Data Processing Agreement.
The terms under which Slick processes personal data on your behalf. A signed copy is available for any paid workspace.
1. Roles
For personal data within your workspace, you (the customer) are the controller and Slick is the processor. Slick processes such data only on your documented instructions, including those given through your use of the service.
2. Scope & purpose
Slick processes personal data solely to provide the team-chat service described in the Terms — storing and delivering messages and files, enforcing access control, sending notifications, and providing support.
3. Categories of data
- Data subjects — your members, bots, and invited external participants.
- Data — identifiers, message and file content, and usage metadata they generate.
4. Subprocessors
You authorise Slick to engage subprocessors for hosting, storage and infrastructure, each bound by data-protection terms no less protective than this DPA. We maintain a current list and give notice of material changes so you can object.
5. Security measures
Slick maintains appropriate technical and organisational measures, including encryption in transit and at rest, role- and attribute-based access control, audit logging, least-privilege internal access, and tested backups.
6. Data-subject requests
Slick will assist you, taking into account the nature of processing, in responding to data-subject requests — access, rectification, erasure, restriction, portability and objection — including tooling to export and delete workspace data.
7. Personal-data breaches
Slick will notify you without undue delay after becoming aware of a personal-data breach affecting your data, with the information you need to meet your own notification obligations.
8. International transfers
Data is processed in the United Kingdom (England). Where any transfer outside the UK is necessary, Slick relies on UK adequacy regulations or the UK International Data Transfer Agreement (IDTA), which is incorporated into this DPA by reference.
9. Audits
Slick will make available information necessary to demonstrate compliance and allow for reasonable audits, subject to confidentiality and minimal disruption to operations.
10. Return & deletion
On termination, Slick will, at your choice, return or delete personal data within a reasonable period, except where retention is required by law.
Requesting a signed copy
Paid workspaces can request a counter-signed DPA at [email protected]. See also GDPR and Privacy.