Hello,
I have two questions regarding the Camunda Starter Terms:
-
During the process, we might need to enter the contact person’s name and email address as data. Would this information be classified as Personal Data and therefore be subject to national or international privacy regulations? Additionally, would we need to sign a Data Processing Agreement (DPA) in this context? [Camunda Starter Terms 12]
-
Upon termination of our subscription, how will the data we have stored on Camunda SaaS (such as BPMN and DMN) be managed? Specifically, will all data be deleted after a certain period? I was unable to find any information about this in the documentation.
Hi @takamine_asuki! Great questions.
-
Name and email are personal data, but no DPA is needed because Camunda is the controller for this personal data under data privacy law. So this is treated according to our privacy notice controls found here: Camunda Legal Center.
-
I’m reaching out for this question to find an answer for you.
1 Like
Thank you for your response!
Regarding question 1, the name and email address are received through forms implemented in the process or from connected external services. In this case, is a DPA still not required?
And thank you for looking into question 2.
Hi, @miamoore
just following up on my previous questions about the need for a DPA and data handling post-subscription termination.
Any updates?
Hey there, thanks for the follow up!
You’re right, this would require a DPA. Go to this page and follow the instructions at the top to complete the DPA:
https://legal.camunda.com/privacy-and-data-protection#data-processing-agreement
I’m still looking into your second question to get a precise answer, but if this is a blocker for you using the product, you can always fill out our privacy deletion request form if you wish for us to delete the data after a subscription is terminated.
I will follow up when I learn more, because this is an important question and I want to answer it as thoroughly as I can!
1 Like