Legal Information

1. Agreement to Terms

These Terms of Service (the "Terms") govern your access to and use of the xViva platform and services (the "Service"). By accessing or using the Service, you agree to be bound by these Terms. The Service is owned and operated by xViva AI Inc. ("Company", "we", or "us"), a corporation registered in Delaware, USA.

2. Service Description

xViva provides artificial intelligence solutions for healthcare professionals and organizations. The Service includes software, APIs, and other related technologies designed to assist healthcare professionals. The Service is not intended to replace professional medical judgment.

3. Eligible Users

The Service is available only to businesses, healthcare organizations, and licensed healthcare professionals. By using the Service, you represent and warrant that you have the authority to enter into these Terms on behalf of your organization.

4. Subscription and Payment

Access to the Service requires a paid subscription. Subscription fees are based on the selected plan and are payable in advance. All fees are non-refundable except as required by law or as explicitly stated in these Terms.

5. Term and Termination

Your subscription will automatically renew unless canceled in accordance with these Terms. We reserve the right to terminate or suspend your access to the Service immediately, without prior notice or liability, for any reason, including, without limitation, if you breach these Terms.

6. Intellectual Property

All rights, title, and interest in and to the Service, including all intellectual property rights, are and will remain the exclusive property of the Company. Nothing in these Terms grants you a right or license to use any trademark, design right, or copyright owned or controlled by the Company or any third party.

7. User Data

You retain all rights to your data. You grant us a limited license to use your data solely to provide, maintain, and improve the Service. We will not use your data for any other purpose without your express consent.

8. Limitation of Liability

IN NO EVENT SHALL THE COMPANY, ITS DIRECTORS, EMPLOYEES, PARTNERS, AGENTS, SUPPLIERS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM (i) YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICE; (ii) ANY CONDUCT OR CONTENT OF ANY THIRD PARTY ON THE SERVICE; (iii) ANY CONTENT OBTAINED FROM THE SERVICE; AND (iv) UNAUTHORIZED ACCESS, USE, OR ALTERATION OF YOUR TRANSMISSIONS OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, WHETHER OR NOT WE HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

THE COMPANY'S TOTAL LIABILITY TO YOU FOR ANY CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE AMOUNT PAID BY YOU TO THE COMPANY DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE LIABILITY.

9. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR COURSE OF PERFORMANCE.

THE COMPANY DOES NOT WARRANT THAT (i) THE SERVICE WILL FUNCTION UNINTERRUPTED, SECURE, OR AVAILABLE AT ANY PARTICULAR TIME OR LOCATION; (ii) ANY ERRORS OR DEFECTS WILL BE CORRECTED; (iii) THE SERVICE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; OR (iv) THE RESULTS OF USING THE SERVICE WILL MEET YOUR REQUIREMENTS.

10. Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions. Any disputes arising under or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts located in Delaware.

11. Dispute Resolution

Any dispute arising from or relating to the subject matter of these Terms shall be finally settled by arbitration in Wilmington, Delaware, using the English language in accordance with the Arbitration Rules and Procedures of the American Arbitration Association then in effect. The prevailing party in any arbitration or other proceeding arising under these Terms shall be entitled to receive reimbursement of its reasonable attorneys' fees and costs.

12. Class Action Waiver

ANY PROCEEDINGS TO RESOLVE OR LITIGATE ANY DISPUTE IN ANY FORUM WILL BE CONDUCTED SOLELY ON AN INDIVIDUAL BASIS. NEITHER YOU NOR THE COMPANY WILL SEEK TO HAVE ANY DISPUTE HEARD AS A CLASS ACTION OR IN ANY OTHER PROCEEDING IN WHICH EITHER PARTY ACTS OR PROPOSES TO ACT IN A REPRESENTATIVE CAPACITY.

13. Severability

If any provision of these Terms is held to be unenforceable or invalid, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law, and the remaining provisions will continue in full force and effect.

14. Entire Agreement

These Terms constitute the entire agreement between you and the Company regarding the Service and supersede all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning the subject matter of these Terms.

1. Introduction

This Privacy Policy explains how xViva AI Inc. ("we", "us", or "our") collects, uses, processes, discloses, and safeguards your information when you use our platform and services (the "Service"). This Privacy Policy applies to information collected through our website, applications, and other services that link to this Privacy Policy.

2. Data Controller and Processor Roles

When providing our Service, we act as a data processor for personal data you submit or generate through the use of our Service. Your organization is the data controller responsible for ensuring there is a lawful basis for processing such data. For personal data we collect about visitors to our website or information about customer accounts, we act as a data controller.

3. Information We Collect

We collect information that you provide directly to us, information we collect automatically when you use our Service, and information from third-party sources. We may collect the following types of information:

• Account Information: When you register for an account, we collect your name, email address, password, and other information necessary to set up and maintain your account.
• Business Information: We collect information about your organization, such as business name, address, billing information, and employee information.
• Service Data: Data you upload, generate, or otherwise submit to our services in the course of using the Service.
• Usage Information: Information about how you use the Service, including log data, device information, and analytics data.
• Technical Information: We automatically collect technical information when you visit our website or use our Service, such as IP address, browser type, operating system, and device information.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our Service;
• To process and complete transactions;
• To send administrative information, such as updates, security alerts, and support messages;
• To respond to inquiries and provide customer support;
• To analyze usage patterns and trends to improve user experience;
• To protect our legal rights and prevent misuse;
• For compliance with applicable laws and regulations.

5. Legal Basis for Processing (EU/EEA Users)

If you are in the European Economic Area (EEA), we process your personal data in accordance with the General Data Protection Regulation (GDPR). Our legal basis for processing your personal data will depend on the specific context in which we collect it. Generally, we will process your personal data when:

• We need to perform a contract with you;
• It is necessary for our legitimate interests (and your interests and fundamental rights do not override those interests);
• We need to comply with legal obligations;
• You have given us consent to do so.

6. Data Retention

We retain personal data for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include the nature of our relationship with you, legal requirements, and operational needs.

7. Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer data to the United States and process it there.

For transfers from the EEA to countries not considered adequate by the European Commission, we have implemented appropriate safeguards, such as standard contractual clauses adopted by the European Commission.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal data:

• European Economic Area (EEA): If you are in the EEA, you have the right to access, rectify, or erase any personal data we hold about you, to object to processing, request restriction of processing, and data portability.
• California: If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete your personal information, the right to opt-out of the sale of personal information, and the right to non-discrimination.
• Canada: If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access your personal information, to correct inaccuracies, and to withdraw consent.

To exercise any of these rights, please contact us at [email protected].

9. Security

We implement appropriate technical and organizational measures to protect the security of your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact our Data Protection Officer at [email protected] or by mail at:

xViva AI Inc.
Privacy Department
1000 Innovation Way
Wilmington, DE 19801
United States

1. Nature of Service

NOT A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE OR TREATMENT. THE XVIVA SERVICE IS A TECHNOLOGICAL TOOL DESIGNED TO ASSIST HEALTHCARE PROFESSIONALS AND IS NOT INTENDED TO REPLACE PROFESSIONAL MEDICAL JUDGMENT. THE SERVICE DOES NOT PROVIDE MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT. THE OUTPUTS, RECOMMENDATIONS, OR SUGGESTIONS PROVIDED BY THE SERVICE SHOULD ALWAYS BE REVIEWED AND VERIFIED BY QUALIFIED HEALTHCARE PROFESSIONALS BEFORE MAKING ANY MEDICAL DECISIONS.

2. No Medical Warranties

THE COMPANY MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE ACCURACY, COMPLETENESS, TIMELINESS, OR USEFULNESS OF ANY OUTPUTS, INSIGHTS, INFORMATION, CONTENT, OR MATERIALS MADE AVAILABLE THROUGH THE SERVICE. THE COMPANY EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT WITH RESPECT TO THE MEDICAL RELEVANCE OR ACCURACY OF THE SERVICE.

3. Healthcare Professional Responsibility

THE RESPONSIBILITY FOR PATIENT CARE, MEDICAL DECISIONS, AND TREATMENTS REMAINS SOLELY WITH THE HEALTHCARE PROFESSIONAL USING THE SERVICE. HEALTHCARE PROFESSIONALS MUST EXERCISE THEIR OWN INDEPENDENT CLINICAL JUDGMENT WHEN USING ANY INFORMATION OR OUTPUTS PROVIDED BY THE SERVICE. THE SERVICE IS ONLY A TOOL TO ASSIST IN HEALTHCARE DELIVERY AND DOES NOT DICTATE CARE DECISIONS.

