Data Processing Addendum.

Terms for data processing and GDPR compliance.

Data Processing Addendum.

Terms for data processing and GDPR compliance.

Data Processing Addendum.

Terms for data processing and GDPR compliance.

Introduction

This Data Processing Addendum (“DPA”) forms part of the agreement (“Agreement”) between Emotional Piggy Ltd (“Processor”, “we”, “us”) and the customer identified in the Agreement (“Controller”, “you”). It sets out the terms governing the processing of personal data.

By using our wellbeing assessment services, you acknowledge and accept the data processing requirements and obligations outlined in this DPA. Both parties agree to comply with applicable data protection laws as set in the Agreement and this DPA.

For any questions or concerns regarding this DPA, please contact us at hi@emotionalpiggy.com.

Introduction

This Data Processing Addendum (“DPA”) forms part of the agreement (“Agreement”) between Emotional Piggy Ltd (“Processor”, “we”, “us”) and the customer identified in the Agreement (“Controller”, “you”). It sets out the terms governing the processing of personal data.

By using our wellbeing assessment services, you acknowledge and accept the data processing requirements and obligations outlined in this DPA. Both parties agree to comply with applicable data protection laws as set in the Agreement and this DPA.

For any questions or concerns regarding this DPA, please contact us at hi@emotionalpiggy.com.

Introduction

This Data Processing Addendum (“DPA”) forms part of the agreement (“Agreement”) between Emotional Piggy Ltd (“Processor”, “we”, “us”) and the customer identified in the Agreement (“Controller”, “you”). It sets out the terms governing the processing of personal data.

By using our wellbeing assessment services, you acknowledge and accept the data processing requirements and obligations outlined in this DPA. Both parties agree to comply with applicable data protection laws as set in the Agreement and this DPA.

For any questions or concerns regarding this DPA, please contact us at hi@emotionalpiggy.com.

Company Details

Company name: Emotional Piggy Ltd. Company number: 16344820.

ICO Registration / Security Number: CSN8100523. Contact: hi@emotionalpiggy.com.

This DPA was last updated: 21/09/2025.

Company Details

Company name: Emotional Piggy Ltd. Company number: 16344820.

ICO Registration / Security Number: CSN8100523. Contact: hi@emotionalpiggy.com.

This DPA was last updated: 21/09/2025.

Company Details

Company name: Emotional Piggy Ltd. Company number: 16344820.

ICO Registration / Security Number: CSN8100523. Contact: hi@emotionalpiggy.com.

This DPA was last updated: 21/09/2025.

Key Terms and Definitions

‘Personal Data’, ‘Data Subject’, ‘Controller’, ‘Processor’, and ‘Processing’ have the meanings defined by the UK GDPR and/or EU GDPR.

‘Special Category Data’ refers to data including health-related information (e.g., wellbeing questionnaires responses).

‘Sub-processor’ means a third party engaged by the Processor to process Personal Data.

Key Terms and Definitions

‘Personal Data’, ‘Data Subject’, ‘Controller’, ‘Processor’, and ‘Processing’ have the meanings defined by the UK GDPR and/or EU GDPR.

‘Special Category Data’ refers to data including health-related information (e.g., wellbeing questionnaires responses).

‘Sub-processor’ means a third party engaged by the Processor to process Personal Data.

Key Terms and Definitions

‘Personal Data’, ‘Data Subject’, ‘Controller’, ‘Processor’, and ‘Processing’ have the meanings defined by the UK GDPR and/or EU GDPR.

‘Special Category Data’ refers to data including health-related information (e.g., wellbeing questionnaires responses).

‘Sub-processor’ means a third party engaged by the Processor to process Personal Data.

Roles of the Parties

The customer identified in the Agreement is the Controller. Emotional Piggy Ltd is the Processor.

We process Personal Data only on documented instructions from the Controller, unless required by law.

Each party’s role and responsibility as Controller or Processor is governed by this DPA.

