Data Processing Agreement
UK GDPR Article 28 compliant agreement governing how CrisisConnect Limited processes personal data on your behalf.
Download this agreement
The full Data Processing Agreement is available as a Word document for your records. This agreement is automatically incorporated into your Customer Subscription Agreement.
Download DPA (.pdf)Summary
When you use CrisisConnect to store personal data about your members, clients, and volunteers, you are the data controller and CrisisConnect Limited is the data processor. This agreement sets out how we process that data on your behalf.
What data we process
We process the personal data you enter into the platform, including member and client records, volunteer records, and staff accounts. This may include special category data such as disability status, benefits status, and employment status where you use the relevant modules.
Our security measures
We implement encryption at rest and in transit, role-based access control, audit logging, regular backups, and documented breach response procedures. Full details are in the Data Processing Agreement.
Sub-processors
We use the following sub-processors to deliver the platform:
- Microsoft Azure — cloud hosting and infrastructure (UK data centres)
- SendGrid / Twilio — transactional email delivery
- Stripe — payment processing
- Clickatell — SMS delivery where SMS modules are active
Data subject rights
You are responsible for responding to data subject rights requests. We provide the tools within the platform to locate, export, rectify, and delete personal data. Where a data subject contacts us directly, we will forward the request to you within 5 working days.
Breach notification
We will notify you within 72 hours of becoming aware of a personal data breach affecting your data, as required by UK GDPR.
Questions
For data protection queries: hello@crisisconnect.uk
Last updated: May 2026