Data Processing Agreement (DPA)
Effective Date: 9/1/24
- Introduction
This Data Processing Agreement (“DPA”) is an agreement between RapidTalk.ai and the customer (“Controller”) to ensure compliance with data protection laws and to regulate the processing of personal data. This DPA supplements any other agreements between the parties regarding the use of RapidTalk.ai’s Services.
- Definitions
- Controller: The entity that determines the purposes and means of processing personal data.
- Processor: RapidTalk.ai, which processes personal data on behalf of the Controller.
- Data Subject: The individual whose personal data is processed.
- Personal Data: Any information related to an identified or identifiable individual.
- Processing: Any operation performed on personal data, such as collection, storage, use, or disclosure.
- Processing of Personal Data
- Scope of Processing: RapidTalk.ai shall process personal data only on documented instructions from the Controller and solely for the purposes defined in the service agreement.
- Types of Data: Personal data processed may include but is not limited to contact information, transactional data, and user preferences, depending on the nature of the services provided.
- Duration of Processing: RapidTalk.ai shall process personal data for the duration of the service agreement unless otherwise required by law.
- Obligations of the Processor
- Confidentiality: RapidTalk.ai ensures that all employees or subcontractors involved in data processing are subject to a duty of confidentiality.
- Security Measures: RapidTalk.ai implements appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include encryption, access controls, and regular security audits.
- Subprocessors: RapidTalk.ai may engage subprocessors to assist in the delivery of services. Any engagement of subprocessors will be governed by a contract ensuring the same level of data protection obligations as those set out in this DPA.
- Data Subject Rights
RapidTalk.ai shall, to the extent permitted by law, assist the Controller in responding to requests from Data Subjects exercising their rights under data protection laws, including access, rectification, deletion, and objection to the processing of their data.
- Data Breach Notification
In the event of a data breach affecting personal data, RapidTalk.ai shall notify the Controller without undue delay and provide all relevant information needed for the Controller to comply with its data breach notification obligations.
- Data Transfers
Personal data may be transferred to jurisdictions outside of the European Economic Area (EEA). Where such transfers occur, RapidTalk.ai shall ensure that appropriate safeguards, such as Standard Contractual Clauses or Privacy Shield frameworks, are in place to protect personal data.
- Termination
Upon termination of the service agreement, RapidTalk.ai shall, at the Controller’s discretion, return or delete all personal data, unless storage is required by law.
- Liability and Indemnification
RapidTalk.ai’s liability for data breaches and non-compliance with data protection laws shall be limited to the direct damages caused by the breach, and RapidTalk.ai will not be liable for any indirect, consequential, or punitive damages. The Controller agrees to indemnify and hold RapidTalk.ai harmless for any claims arising from the Controller’s failure to comply with data protection laws.
- Governing Law
This DPA is governed by the laws of the State of Florida, USA, without regard to conflict of laws principles.
- Contact Information
For any questions related to this DPA, please contact:
RapidTalk.ai
340 Royal Poinciana Way, Ste 328/165
Palm Beach, FL 33480
maverick@rapidtalk.ai