Data Processing Agreement Chiaro Labs

1.1. "Client": the natural or legal person who commissions Chiaro Labs to perform services.

1.2. "Processor": Chiaro Labs, who processes personal data on behalf of the Client.

1.3. "Personal Data": all information about an identified or identifiable natural person.

1.4. "Processing": any operation or set of operations relating to personal data.

2.1. The Processor processes personal data on behalf of the Client in the context of the services.

2.2. This agreement applies for the duration of the services and as long as the Processor processes personal data.

2.3. The processing takes place within the European Economic Area (EEA).

3.1. The Processor processes personal data exclusively on behalf of the Client and in accordance with the Client's written instructions.

3.2. The Processor processes the following categories of personal data:

• Contact details (name, email address, phone number)
• Business data (company name, job title)
• Technical data (IP address, user behavior)

3.3. The processing concerns the following categories of data subjects:

• Clients and prospects of the Client
• Employees of the Client
• Website visitors

4.1. The Processor ensures that personal data is adequately secured against loss or unlawful processing.

4.2. The Processor immediately notifies the Client of a data breach.

4.3. The Processor provides the Client with all information necessary to demonstrate compliance with the obligations under this agreement.

4.4. The Processor ensures that persons who have access to personal data are bound by confidentiality.

5.1. The Client is responsible for the lawfulness of the processing of personal data.

5.2. The Client ensures that the personal data provided to the Processor is accurate and complete.

5.3. The Client informs the Processor in a timely manner about changes that affect the processing.

6.1. The Processor takes appropriate technical and organizational measures to secure personal data.

6.2. The Processor adapts security measures to new developments in technology.

6.3. The Processor regularly tests and evaluates the effectiveness of security measures.

7.1. The Processor grants the Client access to all information necessary to demonstrate compliance with the obligations under this agreement.

7.2. The Processor ensures that the Client or an auditor authorized by the Client can perform audits.

7.3. The Processor cooperates with audits and supervision by the Data Protection Authority.

8.1. The Processor immediately notifies the Client of a data breach.

8.2. The Processor provides the Client with all information necessary to comply with the obligations under the GDPR.

8.3. The Processor takes appropriate measures to limit the consequences of a data breach.

9.1. The Processor supports the Client in responding to data subject requests.

9.2. The Processor provides the Client with all information necessary to respond to data subject requests.

9.3. The Processor takes appropriate measures to support data subject requests.

10.1. After termination of this agreement, the Processor deletes or anonymizes all personal data.

10.2. The Processor confirms in writing that all personal data has been deleted or anonymized.

10.3. The Processor does not retain copies of personal data, unless legally required.

For questions about this data processing agreement, you can contact:

Chiaro Labs

E-mail: contact@chiarolabs.com