4. No Emergency Services

THE SERVICE IS NOT DESIGNED FOR USE IN EMERGENCY SITUATIONS. IN CASE OF A MEDICAL EMERGENCY, USERS SHOULD IMMEDIATELY CONTACT EMERGENCY MEDICAL SERVICES OR GO TO THE NEAREST EMERGENCY ROOM. THE SERVICE IS NOT A SUBSTITUTE FOR EMERGENCY MEDICAL CARE.

5. Decision Support Limitations

THE SERVICE UTILIZES ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING TECHNOLOGIES WHICH HAVE INHERENT LIMITATIONS. THE SERVICE MAY NOT ACCOUNT FOR ALL POTENTIAL FACTORS RELEVANT TO MEDICAL DECISIONS. OUTPUTS MAY CONTAIN ERRORS, OMISSIONS, OR INACCURACIES. HEALTHCARE PROFESSIONALS MUST USE THEIR TRAINING AND JUDGMENT TO EVALUATE THE APPROPRIATENESS OF ANY SUGGESTIONS OR OUTPUTS.

6. Regional Variations

THE SERVICE MAY NOT BE ADAPTED TO REGIONAL VARIATIONS IN MEDICAL PRACTICE, STANDARDS OF CARE, OR REGULATORY REQUIREMENTS. USERS ARE RESPONSIBLE FOR ENSURING COMPLIANCE WITH LOCAL LAWS, REGULATIONS, AND STANDARDS OF PRACTICE THAT MAY VARY BY JURISDICTION.

7. No Patient Relationship

THE COMPANY DOES NOT CREATE A DOCTOR-PATIENT RELATIONSHIP WITH ANY END USER OR PATIENT. THE COMPANY DOES NOT PRACTICE MEDICINE OR PROVIDE MEDICAL SERVICES. ALL MEDICAL DECISIONS AND PATIENT RELATIONSHIPS MUST BE MANAGED BY THE HEALTHCARE PROFESSIONALS USING THE SERVICE.

8. Limitation of Liability for Medical Outcomes

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY DISCLAIMS ALL LIABILITY FOR ANY ADVERSE OUTCOMES, HARM, OR DAMAGES THAT MAY RESULT FROM MEDICAL DECISIONS MADE IN CONNECTION WITH THE USE OF THE SERVICE, WHETHER SUCH DECISIONS ARE MADE BY HEALTHCARE PROFESSIONALS, HEALTHCARE ORGANIZATIONS, OR PATIENTS. THIS INCLUDES, BUT IS NOT LIMITED TO, MISDIAGNOSIS, TREATMENT ERRORS, ADVERSE REACTIONS, OR DELAYS IN CARE.

1. License Grant

Subject to the terms of this Agreement, xViva AI Inc. ("Licensor") grants to you ("Licensee") a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the xViva software and services (the "Software") for your organization's internal business purposes.

2. Restrictions

Except as expressly permitted in this Agreement, Licensee shall not:

• Copy, modify, or create derivative works of the Software
• Reverse engineer, decompile, disassemble, or attempt to discover the source code of the Software
• Rent, lease, loan, sell, sublicense, distribute, or otherwise transfer rights to the Software
• Remove or alter any proprietary notices on the Software
• Use the Software for any unlawful purpose or in any manner inconsistent with this Agreement
• Use the Software to process data not authorized by data subjects or without a valid legal basis
• Attempt to circumvent, disable, or otherwise interfere with security-related features of the Software

3. Ownership

The Software is owned and copyrighted by Licensor. Your license confers no title or ownership in the Software and is not a sale of any rights in the Software. All rights not expressly granted to Licensee are reserved by Licensor.

4. Updates and Maintenance

Licensor may from time to time issue updates, bug fixes, or upgrades to the Software. Licensee's access to these updates is subject to the payment of applicable maintenance and support fees as specified in the subscription agreement between Licensor and Licensee.

