Skip to main content
ClickCarousel
Product
FeaturesSee the product in action
TemplatesStyles that fit your brand
Resources
GuidesPlaybooks for growing on LinkedIn
LinkedIn tipsSmall habits that compound
Company
AboutWhy we built ClickCarousel
Contact usTalk to the team
Pricing
Earn 40% Sign inSign up

Data Processing Agreement

Last updated: 1 July 2026 · Version 0.1
Draft for review. A working template based on GDPR Article 28. Not legal advice — have counsel adapt it (including governing law and the SCC module) before use.
What is a DPA, in plain English?
A Data Processing Agreement is a contract required by GDPR whenever one company handles personal data on behalf of another. Here, a business customer (the controller — e.g. an agency or company using ClickCarousel) decides what happens to the data, and ClickCarousel (the processor) only handles it on their instructions. The DPA locks in how we protect that data: security, who our sub-processors are, breach notifications, deletion, and support for data-subject rights. If you're an individual creator on a normal plan, our Privacy Policy already covers you — the DPA matters mainly for business/agency customers.

1. Scope and roles

This DPA forms part of the agreement between the customer ("Controller") and ClickCarousel ("Processor") for use of the Service. It applies where ClickCarousel processes personal data on the Controller's behalf. Where terms conflict, this DPA prevails on data-protection matters.

2. Processing on instructions

ClickCarousel processes personal data only on the Controller's documented instructions (including via the Service's features), except where required by law — in which case we will inform the Controller unless legally prohibited.

3. Details of processing (Annex A)

Subject matterCreating, scheduling and publishing LinkedIn carousels via the Service.
DurationFor the term of the agreement, plus deletion/return period.
Nature & purposeHosting, generating, editing, storing, scheduling and transmitting content to LinkedIn.
Types of personal dataAccount and contact details; LinkedIn profile identifiers and access tokens; content, captions and comments; usage data.
Categories of data subjectsThe Controller's users, team members and any individuals referenced in content.

4. Confidentiality

ClickCarousel ensures that personnel authorised to process personal data are bound by confidentiality obligations and receive appropriate training.

5. Security (Annex B)

ClickCarousel implements appropriate technical and organisational measures, including: encryption in transit; encryption of stored access tokens and secrets; access controls and least-privilege; logging and monitoring; regular backups; and secure software-development practices. Measures may be updated provided the level of protection is not reduced.

6. Sub-processors

The Controller authorises ClickCarousel to engage sub-processors under written terms that impose data-protection obligations equivalent to this DPA. The current list is published on our Third-Party Terms & Sub-processors page. We will give notice of intended changes, allowing the Controller a reasonable opportunity to object on reasonable grounds.

7. Data-subject requests

Taking into account the nature of the processing, ClickCarousel assists the Controller with appropriate measures to respond to data-subject requests (access, rectification, erasure, portability, restriction and objection), and forwards any such requests it receives directly.

8. Personal-data breach

ClickCarousel notifies the Controller without undue delay after becoming aware of a personal-data breach affecting the Controller's data, and provides information reasonably available to help the Controller meet its own notification duties.

9. Return and deletion

On termination, and at the Controller's choice, ClickCarousel deletes or returns the personal data and deletes existing copies, unless retention is required by law.

10. Audits

ClickCarousel makes available information necessary to demonstrate compliance with Article 28 and allows for and contributes to audits, including inspections, on reasonable notice and subject to confidentiality.

11. International transfers

Where processing involves transfers of personal data outside the EEA/UK, the parties rely on an appropriate transfer mechanism, such as the European Commission's Standard Contractual Clauses, which are incorporated by reference.

12. Liability

Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the main agreement.

13. Contact

Data-protection contact: privacy@clickcarousel.com. To request a signed DPA, contact legal@clickcarousel.com.

Privacy PolicyTerms of ServiceCookie PolicyHome
ClickCarousel

Grow your personal and professional brand on LinkedIn with carousels that get noticed.

Product

FeaturesPricingTemplates

Company

Affiliate programAboutContact us

Resources

Help centerGuidesLinkedIn tips

Legal

Privacy PolicyTerms of ServiceCookie PolicyDPAAffiliate TermsAccessibilitySecurity
© 2026 ClickCarousel. All rights reserved.
PrivacyTermsCookies