Version 2025-01-01

Data Processing Addendum

This addendum is intended for EU/UK GDPR compliance. Replace this template with counsel-approved text tailored to your operations and subprocessors.

Roles

The customer organization is the data controller. Safain is the data processor and processes personal data only on documented instructions from the controller.

Processing Details

Purpose: provide CRM functionality for contacts, events, and donations.
Data types: contact details, donation records, Gift Aid declarations, audit logs.
Data subjects: congregation members, donors, volunteers, staff.
Duration: for the term of the subscription and subject to retention policies.

Security

Safain implements access controls, encryption of sensitive data, monitoring, and incident response procedures appropriate to the risk and data sensitivity.

Subprocessors

Approved subprocessors include AWS (hosting), Stripe (billing and Connect), Google Places (address autocomplete), and email delivery providers. We provide notice before adding new subprocessors where required.