5. Technical Support

Technical support is provided according to the support plan selected by Licensee. Licensor has no obligation to provide support except as expressly agreed in a separate support agreement. Support terms, including response times and service levels, are defined in the Service Level Agreement (SLA).

6. Disclaimer of Warranties

THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. LICENSOR DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. LICENSOR DOES NOT WARRANT THAT THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE.

7. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL LICENSOR BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, LICENSOR'S ENTIRE LIABILITY SHALL BE LIMITED TO THE AMOUNT ACTUALLY PAID BY LICENSEE FOR THE SOFTWARE.

8. Indemnification

Licensee agrees to indemnify, defend, and hold harmless Licensor, its officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) that arise from or relate to: (a) Licensee's use of the Software; (b) Licensee's violation of this Agreement; or (c) Licensee's violation of any rights of any third party.

9. Term and Termination

This Agreement is effective upon Licensee's acceptance and shall continue until terminated. Licensee may terminate this Agreement at any time by discontinuing use of the Software. Licensor may terminate this Agreement if Licensee breaches any of its terms. Upon termination, Licensee shall cease all use of the Software and destroy all copies in its possession or control.

10. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, without giving effect to any principles of conflicts of law. Any dispute arising from or relating to this Agreement shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware.

11. Export Regulations

Licensee agrees to comply with all applicable export and re-export control laws and regulations, including the Export Administration Regulations maintained by the U.S. Department of Commerce and trade and economic sanctions maintained by the Treasury Department's Office of Foreign Assets Control.

12. U.S. Government End Users

The Software and related documentation are "Commercial Items," as that term is defined at 48 C.F.R. §2.101, consisting of "Commercial Computer Software" and "Commercial Computer Software Documentation," as such terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202, as applicable. The Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users only as Commercial Items and with only those rights as are granted to all other end users pursuant to the terms and conditions of this Agreement.

13. Entire Agreement

This Agreement constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes all prior and contemporaneous agreements and communications, whether oral or written, between the parties relating to the subject matter of this Agreement.

1. Service Commitment

xViva AI Inc. ("Service Provider") will use commercially reasonable efforts to make the xViva platform and services ("Service") available with a Monthly Uptime Percentage of at least 99.5% during any monthly billing cycle ("Service Commitment"). In the event Service Provider does not meet the Service Commitment, the Customer will be eligible to receive a Service Credit as described below.

2. Definitions

Monthly Uptime Percentage means the total number of minutes in a month, minus the number of minutes of Downtime during that month, divided by the total number of minutes in that month.

Downtime means the time during which the Service is unavailable for use, excluding Scheduled Maintenance and circumstances beyond our reasonable control.

Scheduled Maintenance means maintenance that is announced to customers at least 48 hours in advance.

Service Credit means a credit that can be applied to future subscription fees, calculated as a percentage of the fees paid for the affected Service during the month in which the Service Commitment was not met.

3. Service Credits

Service Credits are calculated as a percentage of the total fees paid by Customer for the Service for the monthly billing cycle in which the Downtime occurred, as follows:

• Monthly Uptime Percentage between 99.0% and 99.5%: 10% Service Credit
• Monthly Uptime Percentage between 95.0% and 99.0%: 25% Service Credit
• Monthly Uptime Percentage less than 95.0%: 50% Service Credit

Service Credits are Customer's sole and exclusive remedy for any failure by Service Provider to meet the Service Commitment. Service Credits will be applied to future subscription fees and may not be redeemed for cash.

4. Credit Request and Payment Process

To receive a Service Credit, Customer must submit a claim within 30 days after the end of the month in which the Downtime occurred. To submit a claim, Customer must send an email to [email protected] with the subject line "SLA Credit Request" and include:

• Customer name and account identifier
• The dates and times of each Downtime incident
• A brief description of the incident

Service Provider will evaluate all information reasonably available and make a good faith determination of whether a Service Credit is owed. Service Provider will use commercially reasonable efforts to process claims within 30 days.

