Skip to content

Workcells

Palletizing Machine Tending Screwdriving Palletizing Software

Software

IQ Contact Core

Components

Adaptive Grippers Vacuum Grippers Force Torque Sensor Force Copilot Wrist Camera Tactile Sensor Fingertips

Events

In-person Events Online Events On-demand

Documents

Case Studies Blog eBooks Technical Documentation

Learning Center

eLearning Virtual One-On-One Expert Training Program Knowledge Base

Tools

Lean Robotics Book The Automated Palletizing Buyer’s Guide Palletizing Simulator ROI Calculator Palletizing Fit Check
A woman doing tech support on the phone

Data Processing Agreement

Robotiq IQ

Robotiq logotype as a home icon Privacy Policy

Last Updated: June 4, 2026

This Data Processing Agreement with its Schedules (“DPA”) forms part of the agreement between Robotiq and the Customer for the use by the Customer of Robotiq’s Auto-Integration Platform named “IQ”, including all of its modules, features, applications, and associated services made available by Robotiq from time to time (collectively, the “Software”).

Where there is any conflict between the terms of this DPA and any other part of the End-User License Agreement, the DPA prevails for the protection of Personal Information.

1. DEFINITIONS AND INTERPRETATION

  1. The following words and phrases used in this DPA and the appendices shall have the following meanings, except where the context otherwise requires:
“Applicable Privacy Laws”
means all applicable legislation and regulations governing the collection, use and disclosure of Personal Information in the jurisdictions where Customer has subscribed to use the Software, in particular where applicable, the Act Respecting the protection of personal information in the private sector — the “Québec Act”; the Personal Information Protection and Electronic Documents Act — “PIPEDA”; the Personal Information Protection Act of British Columbia — “PIPA BC”; the Personal Information Protection Act of Alberta — “PIPA AB”; the EU General Data Protection Regulation— the “GDPR”, as well as any other applicable legislation, regulation, recommendation or opinion replacing, adding to or amending, extending, reconstituting or consolidating the Applicable Privacy Laws.
“Customer”
means the entity subscribing to the Software. It can be a natural person or a company.
“Data Controller”
refers to the party who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Information are or are to be processed, i.e. the Customer.
“Data Processor”
means a person or entity who processes Personal Information on behalf of the Customer on the basis of a formal written contract, but who is not an employee of the Customer, i.e. Robotiq.
“Personal Information”
means information which relates to a living individual who can be identified either directly from that data, or indirectly in conjunction with other data which is likely to come into the legitimate possession of the Customer or Robotiq. For the sake of clarity, “Personal Information” includes (i) project-related data intended for long-term storage and use, and (ii) temporary data stored locally on mobile devices for operational purposes.
“Confidentiality Incident”
means any (i) access; (ii) use; (iii) communication not authorized by law of Personal Information; or (iv) loss of Personal Information or any other breach of the protection of such information, as defined under Applicable Privacy Laws.
“Software”
has the meaning defined in the recitals
“User”
means an individual who is authorised to use the Software by the Customer. Users may include Customer’s employees, consultants, contractors, agents or other third parties.

2. CAPACITY OF THE PARTIES

  1. To the extent Robotiq processes Personal Information as a Data Processor, it is acting under the instructions and on behalf of the Customer, acting as a Data Controller under the GDPR.

3. OBLIGATIONS OF THE CUSTOMER

  1. The Customer represents and warrants that all Personal Information has been, and will continue to be, collected, used, and disclosed in compliance with Applicable Privacy Laws, and, where required, that all necessary and valid consents have been obtained and has provided all necessary authorizations to enable its Users to access and use the Software. The Customer shall provide the Personal Information to Robotiq together with such other information as Robotiq may reasonably require in order for Robotiq to provide the Software.
  2. The instructions given by the Customer to Robotiq in respect of the Personal Information shall at all times be in accordance with Applicable Privacy Laws and shall be in a written and duly documented form. The DPA and Appendix 1 form the Customer’s instructions to Robotiq.
  3. The Customer will retain control and responsibility for all Personal Information and will have immediate access to it at all times.