Roles of the Parties

The customer identified in the Agreement is the Controller. Emotional Piggy Ltd is the Processor.

We process Personal Data only on documented instructions from the Controller, unless required by law.

Each party’s role and responsibility as Controller or Processor is governed by this DPA.

Roles of the Parties

The customer identified in the Agreement is the Controller. Emotional Piggy Ltd is the Processor.

We process Personal Data only on documented instructions from the Controller, unless required by law.

Each party’s role and responsibility as Controller or Processor is governed by this DPA.

Scope of Processing

Subject matter: Delivery of wellbeing screening and assessment services. Nature & purpose: Hosting, storing, analysing assessment responses and generating reports.

Categories of data: Names, emails, organisational role/department, assessment responses, and special category/health data.

Data subjects: Employees, students, or other authorised users. Duration: For the term of the Agreement, unless otherwise required by law.

Scope of Processing

Subject matter: Delivery of wellbeing screening and assessment services. Nature & purpose: Hosting, storing, analysing assessment responses and generating reports.

Categories of data: Names, emails, organisational role/department, assessment responses, and special category/health data.

Data subjects: Employees, students, or other authorised users. Duration: For the term of the Agreement, unless otherwise required by law.

Scope of Processing

Subject matter: Delivery of wellbeing screening and assessment services. Nature & purpose: Hosting, storing, analysing assessment responses and generating reports.

Categories of data: Names, emails, organisational role/department, assessment responses, and special category/health data.

Data subjects: Employees, students, or other authorised users. Duration: For the term of the Agreement, unless otherwise required by law.

Processor Obligations

We process personal data only on your instructions and as required by law. All staff authorised to process Personal Data are subject to confidentiality.

We implement technical and organisational measures such as encryption, access control, logging, security training, and more. In the event of a Personal Data Breach, we will notify you without undue delay.

We assist you with GDPR obligations, audits, and, upon service termination, will delete or return personal data at your request unless retention is required by law.

Processor Obligations

We process personal data only on your instructions and as required by law. All staff authorised to process Personal Data are subject to confidentiality.

We implement technical and organisational measures such as encryption, access control, logging, security training, and more. In the event of a Personal Data Breach, we will notify you without undue delay.

We assist you with GDPR obligations, audits, and, upon service termination, will delete or return personal data at your request unless retention is required by law.

Processor Obligations

We process personal data only on your instructions and as required by law. All staff authorised to process Personal Data are subject to confidentiality.

We implement technical and organisational measures such as encryption, access control, logging, security training, and more. In the event of a Personal Data Breach, we will notify you without undue delay.

We assist you with GDPR obligations, audits, and, upon service termination, will delete or return personal data at your request unless retention is required by law.

Sub-processors

You authorise us to use Sub-processors including cloud, analytics, and email providers. All Sub-processors are subject to equivalent data protection obligations.

A current list of Sub-processors can be found at Partnerships. We will notify you in advance of changes and offer a right to reasonably object.

We assess Sub-processor risk and perform due diligence before engagement.

Sub-processors

You authorise us to use Sub-processors including cloud, analytics, and email providers. All Sub-processors are subject to equivalent data protection obligations.

A current list of Sub-processors can be found at Partnerships. We will notify you in advance of changes and offer a right to reasonably object.

We assess Sub-processor risk and perform due diligence before engagement.

Sub-processors

You authorise us to use Sub-processors including cloud, analytics, and email providers. All Sub-processors are subject to equivalent data protection obligations.

A current list of Sub-processors can be found at Partnerships. We will notify you in advance of changes and offer a right to reasonably object.

We assess Sub-processor risk and perform due diligence before engagement.

International Transfers

Personal Data is processed within the UK/EEA unless adequate safeguards are in place per UK IDTA, EU SCCs, or adequacy decisions.

We ensure Data Subjects have enforceable rights and effective legal remedies in cases of international data transfer.

All transfers comply with applicable data protection law.

