for assistance with Data Subject Requests, particularly for:
• Requests that are manifestly excessive or repetitive
• Requests requiring significant additional labor
• Requests for audits or inspections
9. Security measures
9.1 Technical and organizational measures
SUITEKK shall maintain appropriate technical and organizational measures, taking into account:
• The state of the art in technology
• The costs of implementation
• The nature, scope, context, and purposes of processing
• The risks posed to data subjects' rights and freedoms
• The need to ensure effectiveness and proportionality
9.2 Security measures include
Access control:
• Authentication mechanisms (usernames, passwords, multi-factor authentication)
• Authorization controls limiting access to authorized personnel
• Regular review of access privileges
• Immediate revocation upon termination of employment
Encryption:
• Encryption of personal data in transit (TLS/HTTPS)
• Encryption of sensitive personal data at rest
• Industry-standard encryption algorithms and key management
Data minimization:
• Processing only the personal data necessary for stated purposes
• Regular review and deletion of unnecessary data
• Pseudonymization and anonymization where possible
Infrastructure security:
• Firewalls and intrusion detection systems
• Regular security patches and updates
• Anti-malware and anti-virus protection
• Network segmentation
Monitoring and audit:
• Continuous monitoring for unauthorized access or suspicious activity
• Regular security audits and penetration testing
• Logging of access to personal data
• Regular review of security logs
Incident response:
• Documented procedures for responding to security incidents
• Regular testing of incident response procedures
• Prompt remediation of identified vulnerabilities
Physical security:
• Restricted access to facilities housing personal data
• Surveillance and access controls
• Secure disposal of equipment and media
Vendor security:
• Security requirements for all subprocessors and service providers
• Regular assessments of vendor compliance
• Contractual obligations ensuring security measures
9.3 Description of security measures
A more detailed description of SUITEKK's technical and organizational security measures is set forth in Exhibit B of this DPA.
10. International transfers
10.1 Processing locations
The Data Exporter acknowledges that SUITEKK's primary processing operations are located in Zürich, Switzerland. Personal data may also be processed in:
• Other locations in Switzerland
• The European Union/EEA (by affiliated entities or subprocessors)
• The United States (by Podia Labs, Inc., as hosting and infrastructure provider)
• Other jurisdictions as necessary to provide the Services
10.2 Adequacy of transfers
For transfers of personal data from the EEA, UK, or Switzerland to jurisdictions where the European Commission or UK Secretary of State has not issued an adequacy decision (such as the United States), SUITEKK shall:
1. Rely on data privacy framework: Where applicable, SUITEKK shall rely on the Data Privacy Framework for valid transfers
2. Standard contractual clauses: Where Data Privacy Framework does not apply, SUITEKK shall ensure transfers are made pursuant to approved Standard Contractual Clauses
3. Additional safeguards: SUITEKK shall implement supplementary measures to ensure legally adequate protection
10.3 Transfers subject to GDPR and UK GDPR
Transfers of personal data from the EEA or UK shall be made in accordance with the following:
For EEA transfers:
• The EU-U.S. Data Privacy Framework (if available and applicable), OR
• Module Two (Controller-to-Processor) of the Standard Contractual Clauses, as amended and completed in this DPA
For UK transfers:
• The UK Extension to the EU-U.S. Data Privacy Framework, OR
• The UK Addendum to the Standard Contractual Clauses, as amended and completed in this DPA
10.4 Transfers from Switzerland
Transfers of personal data subject to the FADP shall be made in accordance with the following:
Transfer mechanisms:
1. The Swiss-U.S. Data Privacy Framework (if available and applicable), OR
2. The EU-U.S. Data Privacy Framework, applied by analogy to Swiss data protection law, OR
3. The Standard Contractual Clauses, adapted for Swiss law (as set forth in this Section)
Supplementary measures:
• SUITEKK shall implement additional protective measures to ensure compliance with Swiss data protection standards
• SUITEKK shall cooperate with the Swiss Federal Data Protection and Information Commissioner (FDPIC) on any inquiries
10.5 Standard contractual clauses (SCCs)
Incorporation by reference:
The Standard Contractual Clauses (Commission Decision 2021/914, as amended) are deemed incorporated into this DPA by reference and shall apply to all transfers of personal data subject to this provision.
Key terms:
1. Module: Module Two (Controller-to-Processor) applies where the Data Exporter is the controller and SUITEKK is the processor
2. Jurisdiction: In Clause 17, the SCCs shall be governed by the laws of the Republic of Ireland
3. Dispute resolution: In Clause 18(b), disputes shall be resolved before the courts of the Republic of Ireland
4. Docking clause: The optional docking clause in Clause 7 does not apply
5. Subprocessor authorization: General written authorization (Option 2 in Clause 9) applies
6. Notice period: The minimum time period for notice of subprocessor changes is 15 days (as specified in Section 7 of this DPA)
SCCs amendments:
• All square brackets in Clause 13 are hereby removed
• Where SCCs reference EU GDPR, they shall also be interpreted to include the FADP and UK GDPR, as applicable
11. Data protection impact assessments (DPIA)
11.1 SUITEKK'S assistance with DPIA
SUITEKK shall provide reasonable cooperation and assistance to the Data Exporter in conducting Data Protection Impact Assessments ("DPIA") where required by law, including:
1. Providing information about the processing activities, technical and organizational measures, and security safeguards
2. Describing the nature and purposes of processing, categories of personal data, and categories of data subjects
3. Assisting in identifying risks to data subject rights and freedoms
4. Providing information about risk mitigation measures
11.2 DPIA timing
A DPIA is typically required when:
• Processing involves high-risk activities
• Large-scale processing is conducted
• Automated decision-making is used
• Processing of sensitive categories of data is involved
• Processing uses new technologies
11.3 Shared responsibility
While SUITEKK shall cooperate in DPIA activities, the Data Exporter retains ultimate responsibility for conducting and maintaining the DPIA as required by law.
12. Breach notification and response
12.1 SUITEKK'S breach notification obligations
Notification duty:
Upon discovering or learning of a Personal Data Breach, SUITEKK shall:
1. Promptly notify: Inform the Data Exporter of the breach without undue delay and, in any case, within 72 hours (or as otherwise required by applicable law)
2. Provide information: Include the following information:
• Description of the breach and affected personal data
• Likely consequences of the breach
• Measures taken or proposed to address the breach and mitigate harm
• Identity and contact details of the person responsible for providing further information (SUITEKK's data protection contact)
3. Cooperation: Provide reasonable cooperation and assistance to enable the Data Exporter to:
• Notify affected data subjects as required
• Notify relevant supervisory authorities
• Manage the breach response
12.2 Investigation and remediation
SUITEKK shall:
1. Investigate: Conduct a prompt investigation into the cause of the breach
2. Remediate: Take steps reasonably necessary to remediate the breach and prevent recurrence
3. Document: Maintain documentation of the breach, investigation, and remediation
12.3 SUITEKK'S breach response
SUITEKK may, at its sole discretion:
1. Implement emergency security measures
2. Restrict or suspend processing of affected data
3. Implement additional monitoring or logging
4. Engage forensic experts or specialized responders
12.4 Data exporter's notification obligations
The Data Exporter remains responsible for:
1. Notifying data subjects of breaches as required by law (typically where there is risk to their rights or freedoms)
2. Notifying supervisory authorities as required
3. Determining whether notification to third parties is appropriate
4. Managing public communications regarding the breach
12.5 Exception for data exporter's actions
SUITEKK's obligation to report or respond to a breach does not apply if the breach results from:
• Actions or omissions of the Data Exporter
• Misuse of the Services by the Data Exporter or its personnel
• Failure by the Data Exporter to implement security measures it controls
SUITEKK's provision of breach notification does not constitute admission of fault or liability.
13. Audits, inspections, and compliance verification
13.1 SUITEKK'S compliance records
SUITEKK shall:
1. Maintain records: Keep records demonstrating compliance with this DPA and Data Protection Laws
2. Retention period: Retain records for at least three (3) years after termination of the Principal Agreement
3. Access: Make records available for review by the Data Exporter upon reasonable request
13.2 Audits and inspections
Data exporter's right:
The Data Exporter may:
1. Request certifications: Request copies of certifications or reports demonstrating SUITEKK's compliance with data security standards (such as SOC 2, ISO 27001, or equivalent)
2. Conduct audits: Request that SUITEKK allow an independent, qualified third-party auditor to conduct an audit or inspection of SUITEKK's data security infrastructure and procedures, provided:
• The Data Exporter provides reasonable prior written notice (at least 30 days)
• The audit is not unduly disruptive to SUITEKK's business
• The audit occurs during normal business hours
• No more than one (1) audit per calendar year
• The audit is restricted to data relevant to the Data Exporter
SUITEKK's cooperation:
SUITEKK shall reasonably cooperate with audits and inspections.
13.3 Audit costs
The Data Exporter shall bear all costs associated with audits and inspections, including:
• Auditor fees
• Reimbursement to SUITEKK for time and resources expended
• Any disruption to business operations
13.4 Supervisory authority access
SUITEKK shall:
1. Cooperate: Cooperate fully with any supervisory authority investigating data protection compliance
2. Provide information: Provide information and documentation as requested
3. Grant access: Grant access to facilities and systems as required by law
4. Notify data exporter: Promptly notify the Data Exporter of any regulatory investigation or request
14. Return and deletion of data
14.1 Upon termination
Following termination or expiration of the Principal Agreement, at the Data Exporter's written election, SUITEKK shall:
Option 1 - Return data:
• Return all personal data to the Data Exporter in a structured, commonly-used, machine-readable format
• Provide access for the Data Exporter to retrieve personal data
• Ensure data remains secure during the return process
Option 2 - Delete data:
• Delete all personal data from SUITEKK's systems
• Destroy all copies except where retention is required by law
• Provide certification of deletion upon request
14.2 Retention exceptions
SUITEKK may retain personal data if retention is:
1. Required by law: Mandated by applicable law, regulation, or court order
2. Legally permitted: Necessary for SUITEKK's legal, tax, or financial obligations
3. Technical limitation: Impracticable to return or delete due to technical constraints
14.3 Data blocking
Where return or deletion is impracticable or prohibited by law:
1. SUITEKK shall block personal data from further processing
2. SUITEKK shall continue to protect the data appropriately
3. Processing shall be limited only to:
• Legal compliance requirements
• Continuation of hosting or backup processes
14.4 Certification
Upon the Data Exporter's request, SUITEKK shall provide written certification confirming deletion or return of personal data.
15. Amendments and updates
15.1 Changes to DPA
SUITEKK may amend this DPA to:
1. Reflect legal changes: Comply with changes in Data Protection Laws
2. Improve security: Enhance data security or privacy protections
3. Update processes: Modify processing activities within the scope of the Principal Agreement
15.2 Notice of changes
SUITEKK shall provide the Data Exporter with:
• At least 30 days' written notice of material changes
• Explanation of the reasons for changes
• Opportunity for the Data Exporter to provide input or feedback
15.3 Effect of changes
• The Data Exporter may object to changes on reasonable data protection grounds
• Continued use of the Services after changes take effect constitutes acceptance
• The Data Exporter may terminate the Services if unable to accept changes
16. Entire agreement and conflicting terms
16.1 Hierarchy of documents
In the event of any conflict or inconsistency between documents, the following order of precedence applies:
1. The Standard Contractual Clauses (where applicable)
2. This Data Processing Addendum
3. The Principal Agreement (Terms of Service)
4. SUITEKK's Privacy Policy
16.2 Incorporation
This DPA, together with the Principal Agreement and Privacy Policy, constitutes the entire agreement regarding the processing of personal data between the parties.
16.3 Precedence over prior agreements
This DPA supersedes any previous DPA or data protection agreement between the parties.
17. Severability and dispute resolution
17.1 Severability
If any provision of this DPA is found to be invalid or unenforceable under applicable law, such provision shall be:
• Limited or eliminated to the minimum extent necessary
• Replaced with a provision that achieves the original economic and legal purpose
• Not affect the validity or enforceability of remaining provisions
17.2 Dispute resolution
Disputes arising from or related to this DPA shall be:
1. First attempt: Subject to good-faith negotiations between the parties
2. Escalation: If not resolved, escalated to senior management
3. Jurisdiction: Resolved under the governing law and jurisdiction provisions of the Principal Agreement (Swiss courts)
4. Data protection authority: Either party may refer the dispute to the competent supervisory authority
18. Contact information
18.1 SUITEKK'S data protection contact
For all inquiries, requests, and notices relating to this DPA:
SUITEKK GmbH
Mailing address:
Splügenstrasse 10
8002 Zürich
Switzerland
Email:
Response time: SUITEKK shall respond to inquiries within 30 days or as required by applicable law.
18.2 Data exporter's contact
The Data Exporter shall maintain current contact information for data protection inquiries and shall promptly update SUITEKK of any changes.
19. Exhibits
19.1 Exhibit A - Details of processing
Exhibit A contains detailed information about:
• Nature and purpose of processing
• Duration of processing
• Categories of data subjects
• Categories of personal data
• Special categories of data
• Processing locations and recipients
19.2 Exhibit B - Security measures
Exhibit B contains a detailed description of SUITEKK's technical and organizational security measures.
19.3 Exhibit C - Standard contractual clauses
Exhibit C contains the applicable Standard Contractual Clauses for international transfers (where necessary).
Exhibit A: Details of processing
Nature and purpose of processing
Primary purposes:
• Providing educational services, training programs, and course delivery
• Processing course registrations and payments
• Managing customer accounts and subscriptions
• Delivering educational content and resources
• Providing customer support and responding to inquiries
• Generating certificates and tracking progress
• Analyzing usage patterns to improve Services
Secondary purposes:
• Fraud prevention and security management
• Compliance with legal and regulatory obligations
• Business operations (accounting, audits, tax compliance)
• Service optimization and platform maintenance
Duration of processing
• Active processing: For the duration of the Data Exporter's use of the Services
• Post-termination: Data retained as required by law or for legitimate business purposes, typically 3 years
• Total retention: Not to exceed 10 years from last use or as required by law
Categories of data subjects
• End-users and customers of the Data Exporter
• Employees of the Data Exporter
• Business partners and other authorized individuals
• Website visitors and prospective customers
Categories of personal data processed
• Identification data: Name, email address, postal address, telephone number
• Account information: Username, account preferences, profile data
• Financial data: Payment information (processed by third parties), transaction history, invoice data
• Educational data: Course enrollments, progress, certifications, performance metrics
• Communication data: Support inquiries, feedback, messages
• Technical data: IP address, browser type, device identifiers, usage logs
• Behavioral data: Pages visited, time spent, interaction patterns, cookies
Processing locations
• Primary: Zürich, Switzerland (SUITEKK headquarters)
• Secondary: Cloud infrastructure operated by Podia Labs, Inc. (United States)
• Subprocessors: As listed in SUITEKK's current subprocessor list
Frequency of transfers
• Continuous: Data is transferred continuously as the Data Exporter uses the Services
• Backup: Daily or periodic backups of data
• Export: Data may be exported by Data Exporter on demand
Exhibit B: Security measures
Access control
1. Authentication:
• Unique username and password required for account access
• Multi-factor authentication available and recommended
• Session timeouts for security
2. Authorization:
• Role-based access controls limiting employee access
• Principle of least privilege for internal staff
• Regular review of access permissions
3. Monitoring:
• Logging of all access to personal data
• Alert systems for suspicious access patterns
• Regular review of access logs
Data encryption
1. In transit:
• HTTPS/TLS encryption (SSL) for all data transmission
• Industry-standard encryption protocols
• Secure certificate management
2. At rest:
• Encryption of sensitive personal data
• Secure key management and storage
• Encrypted backups
Infrastructure security
1. Firewalls and networks:
• Enterprise-grade firewalls
• Network segmentation
• Intrusion detection and prevention systems
2. Servers and storage:
• Secure cloud hosting infrastructure
• Regular security patches and updates
• Anti-malware and anti-virus protection
• Redundancy and disaster recovery
3. Physical security:
• Restricted access to facilities
• Surveillance systems
• Secure disposal of equipment and media containing personal data
Monitoring and incident response
1. Continuous monitoring:
• Real-time monitoring of systems for unauthorized access
• Suspicious activity alerts
• Regular vulnerability scanning and penetration testing
2. Incident response:
• Documented incident response procedures
• Rapid containment and remediation
• Forensic investigation capabilities
• Regular testing and updating of incident response plans
Data minimization and retention
1. Minimization:
• Collection only of personal data necessary for stated purposes
• Regular review and deletion of unnecessary data
• Pseudonymization and anonymization where appropriate
2. Retention policies:
• Clear retention schedules based on legal and business requirements
• Automatic deletion of data following retention periods
• Secure destruction of media containing personal data
Vendor and third-party management
1. Subprocessor agreements:
• Written data processing agreements with all subprocessors
• Security requirements and standards incorporated
• Regular assessment of vendor security compliance
2. Due diligence:
• Pre-engagement security reviews of vendors
• Ongoing compliance monitoring
• Right to audit vendor security measures
Training and personnel security
1. Staff training:
• Data protection training for all employees
• Regular updates on security threats and best practices
• Specialized training for employees handling personal data
2. Background checks:
• Background checks for employees with personal data access
• Confidentiality agreements for all staff
Exhibit C: Standard contractual clauses
(For transfers of personal data outside the EEA/UK/Switzerland to jurisdictions without adequate level of protection)
The parties agree that personal data transfers are governed by:
1. EU-U.S. Data Privacy Framework (where applicable), or
2. UK Extension to the EU-U.S. Data Privacy Framework (where applicable), or
3. Swiss-U.S. Data Privacy Framework (where applicable), or
4. Module Two of the Standard Contractual Clauses (Commission Decision 2021/914, as amended), where the above frameworks do not apply
The Standard Contractual Clauses are deemed incorporated by reference into this DPA and shall be interpreted in accordance with Section 10 of this DPA.
Signatures
By entering into the Principal Agreement (Terms of Service) and accepting this DPA, both parties are deemed to have signed this Data Processing Addendum as of the Effective Date.
SUITEKK GmbH
Date: April 2, 2026
By using the Services and accepting the Terms of Service, you acknowledge your acceptance of this Data Processing Addendum.
Effective date: April 2, 2026
Last updated: April 2, 2026
Final notes
This Data Processing Addendum is designed to ensure compliance with:
• The Swiss Federal Act on Data Protection (FADP), effective September 1, 2023
• The General Data Protection Regulation (GDPR)
• The UK GDPR and Data Protection Act 2018
• All other applicable data protection laws
For questions regarding this DPA or data protection compliance, please contact SUITEKK at info@suitekk.com.