Data Processing Agreement

Introduction

This Data Processing Agreement ("DPA") forms part of our Terms of Service and applies to the processing of personal data by us on behalf of our users who are subject to applicable data protection laws.

Definitions

For the purposes of this DPA, the terms "personal data," "data subject," "processing," "controller," "processor," and "supervisory authority" shall have the meanings given to them in the applicable data protection laws.

Data Processing Obligations

As a data processor, we will:

• Process personal data only on documented instructions from you, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by law
• Ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
• Respect the conditions for engaging another processor
• Assist you in ensuring compliance with your obligations under applicable data protection laws
• At your choice, delete or return all personal data to you after the end of the provision of services relating to processing, and delete existing copies unless storage is required by law
• Make available to you all information necessary to demonstrate compliance with your obligations and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you

Sub-processors

We may engage sub-processors to assist in providing our services. We will ensure that any sub-processor we engage is bound by a written agreement that requires them to provide at least the level of data protection required of us under this DPA.

We will inform you of any intended changes concerning the addition or replacement of sub-processors, giving you the opportunity to object to such changes.