Skip to main content

Annex 1: Subject matter and details of data processing

Notes

This is a part of our Data Processing Agreement (DPA).

Last updated: 12 June 2026

A. List of parties

Data exporter

The data exporter is the Customer, a non-Holistics entity, as defined in the Holistics Terms of Service (Terms) at https://www.holistics.io/terms/.

Company Name: ________________________________

Company Address: ______________________________________________________________________________

Contact Person Name: ________________________________

Contact Person Position: ________________________________

Contact Person Email: ________________________________

Customer Role (check where it applies):

☐ EU Controller, EU SCC Module 2 applies (Controller to Processor): Annex 4A

☐ EU Controller, EU SCC Module 2 applies (Processor to Processor): Annex 4B

☐ UK Controller, UK SCC applies (Processor to Processor): Annex 5

Activities relevant to the data transferred under these Clauses:

Processing of Personal Data in connection with Customer's use of the Holistics Subscription Services under the Holistics Terms of Service ("Terms").

Data importer

Name: Holistics Software Pte Ltd

Address: 14 Robinson Road, Far East Finance Building, #08-01A, Singapore 048545

Role: Processor

Contact person's name, position and contact details:

Thanh Dinh Khac, Chief Engineer, Holistics Software Pte Ltd. Email: contact us

Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer's use of the Holistics Subscription Services under the Holistics Terms of Service ("Terms").

B. Description of transfer

Data subjects

The personal data transferred concern the following categories of data subjects in two main categories

  1. Customer End Users of the Holistics Subscription Service, mainly the employees of the Data Exporter, and other individuals who have been invited to access the Holistics Subscription Service in their customer account. This also includes users who have submitted their contact details through the Holistics website.

  2. Data subjects whose data is stored in the Exporter's database connected to the Holistics application servers that may contain Personal Data.

Categories of data

  1. Holistics Metadata and Usage Data (From Customer End Users)

    The personal data transferred concern personal data, software license checks, audit trails, website usage information (URLs accessed, time of access, browser type, IP address), email data, metadata on reports and dashboards, data source schemas, encrypted data source connection credentials, and other electronic data submitted, stored, sent, or received by users of the Subscription Service.

  2. Temporary Cached Query Results from the Customer (Exporter)'s database

    Once the Customer's database is connected to the Holistics server, the Holistics cache temporarily retains data from the database that is fetched in response to a user's report queries. The Exporter can reduce the amount of time that query results are held in cache (minimum of 10 minutes).

    The categories of personal data within these results are determined and controlled solely by the Customer (the data exporter). Holistics does not control, and is not in a position to know, the specific categories of personal data the Customer queries through the Service. This data relates to the second category of data subjects described above (those whose data is stored in the Exporter's database), limited to the records returned by the Customer's queries.

    When a dashboard widget is exported into Excel/CSV file, the file will also be temporarily stored in Holistics' file storage system.

Sensitive data transferred and applied restrictions or safeguards

The parties do not anticipate the transfer of sensitive data. In the event sensitive data is stored in Customer's Database, Customer has the flexibility to restrict or isolate sensitive data from the database user credential account that is used to connect to Holistics Software.

Frequency of the transfer

On a continuous basis, each time a dashboard or query is loaded by a user or executed by a scheduled job configured by the Customer.

Purpose of the transfer and further processing

Holistics will process data for the purposes of providing the Subscription Services to Customer in accordance with the Holistics Terms of Service ("Terms").

Period for which data will be retained

Temporary Cached Query Results will be stored for a minimum of 10 minutes (or higher) from the time the dashboard is first accessed.

Exported files (Excel/CSV downloads) are stored for up to 24 hours before they expire automatically.

Holistics Metadata and Usage Data (From Customer End Users) will be removed after 180 days after the Term expires, or earlier upon request by Customer.

Competent supervisory authority

For the purposes of the Standard Contractual Clauses, the supervisory authority that shall act as competent supervisory authority is either

  1. Where Customer is established in an EU Member State, the supervisory authority responsible for ensuring Customer's compliance with the GDPR;
  2. Where Customer is not established in an EU Member State but falls within the extra-territorial scope of the GDPR and has appointed a representative, the supervisory authority of the EU Member State in which Customer's representative is established; or
  3. Where Customer is not established in an EU Member State but falls within the extra-territorial scope of the GDPR without having to appoint a representative, the supervisory authority of the EU Member State in which the Data Subjects are predominantly located in relation to Data Processed that is subject to the UK GDPR or Swiss DPA, the competent supervisory authority is the UK Information Commissioner or the Swiss Federal Data Protection and Information Commissioner (as applicable).
Open Markdown
Let us know what you think about this document :)