1. Introduction
This Data Processing Agreement ("DPA") forms part of the Terms of Service between SKYNETZERO ("Processor", "we", "us") and the Client ("Controller", "you") for the provision of AI automation services.
This DPA is designed to ensure compliance with Article 28 of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applies to the processing of personal data by the Processor on behalf of the Controller.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
- Data Subject: The individual to whom Personal Data relates.
- Sub-processor: Any third party engaged by the Processor to process Personal Data.
3. Subject Matter and Duration
3.1 Subject Matter
The Processor shall process Personal Data on behalf of the Controller for the purpose of providing AI automation services, including but not limited to workflow automation, data processing, and integration services.
3.2 Duration
This DPA shall remain in effect for the duration of the service agreement between the parties.
3.3 Nature and Purpose
Processing activities may include:
- Storage and retrieval of business data
- Automated workflow processing
- Integration with third-party services
- Analytics and reporting
4. Types of Personal Data
The following categories of Personal Data may be processed:
- Contact information (name, email, phone number)
- Business information (company name, website, job title)
- Communication records
- Usage data and analytics
- Any data provided by the Controller for automation purposes
5. Categories of Data Subjects
Data Subjects may include:
- Controller's employees
- Controller's customers
- Controller's business contacts
- End users of Controller's services
6. Processor Obligations
The Processor agrees to:
6.1 Lawful Processing
Process Personal Data only on documented instructions from the Controller, unless required by applicable law.
6.2 Confidentiality
Ensure that persons authorized to process Personal Data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
6.3 Security Measures
Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of Personal Data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Incident response procedures
6.4 Sub-processing
Not engage another processor without prior written authorization from the Controller. Where authorized, ensure sub-processors are bound by equivalent data protection obligations.
6.5 Data Subject Rights
Assist the Controller in responding to requests from Data Subjects exercising their rights under GDPR (access, rectification, erasure, portability, etc.).
6.6 Data Breach Notification
Notify the Controller without undue delay (within 72 hours) upon becoming aware of a Personal Data breach.
6.7 Data Protection Impact Assessments
Assist the Controller with data protection impact assessments and prior consultations with supervisory authorities where required.
6.8 Deletion or Return
Upon termination of services, delete or return all Personal Data to the Controller, unless retention is required by applicable law.
6.9 Audit Rights
Make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for audits.
7. Controller Obligations
The Controller agrees to:
- Ensure lawful basis for processing Personal Data
- Provide clear instructions regarding processing activities
- Obtain necessary consents from Data Subjects where required
- Notify the Processor of any changes affecting data processing
8. International Data Transfers
Where Personal Data is transferred outside the European Economic Area (EEA), appropriate safeguards shall be implemented, such as:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Binding Corporate Rules
9. Sub-processors
The Controller provides general authorization for the Processor to engage sub-processors. Current sub-processors include:
- Cloud hosting providers (for data storage)
- Analytics services (for service improvement)
- Communication platforms (for customer support)
The Processor shall inform the Controller of any intended changes to sub-processors, allowing the Controller to object.
10. Liability
Each party's liability under this DPA shall be subject to the limitations set forth in the main service agreement.
11. Governing Law
This DPA shall be governed by the laws of Romania and the European Union, specifically GDPR.
12. Contact Information
For questions regarding this DPA or data processing activities:
Data Protection Contact: [email protected]
Last updated: December 10, 2025