Last updated: 11/27/2024

Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of the Agreement between Visionboards AI ("Processor") and the Customer ("Controller").

1. Definitions

  • "Personal Data": Any information relating to an identified or identifiable person
  • "Processing": Any operation performed on Personal Data
  • "Data Subject": The individual to whom Personal Data relates
  • "Data Protection Laws": Applicable privacy and data protection laws

2. Data Processing

2.1 Scope and Purpose

The Processor shall process Personal Data only:

  • To provide the services defined in the Agreement
  • According to the Controller's documented instructions
  • In compliance with applicable Data Protection Laws

2.2 Types of Data

Personal Data processed may include:

  • Basic personal information (name, email)
  • Authentication data
  • Usage data
  • Other data provided by users

3. Security

The Processor shall implement appropriate technical and organizational measures to ensure security of Personal Data, including:

  • Encryption in transit and at rest
  • Access controls
  • Regular security testing
  • Employee training
  • Incident response procedures

4. Sub-processors

The Processor may engage sub-processors provided that:

  • Controller is informed
  • Sub-processors are bound by equivalent data protection obligations
  • Processor remains liable for sub-processors

5. Data Subject Rights

Processor shall assist Controller in fulfilling data subject rights requests, including:

  • Access
  • Rectification
  • Erasure
  • Data portability

6. Data Transfers

Personal Data transfers outside the EEA shall be subject to appropriate safeguards per applicable laws.

7. Breach Notification

Processor shall notify Controller without undue delay after becoming aware of a Personal Data breach.

8. Termination

Upon termination of services, Processor shall:

  • Return or delete all Personal Data
  • Cease processing activities
  • Ensure sub-processors do the same

9. Audit Rights

Controller may audit Processor's compliance with this DPA upon reasonable notice.

10. Liability

Processor shall be liable for damages caused by its processing in breach of this DPA or Data Protection Laws.

Last updated: November 27, 2024