Knowledge Base

Any capitalized terms not explicitly defined within this DPA shall be construed as per their definitions in the Agreement.

By leveraging Peerlogic’s Services, the Customer acknowledges acceptance of this DPA. You thereby assert and guarantee that you possess the requisite authority to commit the Customer to the terms of this DPA. Should you lack such authority, or should you disagree with the terms outlined herein, please refrain from supplying any form of Personal Data to Peerlogic.

1. DEFINITION

1.1 Affiliate: Refers to any entity which, directly or indirectly, controls, is controlled by, or shares common control with Peerlogic Technologies Inc. (DBA Peerlogic). Control signifies owning or controlling more than 50% of the voting interests of the entity in question.laws

1.2 Authorized Affiliate: An Affiliate of the Customer that (a) is bound by Data Protection Laws, and (b) is authorized to access Peerlogic’s Services according to the terms of the Agreement between the Customer and Peerlogic, but hasn’t entered into a separate Order Form with Peerlogic.

1.3 Authorized User: Any individual empowered by the Customer to use Peerlogic’s Services under the Customer’s account, which may include medical providers for coaching and performance insights.

1.4 CCPA: The California Consumer Privacy Act, augmented by the California Privacy Rights Act, as amended periodically.

1.5 Controller: Entity responsible for establishing the objectives and methods for the Processing of Personal Data, generally the Customer.

1.6 Customer Data: As described in the Agreement, includes audio recordings, transcriptions, and metadata used for analysis, coaching, and performance insights.

1.7 Data Protection Laws: All privacy and data protection laws applicable in locations where Peerlogic provides Services, inclusive of GDPR, UK GDPR, and CCPA.

1.8 Data Subject: An identified or potentially identifiable individual whose Personal Data is Processed, often patients or medical providers in Peerlogic’s context.

1.9 GDPR: The General Data Protection Regulation (EU) 2016/679.

1.10 Information Security Standards: Security protocols relevant to the Services subscribed by the Customer, as regularly updated and made available by Peerlogic.

1.11 Personal Data/Personal Information: Any information relating to an identified or identifiable Data Subject, processed by Peerlogic as part of Customer Data under the Agreement.

1.12 Personal Data Breach: Any security breach causing unauthorized or unlawful Processing, destruction, or loss of Personal Data managed by Peerlogic on behalf of the Customer.

1.13 Personnel: Individuals authorized by Peerlogic to Process Customer Data, which could include software algorithms, automated processes, and human analysts.

1.14 Process/Processing: Operations conducted on Personal Data, automated or otherwise, as described in this DPA.

1.15 Processor: The entity, Peerlogic in this case, that Processes Personal Data on behalf of the Controller.

1.16 Sensitive Data: A subset of Personal Data that warrants special handling due to its sensitive nature, such as healthcare, biometric, or financial information, in compliance with specific Data Protection Laws.

1.17 Standard Contractual Clauses: As relevant to the geographical scope of Data Protection Laws, including EU SCCs, UK Addendum, and Switzerland Addendum for data transfers.

1.18 Sub-Processor: A third-party service provider contracted by Peerlogic to Process Personal Data under Peerlogic’s supervision.

1.19 UK GDPR: The Data Protection Act of 2018, including relevant amendments post the EU Exit.

2. DATA PROCESSING

2.1 Roles and Scope

This DPA is activated when Peerlogic processes Customer’s Personal Data while delivering Services. Under GDPR and similar laws, the Customer is the Controller and Peerlogic is the Processor. Under the CCPA, the Customer is the Business and Peerlogic is the Service Provider.

2.2 Processing Details

Peerlogic handles Customer’s Personal Data for the duration and specifics outlined in the Agreement, with the aim to provide the Services.

2.3 Data Types and Subjects

Customer and Authorized Users decide the types of Personal Data and identities of Data Subjects involved. Peerlogic doesn’t control this and avoids processing Sensitive Data. Optionally, voice identifiers for Authorized Users may be captured.

2.4 Customer’s Responsibilities

Customer ensures compliance with Data Protection Laws and instructs Peerlogic on data processing for:

• Service provision and improvement
• Legal compliance
• Third-party data sharing as per Customer’s setup

Customer is liable for data legality and must secure appropriate consents. Peerlogic will flag any instructions deemed non-compliant.

2.5 CCPA Compliance

Peerlogic commits to CCPA standards, ensuring no sale or sharing of Personal Data. Processing is for specified business purposes only, with security measures in line with the CCPA. Peerlogic assists Customer with CCPA-related requests and complies with audit rights.

3. ASSISTANCE

Peerlogic will assist Customer in meeting GDPR and other data law obligations. This includes facilitating Data Subjects’ rights like access, deletion, and objections to data processing. Support extends to security measures, breach notifications, and data impact assessments related to Peerlogic’s role. Any costs incurred by Peerlogic for providing such assistance will be billed to Customer, unless negligiblencurred by Peerlogic in connection with the provision of assistance to Customer under this DPA.

4. Peerlogic PERSONNEL

4.1 Access Control

Peerlogic limits access to Personal Data to Personnel who need it to perform under the Agreement.

4.2 Confidentiality

Personnel handling Personal Data will be bound by confidentiality agreements, trained in data protection, and made aware of their responsibilities. These obligations continue post-employment.

5. SUB-PROCESSORS

5.1 General Authorization

Peerlogic may use Sub-Processor. These Sub-Processors agree to similar data protection terms, and Peerlogic assumes liability for their compliance.

5.2 New Sub-Processors

For new Sub-Processors, Peerlogic will notify via its website, where Customer can subscribe for updates. Customer has the right to object within 5 business days of notification by emailing privacy@Peerlogic.io. Both parties will resolve any objections in good faith. If unresolved, Peerlogic will aim to provide the service without using the new Sub-Processor for Customer’s data.

6. CROSS-BORDER DATA TRANSFERS

6.1 Adequate Protection Countries

Data can be transferred from the EEA, UK, or Switzerland to countries deemed safe by relevant authorities without additional measures.

6.2 Other Countries

For transfers to non-adequate countries, specific terms in Schedule 1 will apply, depending on the origin (EEA, UK, or Switzerland).

6.3 Additional Transfers

For transfers from other jurisdictions with special rules, