Introduction
This Data Processing Agreement ("DPA") is incorporated into the PromptCanvas Terms of Service and governs the processing of Personal Data in connection with the PromptCanvas service.
Definitions
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
"Data Controller" means the entity that determines the purposes and means of the Processing of Personal Data.
"Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.
Subject Matter and Duration
This DPA applies to all Processing of Personal Data by PromptCanvas as a Data Processor on behalf of its customers (Data Controllers) in connection with the PromptCanvas service. This agreement remains in effect for the duration of the service agreement.
Obligations of the Data Processor
Security Measures
PromptCanvas shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of Personal Data
- Access controls and authentication
- Regular security testing and assessments
- Employee training and confidentiality agreements
Processing Instructions
PromptCanvas shall only process Personal Data in accordance with the documented instructions from the Data Controller, unless required by law to do otherwise.
Sub-processing
PromptCanvas shall not engage sub-processors without prior written authorization from the Data Controller. All sub-processors are subject to the same data protection obligations as PromptCanvas.
Data Subject Rights
PromptCanvas shall assist the Data Controller in fulfilling data subject rights requests, including:
- Right to access their Personal Data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
Data Breach Notification
PromptCanvas shall notify the Data Controller without undue delay upon becoming aware of a Personal Data breach, providing all information necessary for the Data Controller to meet any notification obligations under applicable law.
Data Deletion and Return
At the choice of the Data Controller, PromptCanvas shall delete or return all Personal Data upon termination of the service, unless required by law to retain the data.
Audit Rights
PromptCanvas shall make available to the Data Controller all information necessary to demonstrate compliance with this DPA and shall allow for and contribute to audits, including inspections, by the Data Controller or an independent auditor.
International Data Transfers
PromptCanvas ensures that any transfer of Personal Data outside the EEA is subject to appropriate safeguards, including standard contractual clauses approved by the European Commission.
Contact Information
Data Protection Officer: dpo@promptcanvas.io
Legal Department: legal@promptcanvas.io
Address: 123 Enterprise Lane, Tech City, TC 12345
Get in Touch
Have questions about our Data Processing Agreement? Reach out to our legal team.