Data Privacy Agreement

A Data Privacy Agreement (DPA) is a legal contract between BTS and a client that outlines how personal data will be collected, processed, and stored. It aligns with GDPR principles and includes:

• Lawfulness, fairness, transparency – Consent must be informed
• Purpose limitation – Data must only be used as declared
• Data minimization – Only necessary data is collected
• Accuracy – Personal data must be up-to-date
• Storage limitation – Retain data only as long as needed
• Integrity & confidentiality – Secure processing practices
• Accountability – BTS must demonstrate compliance

BTS complies with the GDPR and extends this standard to all global clients. Clients are prompted to review and accept the DPA upon first-time access to a journey or platform.

• Default Policy: All journeys use a universal BTS privacy policy aligned with GDPR
• Consent Required: Users must accept the DPA before continuing
• Policy Updates: BTS legal & infosec teams oversee versioning as laws evolve
• Contact for questions: infosec@bts.com or data.privacy@bts.com

Steps to Enable

1. Go to Momenta Admin
2. Open the desired journey
3. Select Journey Configuration
4. Navigate to the Data Privacy Agreement tab
5. Toggle the agreement ON

Editable Fields:

• Policy text (main body)
• Accept button text
• Decline button text
• Decline modal message
• Yes / No button text (decline modal)

Note: The DPA is OFF by default for all new journeys.

Because this policy is a legal document, translating it into new languages requires additional time and compliance checks.

• Submit translation requests well in advance
• All requests are reviewed by BTS Legal and Infosec
• Approved translations are added to supported DPA templates

Contact: data.privacy@bts.com for support with translations or reviews.