Data Processing Agreement – InnoScale

Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (“Agreement”) between Innovative Scaling Technologies, Inc. (“InnoScale” or “Processor”) and the entity identified in the Order Form (“Customer” or “Controller”) to reflect the parties’ agreement with regard to the Processing of Personal Data in accordance with the requirements of Data Protection Laws.

This DPA shall apply to all Processing of Personal Data by InnoScale on behalf of Customer in connection with the provision of Services under the Agreement.

1. Definitions

For the purposes of this DPA:

• “Data Protection Laws” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, applicable to the Processing of Personal Data under the Agreement, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
• “Personal Data” means any information relating to an identified or identifiable natural person that is Processed by InnoScale as a Processor on behalf of Customer as a Controller in connection with the provision of Services.
• “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Sub-processor” means any third party appointed by or on behalf of InnoScale to Process Personal Data on behalf of Customer in connection with the Agreement.
• “Data Subject” means the individual to whom Personal Data relates.
• “Controller”, “Processor”, “Data Subject”, “Personal Data Breach” shall have the meanings given to them in the GDPR.

2. Processing of Personal Data

2.1. InnoScale shall Process Personal Data only on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form; (ii) Processing initiated by Users in their use of the Services; and (iii) Processing to comply with other documented reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement.

2.2. InnoScale shall immediately inform Customer if, in its opinion, an instruction infringes Data Protection Laws.

2.3. Customer instructs InnoScale to Process Personal Data and in particular, transfer Personal Data to any country or territory, as reasonably necessary for the provision of Services and consistent with the Agreement.

3. Details of Processing

3.1. Subject-matter: The Processing of Personal Data as necessary to provide the Services pursuant to the Agreement.

3.2. Duration: The Processing will continue for the duration of the Agreement unless otherwise agreed in writing.

3.3. Nature and Purpose: InnoScale will Process Personal Data as necessary to provide the Services pursuant to the Agreement, including hosting, cloud infrastructure, data storage, backup services, and technical support.

3.4. Type of Personal Data: Customer may submit Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include but is not limited to: identification data (names, addresses, email addresses, phone numbers), professional data, technical data (IP addresses, usage data), and any other Personal Data submitted by Customer or its users.

3.5. Categories of Data Subjects: Customer may submit Personal Data to the Services relating to the following categories of Data Subjects: Customer’s employees, contractors, customers, suppliers, end users, and any other individuals whose Personal Data is submitted to the Services by or on behalf of Customer.

4. Rights and Obligations of InnoScale

4.1. Confidentiality: InnoScale shall ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4.2. Security: InnoScale shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) the pseudonymization and encryption of Personal Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.

4.3. Sub-processors: Customer acknowledges and agrees that InnoScale may engage Sub-processors in connection with the provision of the Services. InnoScale maintains a list of Sub-processors available upon request. InnoScale shall notify Customer of any intended changes concerning the addition or replacement of Sub-processors, giving Customer the opportunity to object to such changes.

4.4. Data Subject Rights: InnoScale shall, taking into account the nature of the Processing, assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer’s obligation to respond to requests for exercising the Data Subject’s rights under Data Protection Laws.

4.5. Personal Data Breach: InnoScale shall notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Personal Data, providing Customer with sufficient information to allow Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under Data Protection Laws.

4.6. Data Protection Impact Assessment: InnoScale shall provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with supervising authorities or other competent data privacy authorities.

4.7. Deletion or Return of Personal Data: Upon termination of the Agreement, InnoScale shall, at the choice of Customer, delete or return all Personal Data to Customer and delete existing copies unless applicable law requires storage of the Personal Data.

4.8. Audit Rights: InnoScale shall make available to Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer, subject to reasonable notice and during regular business hours.

5. Rights and Obligations of Customer

5.1. Customer shall ensure that its instructions for the Processing of Personal Data comply with Data Protection Laws.

5.2. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.

5.3. Customer shall ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to InnoScale for the duration and purposes of the Agreement.

6. Data Transfers

6.1. Customer acknowledges that InnoScale may transfer Personal Data to the United States or other countries where InnoScale or its Sub-processors maintain facilities.

6.2. InnoScale shall ensure that any transfer of Personal Data to a third country or an international organization shall be subject to appropriate safeguards as described in Article 46 of the GDPR, including but not limited to Standard Contractual Clauses approved by the European Commission.

7. Liability and Indemnification

7.1. The limitations of liability set forth in the Agreement shall apply to this DPA.

7.2. Each party shall indemnify the other against all damages, losses, and expenses arising as a result of that party’s breach of this DPA.

8. General Terms

8.1. This DPA shall be governed by the laws governing the Agreement.

8.2. In the event of any conflict between this DPA and the Agreement, this DPA shall prevail with respect to the Processing of Personal Data.

8.3. This DPA may only be amended or modified in writing signed by both parties.

8.4. Should any provision of this DPA be invalid or unenforceable, the remainder of this DPA shall remain valid and in force.

9. Contact Information

For questions regarding this Data Processing Agreement or data protection matters, please contact:

InnoScale Data Protection Officer
Email: privacy@innoscale.com
Address: Legal Department, Innovative Scaling Technologies, Inc.

Request DPA View All Legal Documents