Data Processing Addendum

1. Introduction

This Data Processing Addendum ("DPA") forms part of the Agreement between Scheduling Kit and Customer for the provision of Services.

2. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data.
• "Data Controller" means the entity that determines the purposes and means of Processing.
• "Data Processor" means the entity that Processes Personal Data on behalf of the Controller.

3. Roles and Responsibilities

Customer is the Data Controller. Scheduling Kit acts as Data Processor when Processing Personal Data on behalf of Customer.

4. Processing Instructions

Scheduling Kit will only Process Personal Data in accordance with Customer's documented instructions and applicable law.

5. Security Measures

Scheduling Kit implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

6. Sub-processors

Customer authorizes Scheduling Kit to engage sub-processors. A current list is available at /sub-processors.

7. Data Subject Rights

Scheduling Kit will assist Customer in responding to requests from data subjects exercising their rights under applicable data protection law.

8. International Transfers

Scheduling Kit will ensure appropriate safeguards are in place for any international transfers of Personal Data.

9. Term and Termination

This DPA will remain in effect for the duration of the Agreement. Upon termination, Scheduling Kit will delete or return all Personal Data.

10. Contact

For DPA-related inquiries, contact legal@schedulingkit.com.