Data Processing Agreement (DPA)

GDPR-Compliant Data Processing Agreement for Event Organizers

About This Agreement

This Data Processing Agreement (DPA) is a legally binding agreement between Quack Foundry and event organizers who use our Service. It ensures compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The DPA outlines the rights and obligations of both parties regarding the processing of personal data, including participant information and race photos.

What's Covered

  • Roles and responsibilities (Data Controller vs. Data Processor)
  • Types of personal data processed
  • Data subject categories (participants, photographers, etc.)
  • Processing operations and purposes
  • Security measures and safeguards
  • Sub-processors (AWS, Stripe, Google, Email Providers)
  • Data breach notification procedures
  • Data subject rights and assistance
  • International data transfers
  • Audit rights and compliance

Who Should Sign This?

Event organizers who use Quack Runners to process personal data of race participants enter into this DPA to ensure GDPR compliance. This includes:

  • Race event organizers uploading participant lists
  • Organizations managing multiple events
  • Photographers uploading race photos
  • Any entity acting as a Data Controller using our Service

Download DPA

Select your preferred language to download the Data Processing Agreement:

English
DPA - EN
Polski (Polish)
DPA - PL

All versions contain the same legal terms. Choose the language you're most comfortable with.

Automatic Acceptance

This Data Processing Agreement is automatically accepted when you first sign in to Quack Runners as an event organizer. By using our Service to process participant data, you agree to the terms outlined in this DPA.

You can download a copy of the DPA above for your records. No manual signature is required — your use of the Service constitutes acceptance of these data processing terms.

Key Points

Data Controller

You (the event organizer) are the Data Controller, responsible for determining the purposes and means of processing participant data.

Data Processor

Quack Foundry acts as the Data Processor, processing data on your behalf in accordance with your instructions and GDPR requirements.

Sub-Processors

We use trusted third-party sub-processors (AWS, Stripe, Google, Sentry, and Transactional Email Providers) to provide the Service. All sub-processors are GDPR-compliant and bound by appropriate data processing agreements.

Security Measures

We implement industry-standard technical and organizational measures including encryption, access controls, audit logging, and regular security assessments.