Legal

Data Processing Agreement.

A summary of how Aspiresly processes personal data on behalf of customers. A signed counterpart is available on request.

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Aspire Solutions Danismanlik ve Ticaret LLC ("Aspiresly", "Processor") and the customer ("Controller") and applies wherever Aspiresly processes Personal Data on the Controller's behalf.

1. Definitions

"Personal Data", "Processing", "Controller", "Processor" and "Data Subject" have the meanings given in Regulation (EU) 2016/679 (GDPR) and equivalent legislation.

2. Subject matter

Aspiresly Processes Personal Data submitted by the Controller into the Aspiresly service, only for the purpose of providing that service and as instructed by the Controller.

3. Nature and purpose

  • Nature: hosted CRM, messaging, AI-assisted automation.
  • Purpose: to operate the Aspiresly service for the Controller.
  • Duration: for as long as the Controller's account is active, plus a 30-day grace period.
  • Categories of Data Subjects: the Controller's employees, customers, leads, and contacts.
  • Categories of Personal Data: contact identifiers (name, email, phone), business-related correspondence, conversation history, and engagement metadata.

4. Obligations of the Processor

  • Process Personal Data only on documented instructions from the Controller.
  • Ensure personnel with access to Personal Data are bound by confidentiality.
  • Implement appropriate technical and organisational measures (see Security page).
  • Assist the Controller in responding to Data Subject requests and regulatory inquiries.
  • Notify the Controller of any Personal Data breach within 72 hours.
  • Delete or return all Personal Data on termination, within 30 days.

5. Subprocessors

The Controller authorises Aspiresly to engage subprocessors to deliver the service. A current list is available on request. Aspiresly will give the Controller at least 14 days' notice of any new subprocessor and provide a right to object.

6. International transfers

Where Personal Data is transferred outside the European Economic Area or the United Kingdom, Aspiresly relies on Standard Contractual Clauses or other approved transfer mechanisms.

7. Audit

The Controller may, on reasonable notice and no more than once per year, audit Aspiresly's compliance with this DPA. The audit may be satisfied by Aspiresly providing its most recent SOC 2 Type II report.

8. Liability

Each party's liability under this DPA is subject to the liability limits in the Terms of Service.

9. Signing a counterpart

To request a countersigned DPA, email hello@aspirescapital.com with the subject "DPA request". We will return a signed counterpart within 3 business days.