HomeProduct Solutions Resources PricingCustomersBlog
Signup for Free
View Demo
Capabilities
Platform
View Demo
Learn
GrowthHive Community
Templates
View Demo
Industry
Platform
View Demo

Legal

Data Processing Addendum

Last Updated: Jun 10, 2026

This Data Processing Addendum ("DPA") forms part of the agreement between Softronics Systems Pvt Ltd. ("SmartTask", "Processor", "we", "us", or "our") and the customer that uses the SmartTask Service ("Customer", "Controller", "you", or "your").

This DPA applies when SmartTask Processes Personal Data on behalf of Customer in connection with the provision of the Service.

In the event of any conflict between this DPA and the Agreement with respect to the Processing of Personal Data, this DPA shall prevail.

1. Definitions#

"Applicable Laws" means all applicable laws, regulations, and governmental requirements relating to privacy, data protection, cybersecurity, or the Processing of Personal Data, including where applicable Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, the UK Data Protection Act 2018, the Swiss Federal Act on Data Protection, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), the Digital Personal Data Protection Act, 2023 (India), and any successor legislation.

"Controller", "Processor", "Data Subject", "Personal Data", "Process", and "Processing" shall have the meanings assigned under Applicable Laws.

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

"Service" means the SmartTask software, applications, websites, and related services provided under the Agreement.

"Standard Contractual Clauses" or "EU SCCs" means the standard contractual clauses adopted pursuant to Commission Implementing Decision (EU) 2021/914, as amended, replaced, or superseded from time to time.

"Subprocessor" means any third party or affiliate engaged by SmartTask to Process Personal Data on behalf of SmartTask in connection with the Service.

2. Scope and Roles#

Customer acts as the Controller and SmartTask acts as the Processor with respect to Personal Data Processed under the Agreement.

Where Customer acts as a Processor on behalf of another Controller, Customer appoints SmartTask as its subprocessor and represents that it has authority to do so.

Customer represents and warrants that it has obtained and shall maintain all rights, consents, permissions, and legal bases required under Applicable Laws to collect, use, and provide Personal Data to SmartTask for Processing in connection with the Service.

Customer is responsible for determining whether the Service is appropriate for its intended use, configuring and using the Service in compliance with Applicable Laws, and obtaining any consents, permissions, or notices required in connection with its use of the Service.

3. Processing Instructions#

SmartTask shall Process Personal Data only:

  • To provide, maintain, support, secure, and improve the Service;
  • In accordance with Customer's documented instructions as set forth in the Agreement and this DPA;
  • As required by Applicable Laws.

SmartTask shall not sell, rent, or otherwise disclose Personal Data for purposes unrelated to providing the Service, except where required by Applicable Laws or expressly authorized by Customer.

If SmartTask believes a Customer instruction violates Applicable Laws, SmartTask may notify Customer and suspend the affected Processing until the matter is resolved.

4. Subprocessors#

Customer authorizes SmartTask to engage Subprocessors in connection with providing the Service.

SmartTask maintains a current list of Subprocessors at: https://www.smarttask.io/legal/subprocessors

SmartTask may update its Subprocessors from time to time. Where reasonably practicable, SmartTask will provide advance notice of material changes.

Customer may reasonably object to a new Subprocessor by providing written notice within ten (10) business days of receiving notice.

Prior to engaging a Subprocessor, SmartTask shall undertake reasonable due diligence and require the Subprocessor to enter into written obligations regarding the protection, confidentiality, and security of Personal Data that are substantially similar to those contained in this DPA.

SmartTask shall remain responsible for compliance with its obligations under this DPA in connection with its use of Subprocessors. However, SmartTask shall not be responsible for independent acts, omissions, or security incidents of a Subprocessor that are outside SmartTask's reasonable control.

5. Security#

SmartTask shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Such measures include, where appropriate:

  • Encryption of data in transit;
  • Authentication and access controls;
  • Role-based permissions;
  • Logging and monitoring;
  • Backup and disaster recovery procedures;
  • Vulnerability management processes;
  • Personnel confidentiality obligations.

SmartTask may modify its security measures from time to time provided that such modifications do not materially reduce the overall level of protection.

SmartTask shall ensure that personnel authorized to Process Personal Data are subject to appropriate confidentiality obligations.

6. Personal Data Breach#

SmartTask shall notify Customer of a confirmed Personal Data Breach without undue delay and, where reasonably practicable, within seven (7) days after becoming aware of the breach.

