Data Processing Agreement (DPA)
Last modified: November 16, 2024
This Data Processing Agreement (“DPA”) is part of the Terms and Conditions (the “Agreement”) between Pollux Tech, Inc. (“Processor”) and the Customer (“Controller”). It governs the processing of personal data provided by the Customer in connection with their use of the Pollux platform (the “Service”).
1. Definitions
For the purposes of this DPA:
- “Personal Data”: Any information relating to an identified or identifiable natural person as defined by applicable data protection laws.
- “Processing”: Any operation or set of operations performed on Personal Data (e.g., collection, storage, use, transfer).
- “Controller”: The entity determining the purposes and means of processing Personal Data.
- “Processor”: The entity processing Personal Data on behalf of the Controller.
- “Subprocessor”: Any third party engaged by the Processor to process Personal Data.
- “Applicable Data Protection Laws”: Includes GDPR, CCPA, and any other applicable privacy laws.
2. Scope and Roles
- Controller and Processor Roles: The Customer is the Controller, and Pollux Tech, Inc. is the Processor. Pollux will process Personal Data solely for the purposes of providing the Service as outlined in the Agreement.
- Nature of Processing: Includes collecting, storing, transmitting, and managing data for the operation of the Pollux platform.
3. Customer Responsibilities
The Customer represents and warrants that:
a. It has the legal right to collect, share, and process Personal Data through the Pollux platform.
b. It has provided all necessary notices and obtained all required consents from data subjects.
c. It complies with applicable data protection laws.
d. It will configure its use of the Service in a manner that ensures compliance with Applicable Data Protection Laws.
4. Processor Obligations
Pollux Tech, Inc. agrees to:
a. Process Data Only as Instructed: Process Personal Data only as instructed by the Customer and as necessary to provide the Service.
b. Confidentiality: Ensure that personnel authorized to process Personal Data are bound by confidentiality obligations.
c. Security: Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (e.g., encryption, access controls).
d. Data Breach Notification: Notify the Customer without undue delay upon becoming aware of a data breach affecting Personal Data.
e. Assistance: Provide reasonable assistance to the Customer in responding to data subject requests or regulatory inquiries, provided such assistance does not impose a disproportionate burden on Pollux.
f. Deletion or Return of Data: Upon termination of the Agreement, delete or return all Personal Data within 30 days, unless applicable law requires retention.
5. Subprocessors
The Customer provides general consent for Pollux Tech, Inc. to engage subprocessors for the provision of the Service.
Current Subprocessors:
Subprocessor | Purpose | Location |
---|---|---|
Amazon Web Services (AWS) | Cloud hosting and storage | United States |
Stripe | Payment processing | United States |
a. Notification of Changes: Pollux will notify the Customer of any changes to subprocessors and provide the opportunity to object within 10 business days. Objections must be based on legitimate legal concerns.
b. Subprocessor Agreements: Pollux ensures that all subprocessors are bound by agreements that impose obligations equivalent to those in this DPA. Pollux is not liable for damages arising solely from the actions of subprocessors.
6. Data Subject Rights
Pollux Tech, Inc. will assist the Customer in fulfilling its obligations to data subjects under applicable data protection laws.
a. Requests for access, rectification, deletion, or data portability will be processed only upon the Customer’s documented request.
b. The Customer is responsible for verifying the identity of data subjects and ensuring that requests are legally valid.
c. Pollux reserves the right to charge for excessive requests or those requiring significant technical effort.
7. Security Measures
Pollux implements and maintains industry-standard measures to protect Personal Data, including:
- Encryption: Data is encrypted in transit and at rest.
- Access Controls: Restricted to authorized personnel based on need-to-know principles.
- Monitoring and Audits: Regular security audits and monitoring for unauthorized access.
The Customer is responsible for ensuring secure access to its account, including proper management of user credentials and API keys.
8. Liability
To the fullest extent permitted by law:
a. Pollux Tech, Inc.’s total liability for all claims under this DPA is limited to the fees paid by the Customer in the 12 months preceding the event giving rise to the claim.
b. Pollux is not liable for indirect, incidental, or consequential damages, including loss of profits, data, or business opportunities.
c. Pollux is not liable for damages arising from the actions of subprocessors unless directly caused by Pollux’s breach of this DPA.
9. International Transfers
Pollux Tech, Inc. may transfer Personal Data to subprocessors or locations outside the Customer’s jurisdiction. Such transfers will comply with applicable data protection laws, including the use of Standard Contractual Clauses or other approved mechanisms.
10. Audit Rights
Upon request, Pollux Tech, Inc. will provide documentation necessary to demonstrate compliance with this DPA. The Customer may audit Pollux’s data protection practices subject to the following conditions:
a. Audits are limited to once per calendar year and must be scheduled with 30 days’ advance notice.
b. Audits must not interfere with Pollux’s operations.
c. The Customer will bear all costs associated with the audit.
11. Term and Termination
This DPA remains effective as long as Pollux Tech, Inc. processes Personal Data on behalf of the Customer. Upon termination of the Agreement, Pollux will delete or anonymize all Personal Data within 30 days, unless applicable law requires longer retention.
12. Contact Information
For questions about this DPA or data protection practices, contact:
Pollux Tech, Inc.
8 The Green, Suite B
Dover, DE 19901
United States
Email: legal@polluxplatform.com