Privacy Policy

Effortlessly automate, collect, and analyze your customer interactions across all channels. Transform your customer service with powerful AI technology that turns every interaction into valuable insights.

Try Respondo.ai for FREE

Processor Agreement

Background and Interpretation

This Processor Agreement ("Addendum") sets forth the additional terms, requirements, and conditions under which Respondo.ai will process personal data when providing Services to the Customer under the Agreement. This Addendum is subject to the terms of the Agreement and is incorporated therein. Therefore, all rights and obligations arising from the Agreement, including any applicable general terms and/or limitations of liability, also apply to this Addendum.

Roles and Processing Details

For the purposes of this Addendum, Respondo.ai is considered a data processor and will process personal data only on behalf of the Customer. The Customer may be the data controller (the party determining the purpose and means of processing) or another data processor on behalf of a third party, in which case Respondo.ai may be considered a sub-processor.

The subject matter, duration, nature, and purpose of the processing, and the categories of personal data and data subjects concerning which Respondo.ai may process to fulfill its obligations under the Agreement, are further detailed in the sections and tables below.

Respondo.ai will only process personal data to the extent and in a manner necessary to provide the Services under the Agreement and in accordance with the Customer's written instructions. Respondo.ai will not process personal data for any other purpose or in a manner that does not comply with this Agreement or applicable data protection legislation, particularly the EU General Data Protection Regulation 2016/679 ("GDPR"). Respondo.ai will immediately notify the Customer if, in its opinion, the Customer's instruction would not comply with data protection legislation.

The terms "consent," "data controller," "data subject," "personal data," "personal data breach," "processor," "sub-processor," "processing," "supervisory authority," and "third party" have the meanings set out in Article 4 of the GDPR.

Details and Scope of Processing

The processing of personal data within the framework of the Agreement and this Addendum will be carried out in accordance with the following provisions and as required under Article 28(3) of the GDPR. The parties may amend this information from time to time if reasonably necessary to comply with those requirements:

  • The subject and purposes of the processing are limited to delivering the Services provided by Respondo.ai under the Agreement, including the improvement of the Services;
  • Personal data will be processed as long as the Services are provided by Respondo.ai under the Agreement;
  • The processing activities by Respondo.ai regarding the Services are set out in the Agreement and, where applicable, include: (a) providing the Services; (b) detecting, preventing, and resolving security and technical issues; and (c) responding to Customer support requests;
  • The types of personal data to be processed:
    • Identification: name, username, email address;
    • Contact: email address, phone number;
    • Location: country;
    • Authentication: password, 2FA data;
    • Device data: IP address, MAC address, browser fingerprint;
    • Behavioral data: usage behavior;
    • Open-field data: any type of personal data entered in an open input field within the Services;
    • All types of personal data included in the data sent to Respondo.ai via integrations.
  • The categories of data subjects to whom the personal data relates:
    • End-users of the Services (e.g., employees, contractors, and temporary workers of the Customer);
    • All persons to whom the personal data pertains, included in the data provided via integrations.

Respondo.ai will only process personal data (i) for the purposes of fulfilling its obligations under the Agreement and (ii) in accordance with the documented instructions described in this Addendum or as otherwise instructed by the Customer from time to time.

Where Respondo.ai reasonably believes that an instruction from the Customer contradicts the provisions of the Agreement or this Addendum or violates the GDPR or other applicable data protection regulations, it will promptly inform the Customer. In either case, Respondo.ai is authorized to postpone the execution of the relevant instruction until it has been modified by the Customer or agreed upon by both parties.

The Customer is solely responsible for the use and management of personal data submitted or transmitted through the Services.

Security Measures

Respondo.ai strives to comply with the security measures required under applicable data protection legislation, particularly Article 32 GDPR. In this regard, Respondo.ai will implement and maintain technical and organizational security measures throughout the term of the Agreement to secure processing operations against loss or any form of unlawful processing. Respondo.ai does not guarantee that security will be effective under all circumstances.

The Customer is responsible for ensuring that the security measures listed in the table below comply with its obligations under applicable data protection legislation (including but not limited to the GDPR) concerning the processed personal data.

Confidentiality

All obligations for Respondo.ai under this Addendum equally apply to all individuals processing personal data under the supervision of Respondo.ai, including but not limited to employees in the broadest sense of the word. Respondo.ai ensures that individuals authorized to process personal data are committed to confidentiality or are under an appropriate statutory confidentiality obligation.

All personal data received by Respondo.ai from the Customer under the Agreement is subject to a confidentiality obligation towards third parties. This confidentiality obligation does not apply if the Customer (i) has expressly consented to providing such information to third parties, (ii) where providing the information to third parties is reasonably necessary given the nature of the instructions and the delivery of the Services under the Agreement, or (iii) if there is a legal obligation to provide the information to a third party.

Data Location

Respondo.ai may process personal data in countries within the European Economic Area (EEA). Furthermore, the Customer authorizes Respondo.ai to process personal data outside the EEA, subject to applicable laws and regulations, where Respondo.ai and the Customer, where applicable, will agree on the following document(s) and safeguards, which will be fully integrated into this Addendum and the Agreement, as applicable, for transfers of personal data from the EU, EEA, and/or their member states, Switzerland, and the United Kingdom to countries that do not provide an adequate level of protection as defined by the GDPR of the above-mentioned areas and to implement appropriate safeguards:

  • The "Standard Contractual Clauses" for the transfer of personal data to (sub-)processors established in third countries under the GDPR (the current version as of the date of this Addendum is attached to the European Commission Decision 2021/914 (EU) of 4 June 2021), where Module 2 (Controller-to-Processor) will apply where Respondo.ai acts as a data processor and Module 3 (Processor-to-Processor) will apply where Respondo.ai acts as a sub-processor; and/or
  • The "UK Addendum" (International Data Transfer Addendum to the EU Commission Standard Contractual Clauses); and
  • Additional safeguards concerning security measures, including data encryption, data aggregation, segregation of access controls, and principles of data minimization.