To the extent available, the notification shall include:

  • The nature of the breach;
  • Categories of affected Personal Data;
  • Likely consequences of the breach;
  • Measures taken or proposed to address the breach.

Notification of a Personal Data Breach shall not constitute an admission of fault or liability.

7. Data Subject Requests#

To the extent legally permitted, SmartTask shall promptly notify Customer if SmartTask receives a request from a Data Subject regarding Personal Data Processed on Customer's behalf.

Taking into account the nature of the Processing, SmartTask shall provide commercially reasonable assistance to enable Customer to respond to such requests where required by Applicable Laws except where such assistance would require material development work, system modifications, or disproportionate effort.

SmartTask may charge reasonable fees for assistance that requires material development work, system modifications, professional services, or disproportionate effort.

8. Data Protection Impact Assessments#

Taking into account the nature of the Processing and information available to SmartTask, SmartTask shall provide reasonable assistance through available documentation and information maintained in the ordinary course of business.

Any assistance requiring material time, effort, or resources beyond information maintained in the ordinary course of business may be subject to reasonable fees.

9. International Data Transfers#

Customer authorizes SmartTask and its Subprocessors to Process Personal Data internationally as necessary to provide the Service.

Personal Data may be Processed in regions where SmartTask or its Subprocessors operate, including India, the United States, EU and Southeast Asia.

Where Personal Data is transferred from the European Economic Area, United Kingdom, or Switzerland to a jurisdiction that has not been recognized as providing an adequate level of protection, SmartTask shall implement an appropriate transfer mechanism recognized under Applicable Laws.

Where required, the Parties agree that the Standard Contractual Clauses are incorporated into this DPA by reference.

For transfers governed by United Kingdom data protection laws, the UK International Data Transfer Addendum shall apply where required by Applicable Laws.

10. Audits#

Upon reasonable written request and no more than once per calendar year, Customer may request information reasonably necessary to demonstrate SmartTask's compliance with this DPA.

SmartTask may satisfy such requests through documentation, certifications, audit reports, security questionnaires, or similar materials.

Any audit shall be conducted during normal business hours, upon reasonable advance notice, and in a manner that minimizes disruption to SmartTask's operations and protects the confidentiality, security, and privacy of SmartTask and its other customers. Customer shall bear all costs and expenses associated with any audit.

11. Return and Deletion of Personal Data#

Upon Customer's written request, SmartTask shall delete or anonymize Personal Data within a commercially reasonable period in accordance with its data retention practices and Applicable Laws.

Notwithstanding the foregoing, SmartTask may retain Personal Data:

  • As required by Applicable Laws;
  • In backup systems maintained pursuant to disaster recovery procedures;
  • As necessary to establish, exercise, or defend legal claims.

Any retained Personal Data shall remain subject to the protections of this DPA.

12. Limitation of Liability#

The liability of each Party arising out of or relating to this DPA shall be subject to the exclusions and limitations of liability set forth in the Agreement.

Nothing in this DPA shall be construed to expand or increase either Party's liability beyond the liability limitations set forth in the Agreement.

Annex A - Description of Processing#

Data Exporter#

Customer.

Data Importer#

Softronics Systems Pvt Ltd.

Subject Matter of Processing#

Provision, operation, support, maintenance, security, and improvement of the SmartTask Service.

Categories of Data Subjects#

Depending on Customer's use of the Service, Personal Data may relate to:

  • Employees;
  • Contractors;
  • Customers;
  • Vendors;
  • Business partners;
  • Other users whose information is submitted to the Service.

Categories of Personal Data#

Depending on Customer's use of the Service, Personal Data may include:

  • Names;
  • Email addresses;
  • Phone numbers;
  • Job titles;
  • Account information;
  • User-generated content;
  • Other Personal Data submitted by Customer through the Service.

Processing Activities#

Processing activities may include:

  • Collection;
  • Storage;
  • Organization;
  • Retrieval;
  • Transmission;
  • Support and maintenance;
  • Security monitoring;
  • Backup and disaster recovery;
  • Deletion of Personal Data.

Subprocessors#

Current Subprocessors are listed at: https://www.smarttask.io/legal/subprocessors

The list may be updated from time to time in accordance with this DPA.

SmartTask is the best all-in-one work management software for client delivery teams.

Usecases

Teams

SmartTask

Compare

Support