Data Processing Addendum

Turnella processes the employee personal data you enter for as long as your account is active, or until you delete that data or your account.

Storing and making available the roster and scheduling data you enter, solely to provide the planning service to you and on your instructions (your use of the features).

Your employees, contractors and other team members.

Names, roles, contracted hours, availability, time off (date ranges with a category and optional notes), skill tags, and the shift assignments built from these. You agree not to enter special-category data (such as health information) anywhere in the Service.

Turnella will:

• process this employee data only on your documented instructions;
• ensure confidentiality of the data;
• apply appropriate technical and organisational security measures — per-account row-level isolation, encryption in transit, and access controls;
• assist you, as far as reasonably possible, with responding to data-subject requests and with your own security, breach-notification and impact-assessment obligations;
• at your choice, delete or return this data when you delete it or close your account (self-service from your Account page).

Turnella uses the infrastructure sub-processors listed in the Privacy Policy (notably Supabase for the database and Vercel for hosting). Turnella does not send your employee personal data to the AI providers. We will inform you of any intended change to these sub-processors so you can object.

As described in the Privacy Policy. Where data is processed outside the EEA it is protected by appropriate safeguards recognised under the GDPR, such as Standard Contractual Clauses.

Turnella will make available the information reasonably necessary to demonstrate compliance with Article 28 on request.

Turnella will notify you without undue delay after becoming aware of a personal-data breach affecting the employee data you have entered.

For data-processing questions, contact privacy@turnella.com.