Data Processing Agreement

This Data Processing Agreement ("DPA") is part of the Terms of Service ("Agreement") between [Customer Name] ("Customer," "you," "your") and RateVu ("the Software," "Processor," "we," "our," "us"). This DPA governs the processing of personal data that we perform on behalf of the Customer in connection with the provision of the Software, in compliance with applicable data protection laws, including the GDPR and the CCPA.

1. Definitions

• Data Controller: The entity that determines the purposes and means of the processing of personal data.
• Data Processor: The entity that processes personal data on behalf of the Data Controller.
• Data Subject: Any identified or identifiable individual whose personal data is processed.
• Personal Data: Any information relating to an identified or identifiable individual.
• Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or erasure.
• Sub-Processor: Any third party appointed by the Processor to process personal data on behalf of the Customer.

2. Roles and Responsibilities

• Customer as Data Controller: The Customer acts as the Data Controller for all personal data processed through the Software.
• RateVu as Data Processor: RateVu acts as the Data Processor and processes personal data on behalf of the Customer in accordance with this DPA and the Customer's instructions.

3. Types of Personal Data Processed

• End-user data: Names, email addresses, reviews, feedback, video testimonials, and other information submitted through review requests or landing pages.
• Customer data: Names, email addresses, contact information, login credentials, and other business-related data.
• Usage data: IP addresses, device information, and data related to the usage of the Software.

4. Purpose of Processing

• Aggregating reviews from third-party platforms (e.g., Google, Facebook).
• Responding to reviews via artificial intelligence on behalf of the Customer.
• Sending review request campaigns and processing feedback.
• Sharing reviews through widgets and social media platforms.
• Performing analytics to track and enhance reputation management.
• Automating processes such as the sending of review requests.

5. Duration of Processing

The processing of personal data will continue for the duration of the Agreement, unless otherwise required by law or requested by the Customer for data deletion.

6. Processor Obligations

• Process data only under instructions from the Customer.
• Ensure confidentiality of all employees or contractors involved in processing.
• Implement security measures appropriate to the risk.
• Assist the Customer in fulfilling data subject requests and compliance obligations.
• Data breach notification without undue delay after becoming aware of the breach.

7. Customer Obligations

• Provide lawful instructions consistent with applicable data protection laws.
• Inform data subjects and obtain required consents where applicable.
• Ensure a valid legal basis for processing personal data.
• Handle all data subject requests; RateVu will assist upon request.

8. Sub-Processors

RateVu may engage Sub-Processors to process personal data on behalf of the Customer. We will ensure each Sub-Processor provides equivalent data protection, inform the Customer of intended changes, and remain liable for their performance. A list of current Sub-Processors can be provided upon request.

9. International Data Transfers

RateVu may transfer personal data to countries outside the EEA. Where such transfers occur, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other lawful mechanisms.

10. Security Measures

• Encryption of personal data during transmission.
• Access controls to prevent unauthorized access to data.
• Regular security assessments and audits.
• Incident response plans to handle data breaches.

11. Data Subject Rights

RateVu will assist the Customer in ensuring compliance with data subjects' rights, including access, rectification, erasure, restriction or objection, and portability. Requests from data subjects will be forwarded to the Customer for handling.

12. Data Retention and Deletion

Upon termination or expiration of the Agreement, RateVu will, at the Customer's request, return or delete all personal data processed on behalf of the Customer, unless retention is required by law.

13. Audit Rights

The Customer has the right to request audits or inspections of RateVu's processing activities. Audits will be conducted at the Customer's own cost, with reasonable notice and minimal disruption.

14. Liability

Both parties agree that their liability under this DPA will be subject to the limitations and exclusions set out in the Agreement, except where such limitations are prohibited by applicable data protection laws.

15. Governing Law

This DPA shall be governed by and construed in accordance with the laws of United States, without regard to its conflict of laws principles.

16. Termination

This DPA shall remain in effect as long as RateVu processes personal data on behalf of the Customer. Upon termination of the Agreement, the terms of this DPA will continue to apply for as long as RateVu retains personal data.

17. Contact Information

If you have any questions or concerns regarding this DPA or your data privacy rights, please contact us at: contact@ratevu.com