APP LOG-IN

Data Processing Agreement (DPA)

Effective Date: 02/27/2025

This Data Processing Agreement (“Agreement”) outlines the terms and conditions under which NetWurk.ai (“Processor,” “we,” “our”) processes personal data on behalf of its clients (“Controller,” “you,” “your”). This Agreement is entered into as part of the services provided by NetWurk.ai and governs the processing of personal data to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using our services, you acknowledge and agree to the terms outlined in this Agreement.

1. Definitions

For the purposes of this Agreement, the following terms shall have the meanings set forth below:

  • Personal Data: Any information relating to an identified or identifiable natural person, as defined in the GDPR.
  • Processing: Any operation or set of operations performed on personal data, including collection, recording, storage, alteration, retrieval, use, disclosure, or deletion.
  • Controller: The entity that determines the purposes and means of processing personal data.
  • Processor: The entity that processes personal data on behalf of the Controller.
  • Sub-processors: Third parties engaged by the Processor to assist in the processing of personal data.
  • Data Subject: The individual to whom the personal data relates.

2. Roles and Responsibilities

  • Controller’s Responsibilities:
    • The Controller determines the purpose and scope of the personal data processing.
    • The Controller ensures that personal data provided to the Processor is obtained in compliance with applicable data protection laws.
    • The Controller remains responsible for responding to Data Subject requests, including data access, correction, or deletion requests.
  • Processor’s Responsibilities:
    • The Processor shall process personal data only as instructed by the Controller and for the purposes specified in this Agreement.
    • The Processor will implement appropriate technical and organizational measures to ensure the security and confidentiality of the personal data.
    • The Processor shall assist the Controller in complying with applicable data protection laws, including responding to Data Subject requests and notifications of data breaches.

3. Purpose of Processing

The Processor will process personal data solely for the purpose of providing the services described in the agreement between the parties (the “Services”). The Controller may not instruct the Processor to process personal data for any purpose that exceeds the scope of the Services provided.

4. Data Processing Details

  • Types of Personal Data Processed: The personal data processed may include, but is not limited to, names, email addresses, phone numbers, billing information, and any other data that the Controller shares with the Processor.
  • Categories of Data Subjects: The personal data may relate to the Controller’s employees, customers, users, or any individuals whose data is shared with the Processor in the course of providing the Services.

5. Sub-processors

The Processor may engage third-party sub-processors to assist in the processing of personal data. A list of approved sub-processors will be made available to the Controller upon request. The Processor will ensure that any sub-processors are bound by contractual obligations that are at least as protective as those set forth in this Agreement.

  • The Controller provides general authorization for the Processor to engage sub-processors. If the Controller objects to any sub-processor, they must notify the Processor within [x] days of receipt of the notification.

6. Security Measures

The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data. These measures will include, but are not limited to:

  • Encryption of personal data.
  • Secure storage and transmission protocols.
  • Regular security assessments and audits.
  • Access controls to restrict unauthorized access to personal data.

7. Data Breach Notification

In the event of a data breach, the Processor will notify the Controller without undue delay and, where feasible, within 72 hours of becoming aware of the breach. The notification will include the following:

  • The nature of the breach.
  • The categories and approximate number of Data Subjects affected.
  • The likely consequences of the breach.
  • The measures taken or proposed to mitigate the breach.

The Controller will be responsible for notifying affected Data Subjects if required by applicable law.

8. Data Subject Rights

The Processor will assist the Controller, where possible, in fulfilling the Controller’s obligations to respond to Data Subject requests under the GDPR, including requests for access, rectification, erasure, or restriction of processing.

The Controller is responsible for ensuring that Data Subject rights are honored in accordance with applicable laws. The Processor shall cooperate in handling requests for personal data, including providing access to the personal data or assisting with data deletion requests.

9. Data Retention

The Processor will retain personal data only for as long as necessary to fulfill the purpose for which it was collected or as required by applicable law. After the retention period has ended, personal data will be deleted or anonymized, unless otherwise agreed upon in writing.

10. Transfers of Personal Data

If the Processor needs to transfer personal data outside the European Economic Area (EEA), the transfer will comply with the requirements of the GDPR or applicable data protection laws. The Processor will ensure that adequate safeguards are in place, such as:

  • The use of standard contractual clauses.
  • Binding corporate rules.
  • Any other legal transfer mechanism required by applicable laws.

11. Audit Rights

The Controller has the right to audit the Processor’s data processing practices to ensure compliance with the terms of this Agreement. The Processor agrees to cooperate with such audits, including providing access to relevant records, systems, and personnel.

12. Termination

Upon termination of the services or this Agreement, the Processor will return or delete all personal data as per the Controller’s instructions, unless retention is required by law. The Processor will certify in writing that all personal data has been returned or deleted upon request from the Controller.

13. Indemnification

The Controller agrees to indemnify and hold harmless the Processor from any claims, damages, or losses arising from the Controller’s instructions or any breach of this Agreement or applicable data protection laws by the Controller.

14. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of [Insert Jurisdiction], without regard to its conflict of law principles.

15. Contact Information

If you have any questions or concerns about this Data Processing Agreement or how we handle personal data, please contact us at:

NetWurk.ai
Email: [contact@netwurk.ai]