Enrich Spot Logo

Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Enrich Spot ("Processor") and the User ("Controller") and reflects the parties' agreement with regard to the Processing of Personal Data.

2. Definitions

"Personal Data", "Processing", "Controller", "Processor", and "Data Subject" shall have the meanings given in Applicable Data Protection Law.

3. Processing of Personal Data

3.1 The Processor shall process Personal Data only on documented instructions from the Controller.

3.2 The subject matter, nature, and purpose of the Processing are the provision of data enrichment services as described in the Terms of Service.

4. Obligations of the Processor

4.1 The Processor shall ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.

4.2 The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

5. Sub-processors

The Processor may engage sub-processors to perform specific processing activities. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors.

6. Data Subject Rights

The Processor shall assist the Controller in responding to requests for exercising the Data Subject's rights under Applicable Data Protection Law.

7. Personal Data Breach

The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data Breach and shall assist the Controller in addressing the breach.

8. Deletion or Return of Personal Data

The Processor shall, at the choice of the Controller, delete or return all Personal Data to the Controller after the end of the provision of services relating to Processing.

9. Audit Rights

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

Compliance with Data Protection Laws

10.1 The Processor shall comply with all applicable data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

10.2 The Processor shall assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Processor.

10.3 For data subjects residing in California, the Processor shall assist the Controller in complying with CCPA requirements, including but not limited to responding to consumer requests and maintaining reasonable security procedures and practices.