1to5.ai logo icon
1to5.ai

Data Processing Addendum

Last Updated:

This Data Processing Addendum ("DPA") forms part of the agreement between 1to5.ai ("Company") and the client ("Client") and applies to the extent that the Company Processes Client Personal Data on behalf of the Client in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Processing

The Company will Process Client Personal Data in accordance with the Client's documented instructions. The details of the Processing, including the nature, purpose, and duration, will be as agreed upon in the main service agreement.

2. Technical and Organizational Measures

The Company will implement and maintain appropriate technical and organizational measures to protect Client Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

3. Data Subject Rights and Requests

The Company will provide reasonable assistance to the Client to enable the Client to respond to requests from Data Subjects to exercise their rights under applicable data protection laws, including GDPR.

4. Third Party Requests and Confidentiality

The Company will not disclose Client Personal Data to any third party without the Client's prior written consent, unless required by law. All personnel authorized to Process Client Personal Data are subject to a duty of confidentiality.

5. Audit

Upon reasonable request, the Company will make available to the Client all information necessary to demonstrate compliance with its obligations under this DPA and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client.

6. Return or Deletion of Client Personal Data

Upon termination of the services, the Company will, at the Client's choice, delete or return all Client Personal Data to the Client, and delete existing copies unless applicable law requires storage of the Personal Data.

7. Transborder Data Processing

The Company will not transfer Client Personal Data across international borders without ensuring that appropriate safeguards are in place as required by applicable data protection laws, such as the Data Privacy Framework or Standard Contractual Clauses.

8. Personal Data Breach

The Company will notify the Client without undue delay after becoming aware of a Personal Data Breach affecting Client Personal Data. The Company will provide the Client with sufficient information to allow the Client to meet any obligations to report or inform Data Subjects of the Personal Data Breach under GDPR.

9. Contact Us

If you have questions or comments about this DPA, please contact us at: contact@1to5.ai.