Data Processing Addendum
This Data Processing Addendum ("DPA") forms part of the Terms of Service ("ToS") between Voxjar ("Processor") and the Customer, as defined in the ToS ("Controller"), and governs the processing of personal data under the General Data Protection Regulation (GDPR). By agreeing to the ToS, the Controller also agrees to this DPA. This DPA applies to any account created, including free trials and self-service accounts.
1. Definitions
- "Personal Data": Any information relating to an identified or identifiable natural person.
- "Processing": Any operation performed on personal data.
- "Subprocessor": Any third party engaged by Processor to process personal data on Controller's behalf.
2. Scope and Purpose of Processing
Processor will process personal data provided by Controller solely for the purpose of providing the services as outlined in the ToS. The types of personal data processed, the nature and purpose of processing, the duration of processing, and the categories of data subjects are further defined in the ToS and any associated service descriptions.
3. Controller's Obligations
- Controller warrants that it has a lawful basis for collecting and transferring personal data to Processor.
- Controller is responsible for providing accurate and complete instructions to Processor regarding the processing of personal data.
- Controller will ensure that any data subject rights requests are handled in accordance with GDPR.
4. Processor's Obligations
- Processor shall only process personal data on documented instructions from Controller.
- Processor shall implement appropriate technical and organizational security measures to ensure the confidentiality, integrity, and availability of personal data.
- Processor shall assist Controller in complying with its obligations under GDPR, including responding to data subject requests and conducting Data Protection Impact Assessments (DPIAs) where necessary.
- Processor shall notify Controller without undue delay of any personal data breaches.
- Processor shall only engage Subprocessors with Controller's prior written consent. A list of approved Subprocessors is available upon request.
- Processor shall make available to Controller all information necessary to demonstrate compliance with GDPR and allow for audits, including inspections, upon reasonable request from Controller.
5. Data Transfers
Personal data will be transferred to and stored in the United States. Controller acknowledges and agrees to such transfers.
6. Liability
Each party shall be liable for its own breaches of this DPA.
7. Term and Termination
This DPA shall remain in effect for the duration of the ToS.
8. Governing Law
This DPA shall be governed by and construed in accordance with the laws of the State of Utah, USA, without regard to its conflict of law provisions. Notwithstanding the foregoing, this DPA shall be interpreted and applied consistently with the requirements of the GDPR, and in the event of any conflict between this DPA and the GDPR, the provisions of the GDPR shall prevail.