Observe.ai agrees to the terms as follows:
- The Processor must have adequate information security in place, taking into accountthe sensitivity of the data to be received.
- The data received remains the property of the Controller (the “Controller”) at all times unless ownership is explicitly shared or transferred by a written agreement.
- The Processor must not use Sub-Processors (“Sub-Processors”) without advanced notification or consent of the Controller; Sub-Processors musthave equivalent security and privacy controls to those of Processor.
- The Processor shall cooperate with the relevant Data Protection Authorities (“Authorities”)in the event of an enquiry.
- The Processor must keep all received information confidential.
- The Processor must report data breaches to the Controller without delay.
- The Processor may need to appoint a mandatory Data Protection Officer (“DPO”). The Processor must do its own due diligence in this matter and appoint aqualified individual, if appropriate.
- The Processor must keep records of all processing activities.
- The Processor must comply with United States and EU trans-border data transfer rules.
- The Processor must help the Controller to comply with data subjects rights.
- The Processor must assist the Controller in managing the consequences of data breaches.
- The Processor must delete or return all personal data at the end of the contract atthe choice of the Controller.
- The Processor must inform the Controller if the processing instructions infringe GDPR.
- The Processor must comply with security and privacy due diligence requirements placed on the Controller for the validation of the above.
Signed and Agreed (Exporter)
Importer
Name:
Name:
Position:
Position:
Company:
Company: Z21Labs, Inc., dba Observe.ai
Date:
Date:
Schedule 1 - Details of the Processing
Categories of Data Subjects
Customer (“Customer”)may submit, and users may submit on behalf of Customer: Personal Data (“Personal Data”) to the SoftwareServices (“Software Services”), the extentof which is determined and controlled by Customer in its sole discretion, andwhich may include, but is not limited to Personal Data relating to thefollowing categories of data subjects:
- Prospects, customers, business partners and vendors of Customer and Customer’s customers (who are natural persons)
- Employees or contact persons of Customer’s prospects, customers, business partners and vendors
- Employees, agents, advisors, freelancers of Customer (who are natural persons)
- Customer’s users authorized by Customer to use the Software Services
Categories of Personal Data
Customer may submit Personal Data to the Software Services, the extentof which is determined and controlled by Customer in its sole discretion, andwhich may include, but is not limited to the following categories of Personal Data:
- Customer’s users authorized by Customer to use the Software Services
- Title
- Position
- Employer
- Contact information (company, email, phone, physical business address)
- Order data
- Professional life data
- Personal life data
- Connection data
- Localization data
- Payment data
- Business requirements
