Effective Date: 14 May 2024
This Data Processing Agreement ("Agreement") forms part of the Terms of Service ("Terms") between the user ("User" or "Customer") and Prcept AI LLP ("Company"), collectively referred to as "Parties," to reflect the parties' agreement regarding the processing of personal data under the applicable Data Protection Laws.
"Personal Data," "Data Subject," "Processing," "Controller," "Processor," and other capitalized terms shall have the meanings ascribed to them in the applicable Data Protection Laws, which include but are not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy legislation.
"Services" refers to any services provided by the Company as described in the Terms.
The Customer acts as the Data Controller, and the Company acts as the Data Processor in relation to the Personal Data processed under this Agreement.
The Company shall process Personal Data solely for the purpose of providing the Services in accordance with the documented instructions of the Customer, unless required otherwise by law.
The Company may engage Subprocessors without requiring prior consent from the Customer but will inform the Customer of any changes to Subprocessor engagements, which will be listed on the Company’s website.
The Company shall provide reasonable assistance to the Customer for the fulfillment of the Customer's obligation to respond to requests for exercising Data Subject rights under the Data Protection Laws. Such assistance shall be provided at the Customer's expense.
The Company shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, adjusting the scope and level of measures at its discretion.
The Company will notify the Customer of any Personal Data Breach within a reasonable time frame, provided that such notification shall not be interpreted as an acknowledgment of fault or liability by the Company.
Personal Data may be transferred to countries outside of the European Economic Area (EEA), provided such transfers comply with existing data protection legislation. The Company shall determine the appropriate safeguards for such transfers.
The Customer may conduct an audit or inspection with prior written notice of at least 30 days and shall bear all costs related to such audits. Audits shall be limited to once per year and shall not unreasonably interfere with the Company's business operations.
Upon termination of the Services, the Company will delete or return all Personal Data at its discretion, subject to the requirements of applicable law for data retention.
The Company’s liability under this Agreement shall be limited to the fees paid by the Customer under the Terms during the 12 months preceding the claim.
This Agreement may be updated or amended by the Company at its sole discretion to reflect changes in legal, regulatory, or operational requirements. The Company shall notify the Customer of any material changes with at least 30 days' notice via email or a prominent notice on our service interface. Continued use of the Services after any such changes shall constitute the Customer's consent to such changes. If the Customer does not agree to the changes, they must terminate their agreement before the changes take effect, and such termination shall be their sole and exclusive remedy.
Customer’s employees, consultants, contractors, and/or copilot.
Company processes Personal Data contained in Company Account Data, Company Usage Data, and any Personal Data provided by Customer (including any Personal Data Customer collects from its end users and processes through its use of the Services) or collected by Company in order to provide the Services or as otherwise set forth in the Agreement or this DPA. Categories of Personal Data include name, email, job title, username, Company device identifiers (e.g. serial number), IP address for company device, installed applications for company device, background check verification records (at discretion of Controller), security training records.
Company will process Customer’s Personal Data as necessary to provide the Services under the Agreement, for the purposes specified in the Agreement and this DPA, and in accordance with Customer’s instructions as set forth in this DPA. The nature of processing includes, without limitation:
Company will process Customer’s Personal Data as long as required (i) to provide the Services to Customer under the Agreement; (ii) for Company’s legitimate business needs; or (iii) by applicable law or regulation. Company Account Data and Company Usage Data will be processed and stored as set forth in Company’s privacy policy.
Customers are prohibited from providing sensitive personal data or special categories of data to Company, including without limitation, any data which discloses the criminal history.
