🚀🚀🚀 Launch challenges based on metrics from your CRM! Your team can participate via our Chrome extension!

Book a demo
Log in
Request a demo

Last updated 3rd Oct 2025

Data Processing Agreement

We provide a standard Data Processing Addendum (“DPA”) for customers in the European Union who act as controllers of personal data under the General Data Protection Regulation (“GDPR”) in connection with their use of Targitr’s services.

Our DPA forms part of our Terms of Service and Privacy Policy, and is designed to address the GDPR’s requirements for controller–processor arrangements. It covers areas such as the nature and purpose of processing, international data transfers, security measures, and our commitments around privacy and compliance.

To maintain consistency and ensure compliance with the GDPR’s standard contractual clauses, we do not sign external customer-provided DPAs. As a growing team without in-house legal resources, we are also unable to make bespoke modifications to our standard DPA. Any variations would require extensive legal review, which is not feasible for us to provide at scale.

 

Details of our DPA

1. Purpose and Scope

1.1 This DPA governs Targitr’s processing of personal data on behalf of Customer in connection with Customer’s use of the Targitr platform.
1.2 Targitr provides a software service for sales rewards and gamification. The platform connects to Customer’s CRM systems on a read-only basis to display sales activity data.
1.3 Targitr does not permanently store, copy, or retain personal data. Any processing is transient and limited to the operation of the service.

2. Roles of the Parties

  • Customer acts as Data Controller.
  • Targitr acts as Data Processor and processes personal data solely under Customer’s instructions.

3. Nature of Processing

  • Types of personal data: Sales representatives’ CRM account identifiers, performance activity data (calls, emails, meetings, opportunities).
  • Categories of data subjects: Customer’s employees and/or contractors (sales team members).
  • Purpose of processing: Displaying sales performance metrics and enabling KPI challenges and games.

4. Processor Obligations

Targitr shall:

  • Process data only when users give permission during syncing connected systems. 
  • Not use data for its own purposes, unless for the reasons stated in our terms and conditions and privacy policy.
  • Not store, modify, or delete data unless instructed by Customer.
  • Ensure confidentiality obligations for personnel.

5. Security Measures

Targitr implements appropriate technical and organizational measures to protect personal data, including:

  • Encrypted connections (TLS) when accessing CRM data.
  • Role-based access controls.
  • Logging and monitoring of API connections.
  • Read-only API access to Customer CRMs.

6. Sub-processors

  • Targitr does not engage third-party sub-processors for persistent storage or processing of Customer data.
  • If sub-processors are engaged in the future, Targitr will notify Customer and maintain responsibility for their compliance.

7. International Data Transfers

  • Targitr does not store data; however, transient access may involve international transfers depending on CRM hosting.
  • Where applicable, Targitr will rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.

8. Data Subject Rights

Targitr will assist Customer, to the extent technically possible, in fulfilling data subject requests (e.g., access, deletion, restriction) by relying on CRM system capabilities.

9. Data Breach Notification

Targitr will notify Customer without undue delay upon becoming aware of a personal data breach relating to transient processing.

10. Data Retention & Deletion

  • Targitr does not persist Customer personal data.
  • Upon termination of the Agreement, no personal data remains within Targitr systems.

11. Audit Rights

  • Customer may request any documentation of Targitr to become comfortable working with them
  • Since no personal data is stored, on-site audits are generally not applicable.

12. Liability

Each party’s liability is governed by the Agreement.

13. Governing Law

This DPA is governed by the laws of United Kingdom, England.

ANNEX I – Details of Processing

  • Nature: Transient, read-only access to CRM data.
  • Duration: During term of Agreement only.
  • Purpose: Display sales performance metrics and rewards.

For any quires on our DPA, please email support@targitr.com.

By providing this information, alongside our Terms & Conditions and Privacy Policy, you can be assured that your use of Targitr is supported by GDPR-compliant terms without the risk of conflicting or inconsistent contractual obligations.