Close window

Get access to Motives

Ready to learn at the speed of AI? We're excited to talk

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

DPA

Data Processing Agreement

Last Updated: July 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Use between BTRT Ltd trading as Motives ("Processor") and the Customer ("Controller") who has executed an Order Form incorporating this DPA by reference.

1. Definitions

Terms not defined herein shall have the meanings set forth in the Terms of Use. In this DPA:

  • "Data Protection Laws" means the UK GDPR, EU GDPR (where applicable), and any other applicable data protection legislation.
  • "Personal Data" means any personal data processed by Processor on behalf of Controller under the Agreement.
  • "Processing" has the meaning given in Data Protection Laws.
  • "Sub-processor" means any third party engaged by Processor to process Personal Data.

2. Processing of Personal Data

2.1 Scope of Processing

Processor shall process Personal Data only on documented instructions from Controller, except where required by applicable law. The processing details are:

  • Categories of Data Subjects: Research interview participants, survey respondents, and other individuals whose data is collected through the Services
  • Types of Personal Data: Voice recordings, video recordings, transcripts, demographic information, contact details, and survey responses
  • Purpose: To provide AI-powered consumer research and market research services
  • Duration: For the term of the Agreement plus 60 days

2.2 Processor Obligations

Processor shall:

a) Process Personal Data only on Controller's written instructions;

b) Ensure persons authorized to process Personal Data are subject to confidentiality obligations;

c) Implement appropriate technical and organizational measures to ensure security of Personal Data, including measures to prevent unauthorized access, disclosure, alteration, or destruction;

d) Not transfer Personal Data outside the UK/EEA without Controller's prior consent and appropriate safeguards;

e) Taking into account the nature of the processing, assist Controller with data subject requests and compliance with Articles 32-36 GDPR;

f) Delete or return all Personal Data within 60 days after termination, except where retention is required by law;

g) Make available information necessary to demonstrate compliance with this DPA and allow for audits as described in Section 5.

3. Sub-processors

3.1 Authorized Sub-processors

Controller acknowledges and agrees that Processor may engage Sub-processors in the following categories to deliver the Services:

  • Cloud infrastructure and hosting providers
  • Artificial intelligence and machine learning services
  • Video conferencing and recording platforms
  • Transcription and speech-to-text services
  • Analytics and data visualization tools
  • Customer relationship management systems
  • Communication and support tools

Specific Sub-processors within these categories are listed at www.motives.ai/subprocessors.

3.2 Sub-processor Changes

Processor may change Sub-processors within the authorized categories without prior notification. Should Processor require Sub-processors in categories not listed above, Processor shall notify Controller at least 30 days in advance. Controller may reasonably object within 14 days of such notification.

3.3 Sub-processor Obligations

Processor shall ensure Sub-processors are bound by data protection obligations no less protective than this DPA.

4. Security and Breach Notification

4.1 Security Measures

Processor maintains security measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Business continuity and disaster recovery procedures

4.2 Personal Data Breach

Processor shall notify Controller without undue delay (and within 72 hours where feasible) after becoming aware of a Personal Data breach, providing sufficient information for Controller to meet its regulatory obligations.

5. Audit Rights

Processor will provide reasonable documentation to demonstrate compliance upon request. On-site audits are available once annually with 30 days' notice, conducted at Controller's expense including Processor's professional services time.

6. Data Subject Rights

Taking into account the nature of the processing, Processor shall assist Controller in responding to data subject requests by:

  • Providing tools for data export and deletion where technically feasible
  • Responding promptly to Controller's requests for assistance
  • Forwarding any data subject requests to Controller without undue delay

7. Liability and Indemnification

Liability under this DPA is subject to the limitation of liability provisions in the Terms of Use. Each party shall indemnify the other against regulatory fines or third-party claims resulting from the indemnifying party's breach of Data Protection Laws.

8. International Transfers

Where Personal Data is transferred outside the UK/EEA, Processor shall ensure appropriate safeguards through:

  • UK/EU Standard Contractual Clauses
  • Adequacy decisions
  • Other mechanisms approved under Data Protection Laws

9. Term and Termination

This DPA continues for the duration of the Agreement. Obligations regarding security, confidentiality, and return/deletion of Personal Data survive termination.

10. Governing Law

This DPA is governed by the laws of England and Wales.

Current Sub-processors: Available at www.motives.ai/subprocessors

Contact for Data Protection Matters: privacy@motives.ai

Dive deeper.
Decide faster.
Book a Demo
Product
How it works
Solutions
Motives for Insights TeamsMotives for Marketing TeamsSuccess StoriesUse Cases
ReSources
BlogFAQPrivacy PolicyContact Sales
LinkedIn
Copyright © 2025 Motives
Text Link