Data Processing Agreement
Effective Date: August 12, 2024.
This Data Processing Agreement (“Agreement”) is made between Jatheon Technologies Inc. (“Data Processor”) and the Customer (“Data Controller”), collectively referred to as the “Parties.”
1. Definitions
- 1.1 Data Controller: The entity that determines the purposes and means of processing Personal Data.
- 1.2 Data Processor: The entity that processes Personal Data on behalf of the Data Controller.
- 1.3 Personal Data: Any information relating to an identified or identifiable individual.
- 1.4 Processing: Any operation performed on Personal Data, whether automated or manual, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction.
2. Use of Sub-Processors
- 2.1 The Data Processor may engage sub-processors to assist in providing services. A list of current sub-processors is included in Exhibit A.
3. Data Processing Responsibilities
- 3.1 Legal Compliance: The Data Processor will ensure that all Personal Data is processed in accordance with applicable data protection laws, regulations, and industry standards.
- 3.2 Confidentiality: The Data Processor will ensure that any person authorized to process Personal Data is bound by a duty of confidentiality.
- 3.3 Security: The Data Processor will implement and maintain appropriate technical and organizational measures to protect Personal Data from unauthorized access, loss, disclosure, alteration, or destruction.
- 3.4 Sub-Processing: The Data Processor will maintain an updated list of all sub-processors involved in processing Personal Data and ensure that each sub-processor is bound by a written agreement to fulfill data protection obligations.
- 3.5 Data Subject Rights: The Data Processor will assist the Data Controller in responding to requests from data subjects to access, correct, delete, or restrict the processing of their Personal Data.
- 3.6 Data Breach Notification: In the event of a Personal Data breach, the Data Processor will promptly notify the Data Controller and provide all necessary information to assist in meeting legal obligations.
4. Data Controller Obligations
- 4.1 Lawful Basis: The Data Controller confirms that it has a lawful basis for processing Personal Data and that any necessary permissions or authorizations have been obtained.
- 4.2 Instructions: The Data Controller will provide the Data Processor with written instructions regarding the processing of Personal Data. The Data Processor will only process Personal Data according to these instructions.
- 4.3 Data Subject Rights: The Data Controller is responsible for managing and addressing data subject requests in accordance with applicable data protection laws.
5. Data Transfers
- 5.1 Any transfer of Personal Data to third countries or international organizations will require prior written consent from the Data Controller and must comply with applicable data protection laws.
6. Duration and Termination
- 6.1 This Agreement will remain effective for the duration of the data processing activities or until terminated as specified in this Agreement or in the Terms of Service.
- 6.2 If you have any questions, please contact our Data Protection Officer at dpo@jatheon.com.
———
Exhibit A: Sub-Processors
The Data Processor currently engages the following sub-processors for the processing of Personal Data:
| Sub-Processor | Location | Service Provided |
|---|---|---|
| Amazon Web Services, Inc. | United States | Cloud infrastructure, hosting, data storage, backups |
| Atlassian Trello | United States | Task and project management |
| Basecamp, LLC | United States | Team collaboration and project management |
| Breezy HR, Inc. | United States | Recruitment and applicant tracking |
| GovSpend | United States | Government contract and public spending intelligence |
| Google Workspace, Google LLC | United States | Email, document storage, collaboration, productivity tools |
| HubSpot, Inc. | United States | CRM, marketing automation, and sales platform |
| LinkedIn, Inc. | United States | Professional networking, recruitment, advertising |
| Meta Platforms, Inc. | United States | Social media services and digital advertising |
| PandaDoc | United States | Electronic signatures and document automation |
| PeopleForce LTD. | United Kingdom | Human resources management and employee records |
| RingCentral | United States | Business VoIP, messaging, and video communications |
| Riversys Technologies Private LTD. | India | Software development and IT services |
| Scrut Automation | United States | Security and compliance automation (SOC 2, ISO) |
| Slack Technologies, Inc. | United States | Internal team messaging and collaboration |
| Stripe Inc. | United States | Online payment processing and financial infrastructure |
| Xero Limited (Xero) | New Zealand | Cloud-based accounting and financial management |
| YouTube, Google LLC | United States | Video hosting, streaming, and analytics |
| Zendesk | United States | Customer support, ticketing, and helpdesk software |
| Zoom Video Communications, Inc. | United States | Video conferencing and online meetings |
