Edgify AI Limited
- In the event that the Company has entered into an agreement with a counterparty (the Agreement) which references to the terms of this data processing agreement (DPA) by way of a URL link, this DPA shall be deemed incorporated into the Agreement. Regardless of how such counterparty is defined in the Agreement, for the purposes of this DPA such counterparty shall be referred to as the Counterparty. Defined terms used in this DPA shall have the meanings given to them in the Agreement
- Each of the Counterparty and the Company acknowledge that the Company Solution is not designed to collect or process personal data, but tampering (whether unintentional or otherwise) with the Company Solution may cause personal data to be collected and processed. In the event that the Counterparty provides the Company with personal data of its customers and/or personnel, the Counterparty shall act as a data controller, and the Company as a data processor. In such event:
- the personal data may relate to the customers and/or personnel of the Counterparty and may be processed in the Company’s review of its performance, in its fixing of bugs or Defects, or in the enhancement of the Company Solution. The personal data deleted on discovery where reasonably possible, and, where not reasonably possible, as soon as reasonably possible thereafter or on termination of this Agreement;
- the Company shall:
- process personal data only on the Counterparty’s written instructions, including in relation to any international transfers of personal data;
- implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to the rights and freedoms of the data subjects;
- ensure that any person authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- assist the Counterparty in its fulfilment of its obligations to respond to requests for exercising the data subjects’ rights;
- assist the Counterparty in ensuring compliance with its security obligations, including to notify the Counterparty without undue delay after becoming aware of a personal data breach; and
- at the Counterparty’s choice, delete or return all the personal data to the Counterparty on termination of this Agreement;
- the Company shall give the Counterparty the opportunity periodically to check compliance with this Agreement and the statutory provisions applicable to the processing of personal data. The checks may only be carried out by an external independent auditor and shall be limited to the Company answering questions put by the Counterparty (a maximum of once a year) about the Company’s compliance with applicable data protection laws. The Counterparty agrees that the Company shall not allow the Counterparty’s auditor to access the Company’s IT systems and/or IT Infrastructure; and
- the Counterparty hereby agrees to the Company transferring personal data to its suppliers and other companies of the Company group, whether inside or outside of the EEA or the UK. The Company shall inform the Counterparty of any new supplier or change of suppliers as soon as reasonably practicable. The Counterparty shall inform the Company within 15 days on becoming aware of any objection in relation thereto. Where the Counterparty objects to the new or change of supplier on reasonable grounds relating to data protection, and the Counterparty cannot reasonably accommodate the Counterparty’s objection, the Counterparty shall have the right to terminate the Agreement by providing the Company with one month’s prior written notice.