International Transfers

Personal Data is processed within the UK/EEA unless adequate safeguards are in place per UK IDTA, EU SCCs, or adequacy decisions.

We ensure Data Subjects have enforceable rights and effective legal remedies in cases of international data transfer.

All transfers comply with applicable data protection law.

International Transfers

Personal Data is processed within the UK/EEA unless adequate safeguards are in place per UK IDTA, EU SCCs, or adequacy decisions.

We ensure Data Subjects have enforceable rights and effective legal remedies in cases of international data transfer.

All transfers comply with applicable data protection law.

Data Subject Rights

We will assist you in responding to requests for access, rectification, erasure, restriction, portability, and objection from Data Subjects.

We will not respond directly to Data Subjects unless instructed or required by law.

Controllers remain responsible for fulfilling Data Subject rights under applicable data protection law.

Data Subject Rights

We will assist you in responding to requests for access, rectification, erasure, restriction, portability, and objection from Data Subjects.

We will not respond directly to Data Subjects unless instructed or required by law.

Controllers remain responsible for fulfilling Data Subject rights under applicable data protection law.

Data Subject Rights

We will assist you in responding to requests for access, rectification, erasure, restriction, portability, and objection from Data Subjects.

We will not respond directly to Data Subjects unless instructed or required by law.

Controllers remain responsible for fulfilling Data Subject rights under applicable data protection law.

Special Category Data

Processing of wellbeing/mental health data occurs with explicit consent or as otherwise provided by law.

It is your responsibility as Controller to ensure all processing is covered by a valid lawful basis and required consents.

We process Special Category Data strictly for the purposes defined in the Agreement.

Special Category Data

Processing of wellbeing/mental health data occurs with explicit consent or as otherwise provided by law.

It is your responsibility as Controller to ensure all processing is covered by a valid lawful basis and required consents.

We process Special Category Data strictly for the purposes defined in the Agreement.

Special Category Data

Processing of wellbeing/mental health data occurs with explicit consent or as otherwise provided by law.

It is your responsibility as Controller to ensure all processing is covered by a valid lawful basis and required consents.

We process Special Category Data strictly for the purposes defined in the Agreement.

Liability and Governing Law

Each party’s liability under this DPA is governed by the terms of the main Agreement and its limitations or exclusions.

This DPA is governed by the laws of England and Wales. The courts in England and Wales have exclusive jurisdiction, unless otherwise dictated by mandatory law.

This DPA is binding on both parties and forms part of your Agreement with Emotional Piggy Ltd.

Liability and Governing Law

Each party’s liability under this DPA is governed by the terms of the main Agreement and its limitations or exclusions.

This DPA is governed by the laws of England and Wales. The courts in England and Wales have exclusive jurisdiction, unless otherwise dictated by mandatory law.

This DPA is binding on both parties and forms part of your Agreement with Emotional Piggy Ltd.

Liability and Governing Law

Each party’s liability under this DPA is governed by the terms of the main Agreement and its limitations or exclusions.

This DPA is governed by the laws of England and Wales. The courts in England and Wales have exclusive jurisdiction, unless otherwise dictated by mandatory law.

This DPA is binding on both parties and forms part of your Agreement with Emotional Piggy Ltd.

About Us

Who We Are

How We Work

Contact

← Back to Homepage

Legal

Privacy Policy

Terms of Service

Disclaimer

Data Processing Addendum

Partnership

Our Product

Pricing

Pilot

Free Demo



About Us

Who We Are

How We Work

Contact

← Back to Homepage

Legal

Privacy Policy

Terms of Service

Disclaimer

Data Processing Addendum

Partnership

Our Product

Pricing

Pilot

Free Demo



About Us

Who We Are

How We Work

Contact

← Back to Homepage

Legal

Privacy Policy

Terms of Service

Disclaimer

Data Processing Addendum

Partnership

Our Product

Pricing

Pilot

Free Demo