Data Processing Addendum
This Data Processing Addendum and its Annexes (“DPA”) forms part of the Early Access Agreement (the “Agreement”) between Fabi Inc. (collectively, “Fabi” or “Processor”) and the party identified as “Participant” in the Agreement ( “Participant”, “Customer” ) and reflects the parties’ agreement with respect to the Processing of Personal Data by Fabi on behalf of Customer in connection with the Services under the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, the terms of this DPA will supersede and control.
This Data Processing Agreement (“DPA”) is entered into by and between (“Customer”) and Fabi, Inc.(“Processor”) (together, the “Parties”).
Purpose and Scope
This DPA governs the processing of personal data by Processor on behalf of Customer in connection with the provision of services by Processor to Customer.
The Parties agree that this DPA is subject to the terms and conditions of the agreement between Customer and Processor governing the provision of such services (the “Services Agreement”).
Obligations of the Processor
Processor shall process personal data on behalf of Customer only to the extent necessary to provide the services to Customer as specified in the Services Agreement, and in accordance with Customer's instructions.
Processor shall implement appropriate technical and organizational measures to ensure the security of the personal data processed on behalf of Customer, including measures to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
Processor shall ensure that its personnel who have access to personal data are subject to appropriate confidentiality obligations.
Data Subject Rights
Processor shall provide reasonable assistance to Customer in responding to requests by data subjects to exercise their rights under GDPR or CCPA, including the right of access, rectification, erasure, and data portability.
Confidentiality and Security
Processor shall maintain the confidentiality of the personal data processed on behalf of Customer and shall not disclose such data to any third party without the prior written consent of Customer.
Processor shall implement appropriate technical and organizational measures to ensure the security of the personal data processed on behalf of Customer.
Processor may engage subprocessors to process personal data on behalf of Customer, provided that Processor complies with the requirements for subprocessors set forth in the Services Agreement.
Processor shall remain fully liable to Customer for any acts or omissions of subprocessors engaged by Processor to process personal data on behalf of Customer.
Audit and Compliance
Processor shall provide Customer with all information necessary to demonstrate compliance with GDPR or CCPA requirements.
Processor shall allow Customer or its authorized representatives to conduct audits or inspections of Processor's compliance with this DPA upon reasonable notice.
Governing Law and Jurisdiction
This DPA shall be governed by and construed in accordance with the laws of the jurisdiction in which Customer is located.
Any disputes arising out of or relating to this DPA shall be subject to the exclusive jurisdiction of the courts in the jurisdiction in which Customer is located.
This DPA is entered into and effective as of the date of the Services Agreement.