Data Processing Agreement
Between UltiHash, Inc. ("Licensor") and [User's Name] ("User")
1. Definitions and Interpretation
- Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meanings:
- "Personal Data" means any information relating to an identified or identifiable natural person that is processed by the Licensor on behalf of the User as part of the Licensor’s services.
- "Subprocessor" means any person or entity engaged by the Licensor to process Personal Data in connection with the Agreement.
2. Processing of Personal Data
- Purpose of Processing: The Licensor agrees to process Personal Data on behalf of the User in accordance with the conditions laid down in this Agreement. The processing to be performed is described in Annex 1 of this Agreement.
- Licensor’s Obligations: The Licensor shall process Personal Data only on documented instructions from the User, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by European Union or Member State law to which the Licensor is subject; in such a case, the Licensor shall inform the User of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
- Subprocessors: The Licensor shall not engage another subprocessor without prior specific or general written authorization of the User.
3. Technical and Organizational Measures
- The Licensor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymization and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
4. Data Subject Rights
- The Licensor shall assist the User by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the User's obligation to respond to requests for exercising the data subject's rights laid down in the GDPR.
5. Data Breach Notification
- The Licensor shall notify the User without undue delay after becoming aware of a personal data breach. Such notifications shall include:
- the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
- the likely consequences of the personal data breach;
- the measures taken or proposed to be taken by the Licensor to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
6. Termination
- The obligations placed on the parties under this Agreement shall survive the termination of the Agreement. Upon termination, the Licensor shall, at the choice of the User, delete or return all the personal data to the User and delete existing copies unless European Union or Member State law requires storage of the personal data.
7. Governing Law and Jurisdiction
- This Agreement shall be governed by the laws of the State of Delaware, United States.
Last updated: 11/06/2024