Upon the Customer's request, Respondo.ai will inform the Customer of the countries outside the EU/EEA where it processes personal data.

Engagement of Sub-Processors

The Customer agrees that Respondo.ai may engage all its affiliates as sub-processors. The Customer hereby grants Respondo.ai and all its affiliates general permission to engage third parties as sub-processors within and outside the EU/EEA, within the framework of the Agreement, where the sub-processors listed in Appendix 1 to this Addendum are pre-approved by the Customer.

For the engagement of sub-processors by Respondo.ai, Respondo.ai will comply with the requirements of Article 28(2) and (4) GDPR. In particular, Respondo.ai will, upon the Customer's request, inform the Customer without undue delay about the engaged sub-processors. Respondo.ai and its affiliates (if and when applicable) will ensure that such third parties are contractually obligated to accept comparable tasks and levels of data protection as agreed by the Customer and Respondo.ai in this Addendum. If such a sub-processor fails to fulfill its obligations under such an agreement, Respondo.ai remains fully liable to the Customer for the performance of the Agreement.

Respondo.ai will inform the Customer of any proposed changes regarding the engagement of new sub-processors by written notice or a notice within the Service. The Customer has five (5) calendar days to object in writing to the proposed engagement by Respondo.ai. If the Customer objects, the parties agree to discuss the matter in good faith to resolve the issue. If the parties do not reach an agreement, Respondo.ai is entitled to engage the respective sub-processor, and the Customer has the right to terminate the Agreement on the date the new sub-processor is engaged. If the Customer does not object within the five-day period, the Customer is deemed to have agreed to the engagement of the new sub-processor. The approved sub-processors at the start of the Agreement are listed in the table below.

Assistance

Respondo.ai will, to the extent within its control, assist the Customer in fulfilling the Customer's legal obligations within the framework of the Service. This includes providing assistance in complying with the obligations under Articles 32 to 36 GDPR, such as providing assistance in conducting a Data Protection Impact Assessment (DPIA). Respondo.ai may charge reasonable costs for providing this assistance to the Customer.

Rights of Data Subjects

In the event a data subject submits a request, complaint, or inquiry to exercise their legal rights under Articles 15 to 22 GDPR to Respondo.ai, Respondo.ai will forward such a request, complaint, or inquiry to the Customer within fourteen (14) days of receipt. Respondo.ai may inform the data subject of this forwarding. The Customer will then handle the request, complaint, or inquiry independently.

If necessary and upon the Customer's request, Respondo.ai will assist the Customer in handling a request to the extent possible and reasonable, considering the nature of the processing. Respondo.ai may charge reasonable costs to the Customer for providing such assistance.

Personal Data Breach

In the event of a personal data breach, as defined in Article 33 GDPR, Respondo.ai will notify the Customer without undue delay. Respondo.ai will make reasonable efforts to ensure that the provided information is complete, correct, and accurate. If required by applicable data protection legislation, Respondo.ai will cooperate in informing the relevant data controller, data subjects, and/or supervisory authorities. The Customer determines whether these parties should be informed and remains responsible for any legal notification obligations in this regard.

In addition to the fact that a personal data breach has occurred, Respondo.ai will provide details, if available, at the Customer's first request, concerning:

  • (a) the date on which the data breach occurred (if the exact date is unknown: the period during which the data breach occurred),
  • (b) the (suspected) cause of the breach,
  • (c) the contact point where more information can be obtained,
  • (d) the categories of personal data involved,
  • (e) the categories of data subjects involved;
  • (f) the estimated number of data subjects and amount of personal data involved,
  • (g) the (currently known and/or expected) consequences thereof,
  • (h) the (proposed) solution,
  • (i) the measures already taken by Respondo.ai.

Return or Destruction of Personal Data

Once the Agreement is terminated for any reason, Respondo.ai will delete and/or destroy all personal data in its possession and any copies thereof within six (6) months after the termination of the Agreement. In case the Agreement is terminated due to ninety (90) days of non-payment, Respondo.ai will delete and/or destroy all personal data in its possession and any copies thereof within three (3) months after the termination of the Agreement due to non-payment.

In the event of termination of functions and add-ons, Respondo.ai will first perform a 'soft' deletion of all personal data in its possession and any copies thereof within three (3) months after the announcement of the termination of functions and add-ons. Three (3) months thereafter (being six (6) months after the announcement of the termination of functions and add-ons), Respondo.ai will perform a 'hard' deletion and destroy all personal data in its possession and any copies thereof.

The Customer is responsible for ensuring that they make timely copies or backups of the personal data retained by Respondo.ai. Upon request and, where appropriate, for a reasonable fee, Respondo.ai may be asked to assist in this. Respondo.ai is entitled to reasonable compensation for all the aforementioned activities.

Appendix 1 – Pre-Approved Sub-Processors

Respondo.ai Infrastructure Sub-Processors

  • Amazon Web Services | Cloud Hosting | aws.amazon.com
  • Bubble.io | Cloud Hosting | bubble.io
  • n8n.io | Workflow Automation | n8n.io
  • Postmarkapp.com | Email Delivery | postmarkapp.com

We've built an AI-driven platform that makes managing all customer interactions across various channels easy.

Quick Links

Home
About Us
Our Benefits
How it Works

Other Links

Set-up AI
Link Channels
Link API's
Articles

Contact Information

085 060 1883
info@respondo.ai
Respondo.ai

Social Media

Respondo BV
Terms & ConditionPrivacy Policy