Bookshift

Data Processing Agreement (DPA)

Last Updated: June 17, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Bookshift ("Data Processor") and you ("Data Controller").

1. Subject Matter and Scope

This DPA reflects the parties' agreement regarding the processing of personal data on behalf of the Data Controller in connection with the Bookshift services under GDPR and applicable data protection laws.

2. GDPR Article 28 Obligations

In accordance with Article 28 of the General Data Protection Regulation (GDPR), Bookshift agrees to:

  • Process personal data only on documented instructions from the Data Controller.
  • Ensure that persons authorized to process the personal data have committed themselves to confidentiality.
  • Take all measures required pursuant to Article 32 (Security of processing).
  • Assist the Controller in fulfilling its obligations to respond to requests for exercising the data subject's rights.
  • Assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 (Security, Data Breach Notifications, DPIA).
  • At the choice of the Controller, delete or return all the personal data to the Controller after the end of the provision of services.

3. Sub-processor Control

Bookshift may engage sub-processors to provide the services. We will provide prior notice of any intended changes concerning the addition or replacement of sub-processors. You have the right to object to such changes. All sub-processors are bound by written agreements that impose the same data protection obligations as set out in this DPA.

4. Audit Rights

The Data Controller or a mandated auditor has the right to conduct audits, including inspections, to verify compliance with this DPA. Bookshift will contribute to such audits by making available all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR.

5. Data Breach Notification

In the event of a personal data breach, Bookshift will notify the Data Controller without undue delay after becoming aware of it, providing sufficient information to allow the Controller to meet any obligations to report or inform data subjects of the personal data breach.

Dashboards
Overview Books / Translations Covers Proofreading
Production Tracker
Services
Translate Book Bookshift Proofreader Create Cover Translate Cover
Tools
KDP Category Finder Print Book Cover Wraps Dialogue Format Converter Story & Marketing Bibles Fiction Transcription All Tools