Data Protection Agreement (DPA)

Effective Date: March 1st, 2024

This Data Protection Agreement ("DPA") is entered into between LogicBaker Company Limited ("Data Controller" or "Controller") and you ("Data Processor" or "Processor") and governs the processing of personal data under applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR).

1. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, such as collection, storage, modification, or deletion.
• Data Subject: The individual whose personal data is being processed.

2. Purpose and Scope

• The Processor agrees to process personal data solely for the purposes outlined in this Agreement and in compliance with Controller’s instructions.
• The data processing activities include, but are not limited to, customer support, order fulfillment, and marketing analytics.

3. Obligations of the Data Processor

The Processor agrees to:

1. Process personal data only on documented instructions from the Controller.
2. Ensure that employees authorized to process personal data have committed to confidentiality.
3. Implement appropriate technical and organizational measures to protect personal data.
4. Assist the Controller in fulfilling its obligations under applicable data protection laws.

4. Obligations of the Data Controller

The Controller agrees to:

1. Ensure that processing activities have a lawful basis under applicable data protection laws.
2. Provide the Processor with accurate and up-to-date personal data.
3. Monitor and assess the Processor's compliance with this Agreement.

5. Sub-Processing

• The Processor shall not engage any sub-processor without prior written consent from the Controller.
• If sub-processors are engaged, the Processor shall ensure they comply with the terms of this Agreement.

6. Security Measures

The Processor shall implement the following security measures to protect personal data:

• Encryption of data at rest and in transit.
• Regular security audits and assessments.
• Access control mechanisms to prevent unauthorized access.

7. Data Breaches

• In the event of a data breach, the Processor must notify the Controller within 72 hours.
• The notification must include details of the breach, its impact, and the measures taken to address it.

8. Data Subject Rights

The Processor shall assist the Controller in responding to requests from data subjects, including:

• Access to personal data.
• Rectification or deletion of personal data.
• Restriction or objection to data processing.

9. Data Retention and Deletion

• The Processor shall retain personal data only for as long as necessary to fulfill the purposes outlined in this Agreement.
• Upon termination of this Agreement, the Processor must delete or return all personal data to the Controller.

10. Governing Law and Jurisdiction

This Agreement shall be governed by the laws of Your Country. Any disputes shall be resolved in the courts of Your City, State.

11. Contact Information

For questions or concerns regarding this Agreement, please contact:

• Email: support@logicbaker.com
• Address: 2081 Mountain View, CA. 94583

Thank you for ensuring compliance with data protection laws. LogicBaker Company Limited is committed to safeguarding personal data and maintaining a high standard of privacy and security.