Data Processing Agreement

1.1. "Data Controller" refers to the party that determines the purposes and means of the processing of personal data.
1.2. "Data Processor" refers to the party that processes personal data on behalf of the Data Controller.
1.3. "Personal Data" refers to any information relating to an identified or identifiable natural person.
1.4. "Processing" refers to any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.1. The Data Processor utilizes sub-processors to aid in delivering the services, as Exhibit A details.

3.1. Compliance with Laws: The Data Processor commits to processing Personal Data by all applicable data protection laws, regulations, and industry standards.
3.2. Confidentiality: The Data Processor ensures that any individual authorized to process Personal Data is committed to confidentiality.
3.3. Security Measures: The Data Processor implements and maintains adequate technical and organizational measures to safeguard the Personal Data from unauthorized access, loss, disclosure, alteration, or destruction.
3.4. Subprocessing: The Data Processor will maintain an up-to-date list of all sub-processors engaged in processing Personal Data and ensure that data protection obligations bind any sub-processor through a written agreement.
3.5. Data Subject Rights: The Data Processor will assist the Data Controller in responding to data subject requests, including requests to access, correct, delete, or limit the processing of Personal Data.
3.6. Data Breach Notification: In the event of a personal data breach, the Data Processor will promptly inform the Data Controller about the breach and provide all necessary information to assist the Data Controller in fulfilling its obligations under applicable data protection laws.

4.1. Lawful Basis: The Data Controller ensures that it has a lawful basis for processing Personal Data and that the necessary permissions or authorizations have been obtained, where applicable.
4.2. Instructions: The Data Controller will provide written instructions to the Data Processor regarding processing Personal Data. The Data Processor will not process the Personal Data for any other purpose than as directed by the Data Controller.
4.3. Data Subject Rights: The Data Controller is responsible for addressing data subject requests related to exercising their rights under applicable data protection laws.

5.1. Data transfers to third countries or international organizations may only occur with the prior written consent of the Data Controller and in compliance with applicable data protection laws. All data is stored in our datacenters located in the United States of America.

6.1. This DPA will remain in effect for the duration of the data processing activities or until terminated by the terms set forth herein or in the Terms of Service.
6.2. In the event a Data Subject wishes to exercise their data subject rights under applicable Data Protection Law, including, but not limited to, a data subject's right of access, correction and/or erasure of Personal Data in Aide's control, the Data Subjects can submit such request done by contacting Aide's Data Protection Officer (DPO). Any concerns and/or any complaints related to the Customer Personal Data that can be done by contacting the Data Protection Officer as follows:
Name: Ziyad Basheer
Email: [email protected]
6.3. If you have any other questions, please contact [email protected].

The Data Processor engages the following sub-processors for the processing of Personal Data: