Data Processing Agreement
This Data Processing Agreement (“Agreement”) is entered into by and between the entity agreeing to these terms (“Customer”, “You”, or “Controller”) and Addlly Pte Ltd (“Addlly AI”, “We”, “Us”, “Our”, or “Processor”), collectively referred to as the “Parties”.
1. Definitions and Interpretations
For the purposes of this Agreement:
-
“Controller” refers to the Customer, who determines the purposes and means of the Processing of Personal Data.
-
“Processor” refers to Addlly AI, who Processes Personal Data on behalf of the Controller.
-
“Personal Data”, “Data Subject”, “Processing”, “Consent”, and “Appropriate Safeguards” shall have the same meaning as in the Personal Data Protection Act 2012 (PDPA) of Singapore, General Data Protection Regulation (GDPR) of European Union, the California Consumer Privacy Act (CCPA), and any other relevant jurisdiction.
-
“Services” refers to the services provided by Addlly AI through our online platform.
2. Scope and Purpose
2.1 This Agreement applies where You are using our Services that involve the Processing of Personal Data.
2.2 We agree to Process Personal Data on behalf of the Controller, in accordance with the terms set forth in this Agreement and in compliance with applicable data protection laws.
2.3 The types of Personal Data and the categories of Data Subjects Processed under this Agreement are determined and controlled by the Controller in its sole discretion.
3. Processor’s Obligations
3.1 We shall Process Personal Data only based on documented instructions from the Controller, unless required by law.
3.2 We ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.3 We shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in compliance with PDPA, GDPR, CCPA, and other relevant jurisdiction.
3.4 We respect the conditions for engaging another Processor as set out in the relevant laws and regulations and shall inform the Controller of any intended changes concerning the addition or replacement of other Processors, giving the Controller the opportunity to object to such changes.
4. Sub-Processing
4.1 We may engage Sub-Processors to process Personal Data. The Sub-Processors currently engaged by Us and authorized by Controller include but not limited to:
-
Google Analytics
-
Firebase
-
Mixpanel
-
Amplitude
-
Google AdSense Cookie
-
Facebook
-
LinkedIn
-
User
-
Stripe
-
Google Ads (AdWords)
-
Twitter
4.2 We shall enter into a written agreement with the Sub-Processor imposing data protection obligations comparable to those set out in this Agreement.
5. Data Subjects’ Rights
5.1 We shall assist the Controller, insofar as this is possible, in fulfilling the Controller’s obligation to respond to requests for exercising the Data Subject’s rights under the PDPA, GDPR, CCPA, and other relevant laws.
5.2 This includes rights to access, rectification, erasure, data portability, restriction of processing, objection to processing, and rights related to automated decision making and profiling.
6. Data Breaches
6.1 In the event of a data breach, We shall promptly inform the Controller of any Personal Data breach upon becoming aware of it.
6.2 We will assist the Controller in ensuring compliance with the Controller’s obligations regarding the notification of personal data breaches, taking into account the nature of Processing and the information available to us.
7. Audit Rights
7.1 We shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Agreement and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
8. Data Transfers
8.1 We shall not transfer or authorize the transfer of Data to countries outside the EU or EEA without prior written consent of the Controller. If a data transfer occurs, it must be based on appropriate safeguards as described in applicable data protection laws.
9. Term and Termination
9.1 This Agreement shall remain in effect until the termination of the Principal Agreement between You and Addlly AI.
9.2 Upon termination of the Agreement, We shall, at the choice of the Controller, delete or return all the Personal Data to the Controller and delete existing copies unless required by law to store the Personal Data.
10. Governing Law and Jurisdiction
10.1 This Agreement shall be governed by the laws of Singapore, notwithstanding the jurisdiction where You are based.
10.2 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable.
This Agreement is intended to comply with the requirements of the PDPA, GDPR, CCPA, and other relevant data protection laws.
Nevertheless, You acknowledge that You are responsible for conducting an independent evaluation of whether our Services and the terms of this Agreement meet your requirements and legal obligations. It’s strongly recommended to consult with a legal advisor to ensure compliance with all applicable laws and regulations, including data protection and privacy laws specific to your situation.