Data Processing Addendum

Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of, and is subject to, the Terms & Conditions (or Master Services Agreement for enterprise clients) between Chatbotfor ("Chatbotfor") and Customer that references this DPA (the "Agreement"). It is effective as of the date of the Agreement.

This DPA applies when Chatbotfor processes Customer Personal Data as a Processor, on behalf of Customer acting as Controller, while providing services under the Agreement. Capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement.

1. Definitions

Term	Definition
Data Breach	Any unauthorized or unlawful breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Customer Personal Data.
Data Protection Laws	All data protection and privacy laws applicable to the processing of Personal Data under the Agreement, including Andorra's Law 29/2021 on Data Protection and, where applicable, EU GDPR standards.
Controller	The entity determining the purposes and means of the processing of Personal Data.
Processor	The entity processing Personal Data on behalf of the Controller under the Controller’s instructions.
Personal Data	Any information relating to an identified or identifiable natural person as defined by Andorran Law 29/2021.
Processing	Operations on Personal Data such as collection, storage, use, transfer, or deletion as defined under applicable Data Protection Laws.
Sub-Processor	Any Processor engaged by Chatbotfor to assist in fulfilling its obligations under this DPA. Sub-Processors may include third parties or affiliates.

2. Relationship with the Agreement

The provisions of this DPA supersede any conflicting terms in the Agreement concerning data protection and processing. All other provisions of the Agreement remain in force.

3. Scope and Applicability

This DPA applies to processing activities where Customer Personal Data:

Originates from Andorra or is otherwise subject to Andorran Law 29/2021, or
Falls under applicable European Economic Area (EEA) or GDPR standards.

4. Obligations of the Customer

4.1 Customer, as Controller, ensures compliance with all applicable Data Protection Laws, including:

Providing accurate, lawful, and necessary instructions to Chatbotfor for processing Customer Personal Data.
Informing data subjects of the processing as required under applicable laws.
Avoiding the transmission of special categories of data (e.g., sensitive data) to Chatbotfor without prior notice and agreement.

4.2 Customer shall provide Chatbotfor with details of any required data processing activities and updates to ensure compliance with applicable laws.

5. Obligations of Chatbotfor

5.1 Chatbotfor processes Customer Personal Data solely on Customer’s documented instructions and ensures appropriate measures are implemented for:

Protecting data confidentiality and security.