Data Processing Agreement

Version: 2
Date: 7th July 2025 

This Data Processing Agreement (“DPA”) forms part of any Order Form or Main Agreement entered into between Sidekiq Limited (“Processor”) and the Customer (“Controller”).

​

1. Definitions

• “Data Protection Laws” means all applicable data protection laws, including UK GDPR and Data Protection Act 2018.

• “Personal Data”, “Processing”, “Controller”, “Processor” and “Data Subject” have the meanings given in Data Protection Laws.

• “Sub-Processor” means any third party engaged by Sidekiq to process Personal Data.

​

2. Processing Instructions

Sidekiq will:
a) process Personal Data only on the documented instructions of the Customer (including as set out in the Order Form and this DPA),
b) not process Personal Data for any purpose other than providing the services.

​

3. Data Retention

Sidekiq does not store Customer Personal Data outside of Customer-owned systems (Retell AI, Twilio, N8N). Any data exports or logs created for support are retained for no longer than 30 days unless required by law.

​

4. Confidentiality and Security

Sidekiq will:
a) ensure that persons authorised to process Personal Data are subject to confidentiality obligations;
b) implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access.

​

5. Sub-Processing

a) The Customer acknowledges and agrees that the Customer’s own accounts with third-party platforms (the “Third Party Platforms”) will process Personal Data as part of the services.
b) Sidekiq may access and configure these platforms but does not host or control the infrastructure. The Customer remains responsible for maintaining these accounts and their compliance.
c) Sidekiq will notify the Customer if it engages any additional Sub-Processor beyond these platforms.

​

6. Incident Notification

Sidekiq will notify the Customer without undue delay (and in any event within 24 hours) upon becoming aware of any Personal Data breach affecting Customer Personal Data. Sidekiq will cooperate with the Customer to investigate and remediate the incident.

​

7. Assistance

Sidekiq will provide reasonable assistance to the Customer in:

• responding to Data Subject rights requests,

• conducting Data Protection Impact Assessments,

• engaging with the ICO or other Supervisory Authorities.

​

8. Return or Deletion

On termination of the services, Sidekiq will cease accessing Customer systems and delete any retained Personal Data unless required by law to retain it.

​

9. International Transfers

Sidekiq will not transfer Personal Data outside the UK or EEA except to the Customer’s own Third Party Platforms or where the transfer is subject to appropriate safeguards under Data Protection Laws.

​

10. Audit Rights

The Customer may audit Sidekiq’s compliance with this DPA up to once annually with 30 days’ notice during normal business hours.

​

11. Liability

Sidekiq’s liability under this DPA is subject to the limitations set out in the Main Agreement.

​

12. Governing Law

This DPA is governed by English law and subject to the exclusive jurisdiction of the English courts.

​

​

​

By entering into an Order Form or Agreement with Sidekiq, the Customer agrees to this Data Processing Agreement.