4. OBLIGATIONS OF ROBOTIQ

  1. By entering into the Agreement, where Robotiq is operating as a Processor, Customer is instructing Robotiq to process Personal Information to provide the functionalities offered by the Software and any related support to the Customer. Robotiq’s processing activities for these purposes are more fully described in Appendix 1.
  2. If Robotiq considers that an instruction from the Customer, as referred to in section 3.2, constitutes a violation of the Applicable Privacy Laws, it will inform the Customer as soon as possible.
  3. The Software is designed to minimize the use of Personal Information and is not intended to process special categories of Personal Information within the meaning of applicable Privacy Laws. The Personal Information processed by Robotiq is limited to what is necessary for purposes such as account management, incidental capture through the Software’s voice and camera features, Customer support, and other similar functionalities of the Software. Robotiq will use commercially reasonable efforts to anonymize or de-identify Personal Information processed through the Software. Notwithstanding the foregoing, and to the extent that the Customer or its Users provide additional Personal Information through the Software, the Customer acknowledges and agrees that Robotiq is authorized to use such data — including Personal Information, and aggregated, de-identified or operational data, whether in raw or anonymized form — both (i) to provide the Software and associated services, and (ii) to improve and develop IQ and other Robotiq products, services and functionalities that are related to, or in the same field as, the Software (namely industrial automation and robotics).
  4. Robotiq will store Personal Information for the purpose of providing the Software, without guaranteeing any specific retention period. The Customer remains responsible for maintaining its own backups. Robotiq shall delete Personal Information upon written request from the Customer, or in accordance with the inactive account procedures described in Appendix 1 of this DPA, except where the law requires continued storage.

5. COOPERATION AND ASSISTANCE

  1. Robotiq endeavours to collaborate with the Customer, in particular by providing it with the necessary documentation to demonstrate compliance with all of its obligations, including with respect to data protection impact assessments and the performance of audits.

6. SUB-PROCESSORS

  1. The Customer agrees that Robotiq may engage Sub-Processors to process Personal Information.

7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

  1. The Customer acknowledges and accepts that the provision of the Software may involve the processing of Personal Information by Robotiq or its Sub-Processors in countries outside of the country in which the Customer, or Users are based, recognized by an adequacy decision of the European Commission as providing an adequate level of protection for Personal Information or by using adequate safeguards as required under Applicable Privacy Laws governing cross-border data transfers, such as conducting a data protection impact assessment and, where required under Applicable Privacy Laws, entering Standard Contractual Clauses attached in Appendix 3.
  2. If a governmental authority in the recipient country sends Robotiq a request to access Personal Information relating to the Customer, Robotiq will inform the Customer as soon as possible. Robotiq will redirect the governmental authority to request Personal Information directly from the Customer, in which case Robotiq can provide the governmental authority with its basic contact details.
  3. If compelled to disclose the Customer’s Personal Information to a governmental authority, Robotiq will give the governmental authority reasonable notice to enable Customer to seek a protective order or other appropriate remedy, unless prohibited from doing so by law.

8. CONFIDENTIALITY

  1. Robotiq endeavours to ensure that only such of its employees who need to have access to enable Robotiq to meet its obligations under the DPA shall have access to the Personal Information.
  2. Robotiq endeavours that all such employees have undergone training in the law of data protection, their duty of confidentiality under contract and in the care and handling of the Personal Information.

9. INDIVIDUALS’ RIGHTS

  1. The Customer will inform and assist individuals when they have requests, questions, complaints or any other form of announcement. If the individual contacts Robotiq, Robotiq shall refer the individual to the Customer, unless otherwise provided for in this Data Processing Agreement.
  2. Robotiq assists the Customer with all individuals’ requests which may be received from individuals to whom the Personal Information refers.

10. SECURITY MEASURES

  1. Robotiq uses appropriate organizational and technological processes and procedures to guarantee the security of its premises and to keep the Personal Information safe from unauthorized use, disclosure or access, loss, accidental or unlawful destruction, theft, alteration, distortion or any other modification, such as the de-identification and encryption of Personal Information; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to Personal Information in a timely manner in the event of an incident and a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

11. CONFIDENTIALITY INCIDENT

  1. Robotiq will notify the Customer of any Confidentiality Incident, or attempted Confidentiality Incident, which may impact the processing of the Personal Information covered by this DPA promptly after becoming aware of any such incident.
  2. Only upon the Customer’s prior approval, Robotiq will, in the name and on behalf of the Customer, communicate the Confidentiality Incident to the individuals without undue delay, when the Confidentiality Incident is likely to result in a serious injury.
  3. The Parties acknowledge and agree that this Section 11.3 constitutes notice by Robotiq to the Customer of the ongoing existence and occurrence or attempts of unsuccessful security incidents for which no additional notice to the Customer shall be required. “Unsuccessful security incidents” means, without limitation, pings and other broadcast attacks on Robotiq’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of Personal Information.

12. NULLITY

  1. If any provision of this Data Processing Agreement is null and void or otherwise unenforceable, the remaining provisions will remain in full force.

