Data processing information (summary)

Traditional-dating Legal is typically the controller of personal data processed through Traditional Dating. Infrastructure and service providers (e.g. hosting, database, email, payments, CDN) usually act as processors under documented agreements.

This page is an overview for transparency. Enterprise customers, vendors, and partners enter into appropriate Data Processing Agreements (DPAs) and subprocessor terms as required by UK GDPR / GDPR Article 28 and comparable laws.

Processor obligations (summary)

• Process personal data only on documented instructions from the controller.
• Implement appropriate technical and organisational measures (encryption in transit, access controls, logging, vulnerability management, incident response).
• Assist with data subject requests, DPIAs, breach response, and audits where required.
• Notify the controller without undue delay upon becoming aware of a personal data breach.
• Use subprocessors only as permitted by contract, with flow-down obligations.
• Delete or return data at end of service unless law requires retention.

Subprocessors

We maintain an internal subprocessor register (hosting, auth, payments, email, analytics, etc.) with transfer mechanisms (SCCs, UK Addendum/IDTA, adequacy, or DPF where applicable). A public list may be published as we mature operationally.

Transfers

Where data leaves the UK/EEA, we use appropriate safeguards such as Standard Contractual Clauses, the UK Addendum or IDTA, or adequacy decisions, supplemented by transfer impact assessments where required.