Policy Categories
Privacy and Data
Published

Effective Date:
Thu, 1 May 2025 - 00:00

This Data Processing Agreement (“DPA”) is an addendum to and forms part of the Terms of Service and related agreements between Spectrum for Men (“Data Controller,” “we,” “us,” “our”) and any partner, vendor, or service provider (“Data Processor,” “you,” “your”) that processes personal data on our behalf. This DPA outlines the rights and obligations of both parties regarding the processing of personal data, in accordance with applicable data protection laws and regulations, including but not limited to the GDPR, Washington State law, and other relevant jurisdictions.

1. Purpose and Scope

  • This DPA governs the processing of personal data by the Data Processor on behalf of Spectrum for Men, strictly for the purposes described in our Terms of Service, Privacy Policy, and related policies.
  • The processing includes user account management, marketing, analytics, advertising, profile matching, and other services as specified in the main agreement and annexes.

2. Roles and Responsibilities

  • Spectrum for Men acts as the Data Controller, determining the purposes and means of processing personal data.
  • Data Processor acts on documented instructions from the Data Controller and must not process personal data for any other purpose.
  • Both parties are responsible for complying with their respective obligations under applicable data protection laws.

3. Types of Personal Data and Data Subjects

  • Personal Data Processed: Usernames, names, email addresses, IP addresses, payment details, technical and process logs, and any sensitive information provided by users in profiles or content.
  • Categories of Data Subjects: Registered users, customers, and community members of Spectrum for Men.
  • Sensitive Data: May include sexual orientation, health, or other information voluntarily provided by users. No data from minors is processed.
  • Age Verification Data: A combination of Personal and Sensitive data. We encrypt all sensitive or personal data before it is stored. 

4. Duration of Processing

  • The Data Processor will process personal data only for the duration necessary to fulfill the purposes outlined in the main agreement, or as required by law.
  • Upon termination of the agreement, all personal data must be returned or securely deleted, unless retention is required by law.

5. Processing Instructions

  • The Data Processor may process personal data only on documented instructions from the Data Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by law.
  • The Data Processor must promptly inform the Data Controller if any instruction infringes applicable law.

6. Confidentiality and Security

  • The Data Processor must implement appropriate technical and organizational measures to ensure the security, confidentiality, integrity, and availability of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.
  • All persons authorized to process personal data must be bound by confidentiality obligations.

7. Sub-processors

  • The Data Processor may not engage another processor (sub-processor) without prior written authorization from the Data Controller.
  • The Data Processor must ensure sub-processors are bound by the same data protection obligations as set out in this DPA and remains fully liable for their compliance.

8. Data Subject Rights

  • The Data Processor must assist the Data Controller in fulfilling its obligations to respond to data subject requests regarding access, rectification, erasure, restriction, portability, and objection to processing, as required by law.
  • The Data Processor must promptly notify the Data Controller of any requests received directly from data subjects.

9. Data Breach Notification

  • The Data Processor must notify the Data Controller without undue delay after becoming aware of a personal data breach.
  • The notification must include all relevant information to enable the Data Controller to comply with its legal obligations, including the nature of the breach, affected data, and remedial actions taken.

10. Data Transfers

  • No international transfers of personal data are permitted unless explicitly authorized in writing by the Data Controller and in compliance with applicable data protection laws.
  • If transfers are necessary, appropriate safeguards such as Standard Contractual Clauses (SCCs) must be implemented.

11. Audits and Compliance

  • The Data Processor must make available all information necessary to demonstrate compliance with this DPA and allow for audits or inspections by the Data Controller or its designated auditor, upon reasonable notice.
  • The Data Processor must cooperate fully with any regulatory authorities as required by law.

12. Liability and Indemnity

  • Each party is liable for breaches of this DPA and applicable laws to the extent of its responsibility.
  • The Data Processor shall indemnify the Data Controller against any losses, damages, or penalties arising from its breach of this DPA or applicable data protection laws.

13. Termination

  • This DPA remains in effect for the duration of the main agreement or until all personal data is deleted or returned to the Data Controller.
  • Upon termination, the Data Processor must, at the choice of the Data Controller, delete or return all personal data, unless retention is required by law.

14. Governing Law

  • This DPA is governed by the laws of Washington State, USA, and any other applicable data protection regulations.

15. Contact Information

You may contact us via our online form or at:

Spectrum for Men
PO Box 2269
Westport, WA 98595

This Data Processing Agreement supplements and should be reviewed, at a minimum, with our:

Contact us

Please contact us by opening a ticket if you have any questions or concerns.