13. DURATION AND TERMINATION

  1. At the termination of the DPA, Robotiq will delete all the Personal Information and any existing copies unless the law requires storage of the Personal Information.
  2. The provisions in this DPA shall remain in effect as long as Robotiq has the instruction of the Customer to process Personal Information on the basis of the Agreement between the Customer and Robotiq.
  3. The provisions in this DPA relating to the protection of Personal Information shall survive the termination of the Agreement.

14. APPLICABLE LAWS

  1. This DPA shall be governed by and construed in accordance with the applicable laws of Québec (Canada) and each Party hereby submits to the non-exclusive jurisdiction of the appropriate courts.

APPENDIX 1 — PROCESSING OF PERSONAL INFORMATION

Personal Information and Purposes

The Customer tasks Robotiq, in particular, with the processing of the following Personal Information. The Customer is responsible for ensuring that all required notices and consents are in place, as set out in Section 1.6 of the End-User License Agreement, including with respect to any individuals whose voice or image may be incidentally captured:

  • any data or information contained in IQ and in any database, template or other similar document submitted by Customer through the Software or provided by Customer to Robotiq as part of the ancillary services provided in association with the Software.
  • any data or information temporarily stored in the 3D Scan app, such as (this list is not limitative) 3D Scan Data (LiDAR) and Camera images (with potential individuals in the background) to capture 3D spatial scans of the palletizing environment, Scan Thumbnail, Location to tag scans with the capture location, Diagnostic.
  • Voice capture: audio recorded through the Software’s voice features to enable voice-driven functionality, which may incidentally include the voices of individuals present during use.

Access

Robotiq will store and process all Personal Information strictly separate from Personal Information that it processes on its own behalf or on behalf of third parties.

Only the following group of people will have access to the Personal Information:

  • The system developer, account manager, support service engineer, administrators, IT experts of the Sub-Processors engaged by Robotiq, exclusively on a ‘need-to-know’ basis to support the technical operation, hosting and, if necessary, development of the application.

Duration

The Personal Information processed by Robotiq will be kept for the following duration:

  • Personal Information must be retained for the lifetime of the system until the user deletes it. Users can delete their scan data and voice recordings at any time through the Robotiq IQ platform. Alternatively, deletion requests may be submitted to support@robotiq.com and are processed within 30 days after identity verification.
  • Robotiq may delete data associated with inactive accounts after providing reasonable notice (at least 30 days) to the email address on file.

APPENDIX 2 — SUB-PROCESSORS

Robotiq engages Sub-Processors in the following categories to support the operation, hosting, and delivery of the Software:

  • Cloud hosting and infrastructure
  • AI and large language model (LLM) providers
  • Speech-to-text services
  • Customer support platforms
  • Transactional email services
  • Product analytics
  • Error tracking and application monitoring
  • Authentication and identity management
  • File storage
  • Content delivery network (CDN)

The current list of Sub-Processors, indicating their name and the category of their processing activity, is available upon written request to support@robotiq.com. By signing this DPA, the Customer is deemed to have given general written authorization for the engagement of the Sub-Processors disclosed in such list, in accordance with Section 6 of this DPA.

APPENDIX 3 — STANDARD CONTRACTUAL CLAUSES

The Parties agree that the following Modules of the EU Standard Contractual Clauses apply, depending on the Customer’s role:

  • Module 2 — Transfers from a Data Controller to a Data Processor applies where the Customer acts as a Data Controller.
  • Module 3 — Transfers from a Data Processor to a Data Processor applies where the Customer acts as a Data Processor on behalf of a Data Controller.

In each case, the following terms and conditions apply to the relevant Module:

EU SCCs Clause Selected option / Applicable conditions
Clause 7 — Docking clause The docking clause is not applicable to the EU SCCs.
Clause 9 — Use of Sub-Processor Option 2 (general written authorization) is applicable.
Clause 11 — Redress The Independent Dispute Resolution Body option is not applicable.
Clause 13 — Supervision The competent supervisory authority shall be the supervisory authority of: (a) the EU member state in which the data exporter is established; (b) if the data exporter does not have an EU establishment, the EU member state in which the data exporter’s representative is established; or (c) if the data exporter does not have an EU establishment and is not required to appoint a representative, one of the member states in which the relevant individuals are located.
Clause 17 — Governing law Irish law.
Clause 18 — Choice of forum and jurisdiction The courts of Ireland.
Annex II — Technical and Organisational Measures The technical and organisational measures applicable to the processing of Personal Information under the SCCs are those set out in Section 10 (SECURITY MEASURES) of this DPA.