Data Processing Addendum

"Data Controller" means the Subscribing Municipality that determines the purposes and means of processing Municipal Data.

"Data Processor" means NJTownWorks, which processes Municipal Data on behalf of the Data Controller.

"Municipal Data" means all financial records, employee data, vendor information, and other data entered into or generated by the Platform on behalf of the Subscribing Municipality.

"Personal Data" means any Municipal Data that relates to an identified or identifiable natural person, including employee PII processed through the payroll module.

"Sub-processor" means any third party engaged by NJTownWorks to assist in processing Municipal Data.

The Subscribing Municipality acts as the Data Controller for all Municipal Data. The municipality determines what data is entered into the Platform, who is authorized to access it, and how it is used within the Platform.

NJTownWorks acts as the Data Processor. We process Municipal Data solely as necessary to provide the Platform's services and in accordance with the municipality's instructions as expressed through its use of the Platform.

NJTownWorks processes Municipal Data for the following purposes:

• Storing and retrieving financial records (general ledger, budget, AP, revenue, debt service, escrow, fixed assets)
• Processing payroll calculations, tax withholdings, and generating pay records (if the payroll module is used)
• Importing and posting payment processor transactions
• Generating reports, financial statements, and regulatory filings
• Enforcing compliance rules (bid thresholds, budget caps, statutory deadlines)
• Providing data export in standard formats (Excel, CSV, DLGS FAST)
• Maintaining audit logs of all data access and modifications

When the payroll module is in use, the Platform may process the following categories of Personal Data: employee names and contact information, Social Security numbers, dates of birth, bank account and routing numbers (for direct deposit), tax withholding elections, pension enrollment and contribution records, leave balances and usage records, and salary and wage information.

This data is processed solely for the purpose of municipal payroll administration and required government reporting.

NJTownWorks implements and maintains appropriate technical and organizational security measures to protect Municipal Data. These measures are described in our Security page and include encryption at rest (AES-256) and in transit (TLS 1.3), column-level encryption for sensitive PII fields, role-based access controls enforced at the application layer, mandatory municipality-scoped queries for tenant isolation, immutable audit logging, regular security assessments and updates, and encrypted and geographically separated backups.

NJTownWorks uses the following categories of sub-processors:

We will notify Subscribing Municipalities at least 30 days before engaging a new sub-processor that would have access to Municipal Data. Municipalities may object to a new sub-processor by contacting us within that 30-day period.

All Municipal Data is stored and processed within the United States. We do not transfer Municipal Data outside the United States unless specifically requested by the Subscribing Municipality.

If NJTownWorks receives a request from a data subject (e.g., a municipal employee) regarding their Personal Data, we will promptly notify the Subscribing Municipality and assist the municipality in responding to the request as required by applicable law.

Municipalities are responsible for responding to data subject requests in accordance with their obligations under applicable law, including OPRA where applicable.

In the event of a confirmed data breach affecting Municipal Data, NJTownWorks will notify the affected Subscribing Municipality's designated contact within 72 hours of confirming the breach. The notification will include the nature and scope of the breach, the categories of data affected, the measures taken to contain and remediate the breach, and recommended actions for the municipality.

We will cooperate with the municipality in fulfilling any notification obligations under the New Jersey Identity Theft Prevention Act (N.J.S.A. 56:11-44 et seq.) or other applicable breach notification laws.

Upon termination of the municipality's subscription, NJTownWorks will provide a complete export of all Municipal Data in machine-readable format (CSV, Excel, and/or JSON as requested). Following data export and confirmation by the municipality (or after the 90-day post-termination grace period), NJTownWorks will securely delete all Municipal Data from production systems and backups, unless retention is required by applicable law.

Deletion will be confirmed in writing to the municipality's designated contact.

Subscribing Municipalities may request information about NJTownWorks' data processing practices and security measures. We will respond to reasonable audit requests within 30 business days. If a municipality requires an on-site audit or third-party assessment, we will cooperate on mutually agreed terms.

This DPA remains in effect for the duration of the municipality's subscription to NJTownWorks. Obligations related to data security, deletion, and confidentiality survive termination.

For questions about this DPA or data processing practices:

NJTownWorks — Data Protection
Email: [email protected]