5. SLA Exclusions

The Service Commitment does not apply to any unavailability, suspension, or termination of the Service:

• Due to Scheduled Maintenance
• Caused by factors outside of Service Provider's reasonable control, including force majeure events, internet access issues, or problems beyond the demarcation point of Service Provider's network
• That results from customer's equipment, software, or other technology
• That results from actions or inactions of Customer or any third party
• That results from Customer's breach of Terms of Service
• During Beta or trial versions of the Service
• Due to Customer's failure to follow documented usage guidelines

6. Technical Support

Service Provider will provide technical support according to the following schedule:

• Standard Support Plan: Email support with 24-hour response time, Monday-Friday, 9am-5pm Eastern Time
• Premium Support Plan: Email and phone support with 4-hour response time for critical issues, 24/7 for critical issues, Monday-Friday 9am-9pm Eastern Time for non-critical issues
• Enterprise Support Plan: Email, phone, and dedicated Slack channel with 1-hour response time for critical issues, 24/7 for all issues

7. Modifications to SLA

Service Provider reserves the right to modify this SLA at any time by posting a revised version on the website. Customer will be notified of material changes at least 30 days before they become effective.

8. Limitation of Liability

THE MAXIMUM AGGREGATE LIABILITY OF SERVICE PROVIDER UNDER THIS SLA SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER FOR THE SERVICE DURING THE 12-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. SERVICE PROVIDER SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, DATA, OR USE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between xViva AI Inc. ("Processor") and the customer ("Controller") using the xViva services ("Service"). This DPA reflects the parties' agreement regarding the processing of Personal Data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Definitions

Personal Data means any information relating to an identified or identifiable natural person.

Processing means any operation performed on Personal Data, such as collection, storage, use, or disclosure.

Data Subject means the individual to whom Personal Data relates.

Controller means the entity that determines the purposes and means of Processing Personal Data.

Processor means the entity that Processes Personal Data on behalf of the Controller.

Sub-processor means any Processor engaged by the Processor to Process Personal Data.

3. Details of Processing

Subject Matter: The subject matter of the Processing is the provision of the Service by Processor to Controller.

Duration: The duration of the Processing is the term of the main agreement between Controller and Processor.

Nature and Purpose: The nature and purpose of the Processing is to enable Controller to use the Service, which involves processing of Personal Data submitted to the Service by Controller.

Categories of Data Subjects: Data Subjects may include Controller's employees, customers, patients, or other individuals whose Personal Data is submitted to the Service by Controller.

Types of Personal Data: Types of Personal Data may include names, contact information, health information (if applicable and permitted by Controller and relevant laws like HIPAA), usage data, and any other Personal Data submitted by Controller.

4. Processor Obligations

Processor agrees to:

• Process Personal Data only on documented instructions from Controller, unless required to do so by applicable law.
• Ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
• Respect the conditions for engaging another Sub-processor as described in Section 5.
• Assist Controller, taking into account the nature of the Processing, by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Controller's obligation to respond to requests for exercising Data Subject rights.
• Assist Controller in ensuring compliance with obligations pursuant to security of processing, notification of a Personal Data breach to the supervisory authority and communication of a Personal Data breach to the Data Subject, data protection impact assessments, and prior consultation with the supervisory authority, taking into account the nature of Processing and the information available to Processor.
• At the choice of Controller, delete or return all Personal Data to Controller after the end of the provision of services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data.
• Make available to Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by Controller or another auditor mandated by Controller.

5. Sub-processing

Controller provides a general authorization for Processor to engage Sub-processors. Processor shall inform Controller of any intended changes concerning the addition or replacement of other Sub-processors, thereby giving Controller the opportunity to object to such changes. Processor shall ensure that any Sub-processor it engages implements data protection obligations equivalent to those set out in this DPA.

6. Data Transfers

Processor shall not transfer Personal Data processed under this DPA outside the European Economic Area (EEA), the UK, or Switzerland without ensuring appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), unless the transfer is to a country deemed adequate by the relevant authorities.

7. Liability and Indemnity

The liability of each party under this DPA shall be subject to the limitations and exclusions of liability set out in the main agreement between the parties. Controller agrees to indemnify Processor against any claims or losses arising from Controller's breach of this DPA or applicable data protection laws.

8. Term and Termination

This DPA shall remain in effect for as long as Processor processes Personal Data on behalf of Controller under the main agreement. Termination of the main agreement will automatically terminate this DPA.

9. Governing Law

This DPA shall be governed by the laws specified in the main agreement between the parties.