...
Excerpt | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
This Data Processing Agreement (“DPA”) forms part of the End User License Agreement (the “EULA”) between the Almarise Entity identified below ("Almarise", "we," "our,", "us" or “Processor”) and its Customers (“Controller”) governing the processing of Personal Data in connection with Almarise’s products. We sell our Products through two affiliated entities (each an “Almarise Entity”):
1. DefinitionsFor the purposes of this DPA, the following definitions apply:
2. Scope and Purpose of Data ProcessingAlmarise will process Personal Data solely to provide services and support under the EULA in the EULA in accordance with the Customer’s documented instructions as set forth in this DPA. This processing includes, but is not limited to:
3. Duration of ProcessingAlmarise will process Personal Data for the duration of the EULA between Almarise and the Customer or until data deletion or anonymization as directed by the Controller. 4. Categories of Data SubjectsThe categories of Data Subjects include:
5. Types of Personal Data ProcessedAlmarise may process the following types of Personal Data:
6. Obligations of the ControllerThe Customer, as Controller, shall:
7. Obligations of the ProcessorAlmarise, as Processor, agrees to:
8. Security MeasuresAlmarise will implement robust security measures, including:
8.1 Specific Security Measures
8.2 Data Breach NotificationIn the event of a data breach, Almarise will notify the Controller within 48 hours of becoming aware, including details on the nature, impact, and mitigation steps taken. 9. Sub-processors9.1 Authorization of Sub-processorsAlmarise engages the following internal and external Sub-processors to assist in providing services:
9.2 Right to Object to Sub-processorsIn case of adding a new Sub-processors, The Controller has the right to object to them within 10 business days of notice. In case of objection, Almarise will work with the Controller to resolve the issue or provide an option to terminate the affected services. 9.3 Sub-processor ObligationsAlmarise will ensure all Sub-processors are contractually bound by terms similar to this DPA, ensuring they implement equivalent data protection standards. 10. Data Subject RightsAlmarise will assist the Controller in fulfilling its obligation to respond to Data Subject requests, including requests for:
10.1 Handling Data Subject RequestsUpon receiving a request directly from a Data Subject, Almarise will promptly notify the Controller unless legally prohibited. The Controller is responsible for responding to Data Subject requests. 11. International Data TransfersAlmarise will not transfer Personal Data outside the European Economic Area (EEA) without implementing adequate safeguards, such as Standard Contractual Clauses (SCCs) or other recognized mechanisms under GDPR. 12. Data Retention and DeletionUpon termination of the EULA, Almarise will:
13. ConfidentialityAlmarise and all personnel involved in processing Personal Data are committed to maintaining strict confidentiality. This confidentiality obligation survives the termination of this DPA. 14. Audit Rights14.1 Information RequestsThe Controller may request documentation, security certifications, or audit reports to demonstrate Almarise’s compliance with this DPA. 14.2 AuditsThe Controller may audit Almarise’s compliance with this DPA once per year or upon identifying a substantiated security concern. Audits must be conducted with reasonable notice and during regular business hours. 15. Liability and IndemnificationEach party’s liability under this DPA is subject to the liability limitations set forth in the EULA. Almarise shall not be liable for any claims arising from the Controller’s failure to comply with its data protection obligations. 16. Governing Law and JurisdictionThis DPA is governed by the laws of the Republic of Poland. Disputes arising out of this DPA are subject to the exclusive jurisdiction of the courts in Warsaw, Poland. 17. Jurisdiction-Specific TermsIf required by applicable laws, additional terms will apply to data processing for residents of specific jurisdictions, such as California under the CCPA. Almarise agrees to cooperate in good faith to ensure compliance. 18. Entire Agreement and AmendmentsThis DPA, together with the EULA, constitutes the entire agreement between the parties regarding data processing. Amendments must be in writing and signed by both parties. 19. SeverabilityIf any provision of this DPA is held invalid, the remaining provisions shall remain in full force and effect. 20. Contact InformationAlmarise Robert Dzido S.K.A Email: privacy@almarise.com Phone: +48 (22) 354 63 13 |
...