Data Processing Agreement

Parties to the Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between:

• The Data Controller: Tyjera
• The Data Processor: Tyjera

Subject Matter and Duration

This DPA applies to all activities where the Data Processor processes personal data on behalf of the Data Controller. The duration of this DPA corresponds to the duration of the Terms of Service.

Obligations of the Data Processor

• Process personal data only on documented instructions from the Data Controller
• Ensure that persons authorized to process personal data have committed themselves to confidentiality
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
• Assist the Data Controller in responding to requests from data subjects
• Notify the Data Controller without undue delay after becoming aware of a personal data breach

Security Measures

The Data Processor implements the following technical and organizational measures:

• Encryption of personal data
• Regular backup procedures
• Access control and authentication
• Regular testing and evaluation of security measures

Sub-processors

The Data Processor may engage sub-processors to process personal data. The Data Processor shall inform the Data Controller of any intended changes concerning the addition or replacement of sub-processors.

Audit Rights

The Data Controller has the right to audit the Data Processor's compliance with this DPA. The Data Processor shall contribute to audits by providing necessary information and allowing inspections.

Liability

The Data Processor shall be liable for any damage caused by processing only where it has not complied with obligations of the GDPR specifically directed to processors or where it has acted outside or contrary to lawful instructions of the Data Controller.