Data Processing Agreement

1. Definitions

This Data Processing Agreement ("DPA") supplements our Terms of Service and Privacy Policy regarding the processing of personal data.

• Controller: The entity that determines the purposes and means of processing personal data
• Processor: Olasilik.ai, which processes data on behalf of the Controller
• Personal Data: Any information relating to an identified or identifiable person

2. Scope and Roles

When you use our services to process personal data of your customers or users, you act as the Controller and we act as the Processor.

3. Data Processing

We will process personal data only:

• In accordance with your documented instructions
• To provide the services you requested
• As required by applicable law

4. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Employee training on data protection

5. Sub-Processors

We may engage sub-processors to assist in providing the services. We maintain a list of authorized sub-processors and will notify you of any changes.

6. Data Subject Rights

We will assist you in responding to data subject requests including access, rectification, erasure, and portability requests.

7. Data Breaches

We will notify you without undue delay after becoming aware of any personal data breach affecting your data.

8. International Transfers

Personal data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for such transfers.

9. Audit Rights

Upon reasonable notice, you may audit our compliance with this DPA, subject to confidentiality obligations.

10. Contact

For DPA-related inquiries, contact dpo@olasilik.ai