Data Processing Agreement

1. Definitions and Interpretation

In this Data Processing Agreement (DPA), the following terms shall have the meanings set out below:

• GDPR: General Data Protection Regulation (EU) 2016/679
• Data Controller: The customer using AI-ME services
• Data Processor: AI-ME, acting as a data processor
• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data

2. Subject Matter and Duration

This DPA governs the processing of personal data by AI-ME on behalf of the customer in connection with the provision of our AI-powered SaaS services. This agreement shall remain in effect for the duration of the service agreement and shall terminate upon the cessation of all data processing activities.

3. Nature and Purpose of Processing

AI-ME processes personal data for the following purposes:

• Providing and maintaining our AI-powered services
• Processing customer requests and support inquiries
• Improving service functionality and user experience
• Ensuring security and preventing fraud
• Complying with legal obligations

4. Types of Personal Data and Categories of Data Subjects

4.1 Types of Personal Data

The personal data processed may include:

• Contact information (names, email addresses, phone numbers)
• Account credentials and profile information
• Usage data and analytics information
• Payment and billing information
• Communication records and support tickets

4.2 Categories of Data Subjects

Personal data may relate to customers, employees, contractors, and other individuals whose data is processed through our services.

5. Obligations of the Data Processor (AI-ME)

5.1 Processing in Accordance with Instructions

AI-ME shall process personal data only on documented instructions from the customer, including regarding transfers to third countries.

5.2 Confidentiality

AI-ME shall ensure that persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

5.3 Security Measures

AI-ME shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments.

6. Sub-processors

AI-ME may engage sub-processors to assist in providing our services. We shall:

• Inform the customer of any intended changes concerning sub-processors
• Ensure that sub-processors are bound by data protection obligations no less protective than those in this DPA
• Remain liable to the customer for the performance of sub-processors' obligations

7. Data Subject Rights

AI-ME shall assist the customer in responding to requests from data subjects exercising their rights under the GDPR, including:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure of personal data
• Right to data portability
• Right to object to processing

8. Personal Data Breaches

AI-ME shall notify the customer without undue delay after becoming aware of a personal data breach. We shall provide the customer with sufficient information to enable them to meet their obligations to report the breach to supervisory authorities and inform data subjects.

9. Data Protection Impact Assessment

AI-ME shall provide reasonable assistance to the customer with any data protection impact assessments and prior consultations with supervisory authorities that may be required under the GDPR.

10. Return and Deletion of Personal Data

Upon termination of the services, AI-ME shall delete or return all personal data to the customer, unless retention is required by applicable law. We shall provide written confirmation of deletion upon request.

11. Audit Rights

AI-ME shall make available to the customer all information necessary to demonstrate compliance with this DPA and shall allow for and contribute to audits, including inspections, conducted by the customer or another auditor mandated by the customer.

12. Governing Law and Jurisdiction

This DPA shall be governed by the laws of Greece. Any disputes arising from this agreement shall be resolved through binding arbitration in Athens, Greece, in accordance with the rules of the Hellenic Arbitration Association.

13. Contact Information

For any questions regarding this Data Processing Agreement, please contact our Data Protection Officer: