Data Processing Agreement (DPA)
This DPA defines data protection obligations between customer (Controller) and AssistaNote (Processor).
1. Parties and role
This DPA applies when a customer organization uses AssistaNote to process personal data. The customer acts as Controller and AssistaNote acts as Processor, unless otherwise agreed in writing.
2. Subject matter and duration
Processing concerns customer-provided data for service delivery, security, and support for the term of the service agreement and any post-termination retention period required by law.
3. Nature and purpose of processing
AssistaNote processes data solely on documented instructions from the Controller to provide the contracted services, maintain security, and ensure reliability.
4. Confidentiality and security
AssistaNote applies technical and organizational measures appropriate to risk, including access control, encryption where appropriate, logging, and confidentiality commitments for personnel.
5. Subprocessors
AssistaNote may engage subprocessors under written agreements imposing data protection obligations equivalent to this DPA. A current subprocessors list is available on request.
6. Data subject rights and assistance
AssistaNote assists the Controller in responding to data subject requests and supervisory authority obligations, taking into account processing nature and available information.
7. Incidents and deletion
AssistaNote will notify the Controller without undue delay after becoming aware of a personal data breach affecting customer data. On termination, data is returned or deleted according to contract and law.
8. Audit and contact
Reasonable audit information may be provided upon written request under confidentiality safeguards. For DPA requests, contact AssistaNote via official channels on assistanote.com.