Data Processing Agreement (DPA)
Last Updated: [Date]
1. Scope and Applicability
This Data Processing Agreement ("DPA") forms part of the Terms of Service between TrustAI.me ("Processor") and the Customer ("Controller"). This DPA applies where TrustAI.me processes Personal Data on behalf of the Customer within the scope of providing the AIActKit platform and Advisory services.
2. Processing of Personal Data
TrustAI.me will only process Personal Data on documented instructions from the Controller, unless required to do so by European Union or Member State law to which TrustAI.me is subject. TrustAI.me ensures that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3. Security of Processing
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, TrustAI.me shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. All data is hosted on servers located within the European Union.
4. Sub-processors
The Controller generally authorizes TrustAI.me to engage sub-processors. A current list of sub-processors will be maintained and provided upon request. TrustAI.me will ensure that any sub-processor is bound by the same data protection obligations as set out in this DPA.
Note: This is a placeholder DPA. Ensure this is reviewed by qualified legal counsel. A complete DPA will usually include standard contractual clauses (SCCs) if data is transferred outside the EEA (though you specify EU-only hosting), and specific details in Annexes describing the nature of data, data subjects, and security measures.