Auftragsverarbeitungsvertrag

This Data Processing Agreement ("DPA") forms part of the Terms of Service between SOLIZY LLC ("Processor") and the customer using the Service ("Controller").

1. PURPOSE

This DPA governs the processing of personal data by Synquake on behalf of customers in connection with the Service.

2. ROLES OF THE PARTIES

Customer acts as:

Data Controller

Synquake acts as:

Data Processor

except where Synquake independently determines purposes and means of processing, in which case Synquake acts as a Controller.

3. SUBJECT MATTER

Provision of synchronization, integration, automation, transfer, storage, and processing services.

4. DURATION

This DPA remains in effect for the duration of the customer's use of the Service.

5. PROCESSING INSTRUCTIONS

Synquake shall process personal data only:

• Under customer instructions;
• As necessary to provide the Service;
• As required by law.

6. TYPES OF PERSONAL DATA

Depending on customer usage:

• Names;
• Email addresses;
• Phone numbers;
• Customer records;
• CRM data;
• Website content;
• User-generated content;
• Any other information transmitted through integrations.

7. CATEGORIES OF DATA SUBJECTS

May include:

• Customers;
• Prospects;
• Employees;
• Contractors;
• Website visitors;
• End users.

8. CONFIDENTIALITY

Synquake shall ensure that personnel authorized to process personal data are subject to confidentiality obligations.

9. SECURITY MEASURES

Synquake shall maintain reasonable security measures appropriate to the nature of the processing.

Measures may include:

• Access controls;
• Encryption in transit;
• Authentication systems;
• Monitoring;
• Logging.

10. SUBPROCESSORS

Customer authorizes Synquake to engage subprocessors.

Synquake shall remain responsible for subprocessors to the extent required by applicable law.

A current list of subprocessors may be maintained on the Synquake website. See the Subprocessors page.

11. ASSISTANCE

Taking into account the nature of processing, Synquake shall provide reasonable assistance regarding:

• Data subject requests;
• Security obligations;
• Regulatory inquiries.

12. DATA BREACHES

Synquake shall notify customers without undue delay after becoming aware of a confirmed personal data breach affecting Customer Data.

13. RETURN OR DELETION

Upon termination of the Service, personal data may be deleted in accordance with the Terms of Service and retention practices.

14. INTERNATIONAL TRANSFERS

Where required by law, Synquake shall implement appropriate safeguards for international transfers of personal data.

15. AUDITS

Synquake may satisfy audit requests through documentation, security materials, certifications, or other reasonable means.

On-site audits may be limited to circumstances required by law and subject to confidentiality obligations.

16. LIABILITY

The liability limitations contained within the Terms of Service shall apply to this DPA to the maximum extent permitted by law.

17. GOVERNING LAW

This DPA shall be governed by the laws of Georgia unless otherwise required by applicable data protection laws.