Back to Home
Litry Logo

Data Processing Addendum

Effective Date: August 14, 2025

When we process personal data on your instructions

Controller vs Processor
When we process personal data on your instructions (e.g., within files you upload), Litry acts as processor and you act as controller.

1Our Commitments

As a processor, Litry will:

Process only on documented instructions

We will only process personal data according to your written instructions via our service.

Ensure confidentiality

All personnel with access to personal data are bound by confidentiality obligations.

Implement appropriate security

Technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

Engage subprocessors under written terms

All subprocessors are contractually bound to the same data protection standards. See our /subprocessors page.

Assist with data subject requests

We will help you respond to requests from individuals regarding their personal data.

Assist with security incidents

We will notify you of any personal data breaches and assist with incident response.

Delete or return personal data

At the end of services, we will delete or return all personal data as requested.

Demonstrate compliance

We will make information available to demonstrate compliance and allow audits on reasonable notice.

2International Transfers

International transfers are made only with appropriate safeguards including:

  • UK International Data Transfer Addendum (UK IDTA)
  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions where available

3Data Subject Rights

As the controller, you remain responsible for:

  • Responding to data subject access requests
  • Processing rectification and erasure requests
  • Managing objections and restriction requests

We will assist you in fulfilling these obligations by providing relevant information and taking appropriate technical measures.

4Security Measures

Our technical and organizational measures include:

Technical Measures

  • • Encryption in transit and at rest
  • • Access controls and authentication
  • • Regular security monitoring
  • • Secure data centers

Organizational Measures

  • • Staff training and confidentiality
  • • Incident response procedures
  • • Regular audits and reviews
  • • Data minimization principles

5Contact & Audit Rights

For DPA-related queries, compliance questions, or to exercise audit rights:

Data Protection Officer

Email: legal@litry.org

Include "DPA" in the subject line for faster routing

Audit requests will be accommodated on reasonable notice and during normal business hours. Remote audits may be conducted via questionnaires and document reviews.