Data Processing Addendum (DPA)

Last updated: September 12^th, 2025

This Data Processing Addendum (“DPA”) forms part of the Ticlick Terms of Service (the “Agreement”) available at ticlickcrm.com/legal/terms. It applies to the extent Ticlick processes Personal Data on behalf of Customers in providing the Services. By using the Services, you agree that this DPA governs Ticlick’s processing of Personal Data.

1. Definitions

• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Customer Data” means data submitted by or on behalf of the Customer, including Personal Data.
• “Processing” has the meaning set out in GDPR (Art. 4).
• “Applicable Laws” means all privacy and data protection laws, including GDPR and CCPA.
• Other capitalized terms have the meaning given in the Agreement.

2. Roles of the Parties

• The Customer acts as the Data Controller.
• Ticlick acts as the Data Processor, processing Personal Data on behalf of the Customer.

3. Scope of Processing

• Ticlick will only process Customer Data:
• – to provide the Services;
• – in accordance with the Customer’s documented instructions; and
• – as required by law.

4. Ticlick’s Obligations

• Implement appropriate technical and organizational security measures.
• Ensure staff who process Personal Data are bound by confidentiality obligations.
• Notify the Customer of any Personal Data Breach without undue delay (no later than 72 hours where feasible).
• Assist the Customer with data subject rights requests and compliance obligations.
• Maintain records of processing activities.

5. Customer’s Obligations

• Ensuring it has a lawful basis for processing Personal Data.
• Providing necessary notices and obtaining consents.
• Ensuring Customer Data is accurate, complete, and lawful.

6. Sub-processors

• Ticlick may engage sub-processors to support the Services.
• A list of approved sub-processors is available at ticlickcrm.com/legal/subprocessors.
• Ticlick will ensure sub-processors are bound by obligations equivalent to this DPA.

7. International Data Transfers

• Ticlick may transfer Personal Data outside the country of origin.
• Where required, Ticlick will use approved safeguards such as Standard Contractual Clauses (SCCs).

8. Data Retention & Deletion

• Upon termination of the Services, Ticlick will retain Customer Data for 30 days to allow export.
• After 30 days, Ticlick will securely delete or anonymize Customer Data, unless retention is required by law.

9. Audit Rights

• The Customer may request reasonable information about Ticlick’s data protection compliance.
• Independent audits may be conducted at Customer’s cost, subject to reasonable notice and confidentiality.

10. Liability

• Each party’s liability under this DPA is subject to the limitations of liability set out in the Agreement.

11. Governing Law

• This DPA is governed by the laws of the State of Delaware, consistent with the Agreement.

Note for Enterprise Customers: If you require a signed copy of this DPA, please contact us at ticlick@ticlickcrm.com.