Data Processing Addendum

This Data Processing Addendum ("DPA") forms part of the main agreement ("Agreement") between Jellypod, Inc. ("Jellypod", "we", "us", or "our") and the customer ("Customer") for the provision of services by Jellypod (the "Services") as defined in the Agreement.

1. Definitions

Personal Data refers to any information relating to an identified or identifiable natural person, as defined by applicable data protection laws.

Processing means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration, retrieval, use, disclosure, and erasure.

Sub-processor means any third party engaged by Jellypod that processes Personal Data on behalf of the Customer.

2. Scope and Applicability

This DPA applies when Jellypod processes Personal Data on behalf of the Customer in connection with the provision of the Services. This DPA is subject to the terms of the Agreement and reflects the parties' agreement with regard to the processing of Personal Data.

3. Customer Responsibilities

The Customer is responsible for ensuring that the processing of Personal Data complies with all applicable data protection laws and regulations.

The Customer must provide clear instructions to Jellypod for the processing of Personal Data as required by applicable law.

4. Jellypod's Obligations

Jellypod will only process Personal Data on behalf of the Customer in accordance with the Customer's documented instructions, including those set forth in the Agreement and this DPA.

Jellypod will ensure that all personnel authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Jellypod will implement and maintain appropriate technical and organizational measures to protect Personal Data from unauthorized access, loss, alteration, or disclosure.

5. Sub-processors

Jellypod may engage Sub-processors to process Personal Data on behalf of the Customer. Jellypod will ensure that Sub-processors are subject to data protection obligations consistent with those set forth in this DPA.

Jellypod will remain liable for the actions and omissions of its Sub-processors.

6. Data Subject Rights

Jellypod will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws (e.g., rights to access, rectification, erasure, and data portability).

7. Security Breach Management

In the event of a Personal Data breach, Jellypod will notify the Customer without undue delay after becoming aware of the breach. Jellypod will provide sufficient information to assist the Customer in meeting any obligations to report or inform data subjects of the breach.

8. Data Transfers

Jellypod will ensure that Personal Data is not transferred outside the European Economic Area (EEA) or other jurisdictions with similar restrictions unless adequate protections are in place, such as standard contractual clauses or an approved certification mechanism.

9. Audits

The Customer has the right to audit Jellypod's compliance with the terms of this DPA, including inspecting facilities, systems, and records used to process Personal Data.

10. Termination and Deletion of Data

Upon termination of the Agreement, Jellypod will, at the Customer's choice, return or delete all Personal Data processed on behalf of the Customer, unless required by applicable law to retain the data.

11. Governing Law

This DPA shall be governed by and construed in accordance with the laws governing the Agreement.

12. Contact Information

For any questions regarding this DPA or Jellypod's data processing activities, please contact us at privacy@jellypod.ai