Last updated: July 2025

This Data Processing Agreement (“DPA”) forms part of the agreement between We Are Atomics Ltd (trading as Happy Hive) (“Data Processor”) and the Customer (“Data Controller”) for the provision of the Happy Hive platform and services.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on Personal Data (e.g., collection, storage, use, disclosure, deletion).
  • Data Controller: The entity that determines the purposes and means of Processing Personal Data.
  • Data Processor: The entity that Processes Personal Data on behalf of the Data Controller.
  • UK GDPR: The UK General Data Protection Regulation as retained in UK law.
  • EU GDPR: The EU General Data Protection Regulation (2016/679).
  • Data Subject: An identified or identifiable natural person whose Personal Data is processed.

2. Scope and Purpose

We Are Atomics Ltd (trading as Happy Hive) processes Personal Data on behalf of the Customer to provide the platform services designed to improve workplace happiness through employee feedback and check-ins.

This DPA applies to all Personal Data processed by Happy Hive on behalf of the Customer in connection with the services.

3. Data Processing Details

Categories of Data Subjects

  • Employees, contractors, and users of the Customer’s organization
  • Website visitors and registered users

Types of Personal Data

  • Name and contact information (email addresses)
  • Feedback comments and mood ratings
  • Usage data and analytics
  • IP addresses and technical identifiers
  • Any other data submitted through the platform

Purpose of Processing

  • Providing workplace happiness improvement services
  • Delivering check-in and feedback functionality
  • Platform analytics and improvement
  • Customer support and communication

Duration of Processing

For the duration of the Customer’s subscription or account, and as required for legal or legitimate business purposes thereafter.

4. Obligations of the Data Processor

We Are Atomics Ltd (trading as Happy Hive) will:

  • Process Personal Data only on documented instructions from the Customer, including transfers of Personal Data to third countries or international organizations
  • Implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction
  • Ensure that personnel authorized to process Personal Data are committed to confidentiality or are under an appropriate statutory obligation of confidentiality
  • Assist the Customer in responding to Data Subject rights requests within a reasonable timeframe
  • Notify the Customer without undue delay (and in any case within 24 hours) upon becoming aware of a Personal Data breach
  • At the Customer’s choice, delete or return all Personal Data at the end of the provision of services, and delete existing copies unless storage is required by law
  • Make available to the Customer all information necessary to demonstrate compliance with this DPA
  • Allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer

5. Technical and Organizational Measures

Happy Hive implements appropriate technical and organizational measures including:

  • Encryption of Personal Data in transit and at rest
  • Regular security testing and vulnerability assessments
  • Access controls and authentication measures
  • Staff training on data protection
  • Incident response procedures
  • Regular backup and recovery testing

6. Subprocessors

We Are Atomics Ltd may engage sub-processors to fulfil service obligations. All sub-processors will be subject to equivalent data protection obligations through written contracts.

The Customer provides general authorization for the engagement of subprocessors. Happy Hive will inform the Customer of any intended changes concerning the addition or replacement of subprocessors, giving the Customer the opportunity to object to such changes.

A current list of subprocessors will be provided upon request and maintained on our website.

7. Data Subject Rights

Happy Hive will assist the Customer in facilitating the exercise of data subject rights under applicable data protection laws, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

8. International Data Transfers

If Personal Data is transferred outside the UK or European Economic Area (EEA), Happy Hive will ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions
  • Other legally recognized transfer mechanisms

9. Data Protection Impact Assessments

Where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons, Happy Hive will assist the Customer in conducting data protection impact assessments as reasonably required.

10. Records of Processing

Happy Hive maintains records of all categories of processing activities carried out on behalf of the Customer, including:

  • The categories of Personal Data processed
  • The categories of Data Subjects
  • The technical and organizational security measures implemented

11. Audit Rights

The Customer has the right to audit Happy Hive’s compliance with this DPA, subject to:

  • Reasonable advance notice (at least 30 days)
  • Appropriate confidentiality obligations
  • Reasonable frequency (typically no more than once per year unless required by regulatory authorities or following a data breach)

12. Liability and Indemnification

Both parties agree to comply with their respective obligations under applicable data protection laws. Happy Hive’s liability shall be limited as set forth in the main service agreement.

Each party shall indemnify the other against claims, damages, and regulatory fines arising from that party’s breach of data protection laws.

13. Data Breach Notification

In the event of a Personal Data breach, Happy Hive will:

  • Notify the Customer without undue delay and in any case within 24 hours
  • Provide all relevant information about the breach
  • Assist the Customer in notifying supervisory authorities and Data Subjects as required by law
  • Take immediate steps to mitigate the breach

14. Term and Termination

This DPA remains in effect for the duration of the main service agreement. Upon termination, Happy Hive will delete or return Personal Data as instructed by the Customer, except where retention is required by law.

15. Governing Law

This DPA is governed by the laws of England and Wales and is subject to the jurisdiction of the English courts.

16. Contact Information

For any data protection inquiries, please contact:

We Are Atomics Ltd (trading as Happy Hive)
Email: support@happyhivehq.com
Website: https://happyhivehq.com

Data Protection Officer: Available upon request at support@happyhivehq.com

By using Happy Hive services, you acknowledge and agree to the terms of this Data Processing Agreement.