Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of the Master Services Agreement or other written or electronic agreement between UtopikAI (Permutation PLOMIUM SASU) and the Customer (the "Agreement"). It applies when UtopikAI processes Customer Personal Data on behalf of the Customer as a Data Processor.

1. Definitions

  • Security Incident: Unauthorized access, destruction, loss or disclosure of Customer Personal Data.
  • Data Protection Laws: Applicable privacy and data protection laws, including GDPR.
  • Data Controller / Processor: As defined by GDPR.
  • Sub-Processor: Any third party engaged by UtopikAI to assist in processing Customer Personal Data.

2. Scope and Relationship to Agreement

This DPA replaces all prior DPAs between the parties. It applies where UtopikAI processes Customer Personal Data originating from the EEA or subject to EU Data Protection Laws.

3. Processing as Data Controller

UtopikAI may process CRM Personal Data (e.g., employee contact info) as a Data Controller for the purposes of service operations, usage statistics, and service notifications.

4. Processing as Data Processor

  • UtopikAI processes Customer Personal Data solely on Customer's documented instructions.
  • Customer ensures it has the legal basis to process such data.
  • UtopikAI will notify Customer if it believes any instruction violates Data Protection Law.

5. Sub-Processors

  • Sub-Processors are listed at: https://utopikai.com/sub-processors/
  • UtopikAI ensures Sub-Processors are bound to data protection obligations.
  • Customer may object to new Sub-Processors on valid grounds.

6. Security Measures

  • UtopikAI maintains technical and organizational measures as detailed in the Security Measures document.
  • Updates may be made provided they don’t degrade overall security.
  • UtopikAI limits access to personnel under confidentiality obligations.

7. Security Incidents

UtopikAI will notify Customer without undue delay upon becoming aware of a Security Incident and assist in mitigation.

8. Audits

  • One audit per year with 30 days' notice, at Customer’s cost.
  • Limited to verifying DPA compliance.

9. International Transfers

  • Transfers occur to locations listed in Exhibit D.
  • Where relevant, Standard Contractual Clauses or the EU-U.S. Data Privacy Framework apply.

10. Data Deletion or Return

Upon termination of the Agreement, Customer Personal Data will be deleted or returned, unless retention is required by law.

11. Cooperation

  • UtopikAI assists with data subject requests and regulatory inquiries.
  • If compelled by law enforcement, UtopikAI will notify Customer unless prohibited.

12. Miscellaneous

  • Liability is limited per the Agreement.
  • UtopikAI may disclose DPA to regulators if legally required.
  • This DPA prevails over conflicting terms in the Agreement.

Exhibits

Exhibit A: DPO Contact

  • Email: dpo@utopikai.com
  • Address: PLOMIUM SASU, 19 Traverse Jules Guesde, 92100 Boulogne-Billancourt, France

Exhibit B: Data Processing Details

  • Data subjects: Customer staff, users, contractors, clients
  • Categories: Name, email, phone, IP, userID, company, role
  • Special categories: None (prohibited)
  • Processing: Collection, consultation, storage, deletion, etc.

Exhibit C: Security Measures

  • Refer to Security Measures Schedule

Exhibit D: Sub-Processors

  • Refer to Sub-Processors list on website

Ready to boost your productivity with AI?

Contact us today and discover how UtopikAI can transform the way you work.Automate your tasks, improve efficiency, and maintain full control over your data.

Start my free trial
ArrowArrow

AI that adapts to your business.Secure, efficient, and tailored to your needs, it transforms the way you work.

Useful Links
HomeProductivityPricingContact usTerms and Conditions
Solutions
Customer SupportMarketingOperationsSalesHuman ResourcesTech Teams
Copyright © UtopikAI 2024