Data Processing Agreement
This Data Processing Agreement ("DPA") is entered into by and between Push AI, Inc. ("Data Processor") and the Customer ("Data Controller") (collectively referred to as the "Parties").
Definitions
1.1. "Data Controller" refers to the party that determines the purposes and means of the processing of personal data.
1.2. "Data Processor" refers to the party that processes personal data on behalf of the Data Controller.
1.3. "Personal Data" refers to any information relating to an identified or identifiable natural person.
1.4. "Processing" refers to any operation performed on personal data, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, erasure, or destruction.
Sub-processors
2.1. The Data Processor engages sub-processors to assist in the provision of the services, which can be seen in Exhibit A.
Data Processing Obligations
3.1. Compliance with Laws: The Data Processor shall process Personal Data in compliance with all applicable data protection laws, regulations, and industry standards.
3.2. Confidentiality: The Data Processor shall ensure that any person authorized to process Personal Data is subject to an appropriate duty of confidentiality.
3.3. Security Measures: The Data Processor shall implement and maintain appropriate technical and organizational measures to protect the Personal Data from unauthorized access, loss, disclosure, alteration, or destruction.
3.4. Subprocessing: The Data Processor shall provide a current list of all sub-processors engaged in the processing of Personal Data to the Data Controller. The Data Processor shall ensure that any sub-processor is bound by data protection obligations through a written agreement.
3.5. Data Subject Rights: The Data Processor shall assist the Data Controller in responding to data subject requests, including requests to access, rectify, delete, or restrict the processing of Personal Data.
3.6. Data Breach Notification: In the event of a personal data breach, the Data Processor shall promptly notify the Data Controller about the breach and provide all necessary information to assist the Data Controller in fulfilling its obligations under applicable data protection laws.
Data Controller Responsibilities
4.1. Lawful Basis: The Data Controller shall ensure that it has a lawful basis for the processing of Personal Data and that the necessary consents or authorizations have been obtained, where applicable.
4.2. Instructions: The Data Controller shall provide written instructions to the Data Processor regarding the processing of Personal Data. The Data Processor shall not process the Personal Data for any purpose other than as instructed by the Data Controller.
4.3. Data Subject Rights: The Data Controller shall be responsible for responding to data subject requests related to the exercise of their rights under applicable data protection laws.
Data Transfer
5.1. Data transfers to third countries or international organizations may only occur with the prior written consent of the Data Controller and in compliance with applicable data protection laws.
Term and Termination
6.1. This DPA shall remain in effect for the duration of the data processing activities or until terminated in accordance with the terms set forth herein or in the Terms of Service.
Exhibit A: List of Sub-Processors
The following sub-processors are engaged by the Data Processor for the processing of Personal Data:
| Sub-processor name | Sub-processor Activities | Processing Location |
|---|---|---|
| Render Services, Inc. | cloud computing and analysis | United States |
| Planetscale, Inc. | cloud computing and data hosting | United States |
| Heroku (Salesforce, Inc.) | cloud computing | United States |
| Amazon Web Services, Inc. | cloud computing and data hosting | United States |