Company name: Optidash GmbH
Company address: Mühlenstr. 8A, 14167 Berlin, Germany.
This Optidash GDPR Data Processing Addendum ("DPA") amends the Terms of Service (the "Agreement") available at https://compressor.app/legal/terms, entered into by and between Customer and Optidash. The purpose of this DPA is to reflect the parties' agreement with regard to the processing of Personal Data in accordance with the requirements of Data Protection Legislation as defined below.
This DPA shall not replace or supersede any agreement or addendum relating to processing of Personal Data negotiated by Customer and referenced in the Agreement, and any such individually negotiated agreement or addendum shall apply instead of this DPA.
In the course of providing the Services to Customer pursuant to the Agreement, Optidash may process Personal Data on behalf of Customer. Optidash agrees to comply with the following provisions with respect to any Personal Data submitted by or for Customer to the Services or collected and processed by or for Customer through the Application Services. Any capitalized but undefined terms herein shall have the meaning set forth in the Agreement.
a. "Data Protection Legislation" means the General Data Protection Regulation (EU) 2016/679 ("GDPR"), and any legislation and/or regulation implementing or made pursuant to them, or which amends or replaces any of them, including member state laws supplementing the GDPR;
b. The terms "Personal Data", "Data Subject", "Data Controller", "Controller", "Data Processor", "Processor", "Processing", "Sub-Processor" shall be interpreted in accordance with applicable Data Protection Legislation;
c. The parties agree that Customer is the Data Controller and that Optidash is its Data Processor in relation to Personal Data that is processed in the course of providing the Services. Customer shall comply at all times with Data Protection Legislation in respect of all personal data it provided to Optidash pursuant to the Agreement.
When Optidash Processes Personal Data in the course of providing the Services, Optidash will:
a. process the Personal Data as a Data Processor, only for the purpose of providing the Services in accordance with documented instructions from Customer (provided that such instructions are commensurate with the functionalities of the Services), and as may subsequently be agreed to by Customer. If Optidash is required by law to Process the Personal Data for any other purpose, Optidash will provide Customer with prior notice of this requirement, unless Optidash is prohibited by law from providing such notice;
b. notify Customer without undue delay if, in Optidash's opinion, an instruction for the processing of Personal Data given by Customer infringes applicable Data Protection Legislation;
c. notify Customer promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Data Subject relating to Optidash's Processing of the Personal Data;
d. implement and maintain appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected;
e. provide Customer, upon request, with up-to-date attestations, reports or extracts thereof where available from a source charged with auditing Optidash's data protection practices (e.g. external auditors, internal audit, data protection auditors), or suitable certifications, to enable Customer to assess compliance with the terms of this Addendum;
f. notify Customer without undue delay and in any case within 24 hours upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data. Such notification shall include at minimum:
g. ensure that all Optidash personnel who access the Personal Data are bound by appropriate confidentiality obligations and comply with the obligations set out in this Clause;
h. upon termination of the Agreement, upon Customer's request, Optidash will delete or return all Personal Data to Customer within 30 days and delete existing copies unless applicable law requires storage of the Personal Data. Upon request, Optidash will provide a certificate of deletion.
a. Customer acknowledges and agrees that Optidash may use Sub-Processors to Process the Personal Data. Optidash's use of any specific Sub-Processor to process the Personal Data must be in compliance with Data Protection Legislation and must be governed by a contract between Optidash and Sub-Processor that provides at least the same level of protection for Personal Data as set forth in this DPA.
b. For any transfer of Personal Data from the European Economic Area, Switzerland, or the United Kingdom to a country that is not recognized as providing an adequate level of protection for Personal Data, Optidash agrees to abide by and process Personal Data in compliance with the EU Standard Contractual Clauses (2021) or UK International Data Transfer Agreement, as applicable.
c. Optidash shall maintain appropriate supplementary measures to ensure the protection of Personal Data transferred to third countries, including but not limited to encryption in transit and at rest, access controls, and regular security assessments.
a. In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement. Customer acknowledges and agrees that Optidash may amend this Addendum from time to time by posting the relevant amended and restated Addendum on Optidash's website, available at https://compressor.app/legal/dpa and such amendments to the Addendum are effective as of the date of posting. Customer's continued use of the Services after the amended Addendum is posted to Optidash's website constitutes Customer's agreement to, and acceptance of, the amended Addendum. If Customer does not agree to any changes to the Addendum, Customer is asked not to continue to use the Service.
b. Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. If any provision of the Addendum is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Addendum shall remain operative and binding on the parties.
This DPA shall remain in effect as long as Optidash carries out Personal Data processing operations on behalf of Customer or until the termination of the Agreement (and all Personal Data has been returned or deleted in accordance with this DPA).
We use the following sub-processors to help deliver our services. All data transfers to these sub-processors are protected by appropriate safeguards such as EU Standard Contractual Clauses (2021).