1. DEFINITIONS

"Personal Data": Any information relating to an identified or identifiable natural person"Processing": Any operation performed on Personal Data"Data Subject": The individual to whom Personal Data relates"Sub-processor": Any third party engaged by Processor to process Personal Data"Security Incident": Unauthorized access to or disclosure of Personal Data

2. SCOPE AND ROLES

2.1 Relationship

Controller determines the purposes and means of Processing Personal Data. Processor processes Personal Data on behalf of Controller.

2.2 Controller Obligations

Controller warrants that:

It has all necessary rights to provide Personal Data to ProcessorIt has obtained all required consentsIts instructions comply with applicable laws

3. PROCESSOR OBLIGATIONS

3.1 Processing Instructions

Processor shall:

Process Personal Data only on documented instructions from ControllerInform Controller if instructions appear to violate applicable lawNot process Personal Data for its own purposes

3.2 Confidentiality

Processor ensures that persons authorized to process Personal Data are bound by confidentiality obligations.

3.3 Security Measures

Processor shall implement appropriate technical and organizational measures, including:

Encryption of data in transit and at restAccess controls and authenticationRegular security assessmentsIncident response proceduresRegular backups

3.4 Sub-processors

Processor may engage Sub-processors with Controller's general authorizationProcessor maintains a list of Sub-processors available upon requestProcessor remains liable for Sub-processor compliance

3.5 Data Subject Rights

Processor shall assist Controller in responding to Data Subject requests regarding:

Access to Personal DataRectification or erasureData portabilityObjection to processing

3.6 Security Incidents

Processor shall:

Notify Controller without undue delay upon becoming aware of a Security IncidentProvide reasonable assistance in investigating and remediatingMaintain records of Security Incidents

4. DATA TRANSFERS

4.1 Location

Personal Data may be processed in the United States and other jurisdictions where our Sub-processors operate.

4.2 Transfer Mechanisms

Parties agree to comply with applicable data transfer requirements.

5. AUDITS

5.1 Information

Processor shall make available information necessary to demonstrate compliance with this DPA.

5.2 Audit Rights

Controller may conduct audits no more than once per year with 30 days' notice, at Controller's expense.

6. DATA RETURN AND DELETION

Upon termination:

Processor shall, at Controller's option, return or delete Personal DataDeletion shall occur within 90 days unless legally required to retainProcessor may retain Personal Data in backups subject to continued confidentiality

7. LIABILITY

7.1 Limitation

Each party's liability under this DPA is subject to the limitations in the Terms of Service.

7.2 Indemnification

Each party shall indemnify the other for damages arising from its breach of this DPA.

8. TERM AND TERMINATION

This DPA remains in effect for the duration of the Terms of Service and survives as necessary to fulfill its purposes.

9. MISCELLANEOUS

9.1 Entire Agreement

This DPA and the Terms of Service constitute the entire agreement regarding Processing of Personal Data.

9.2 Modifications

Modifications must be in writing and agreed by both parties.

9.3 Governing Law

This DPA is governed by the same law as the Terms of Service.

9.4 Order of Precedence

In case of conflict, this DPA prevails over the Terms of Service regarding Personal Data processing.

10. CONTACT

For questions about this DPA:
Email:

[email protected]

By using Stride CRM's services, you acknowledge and agree to this Data Processing Agreement.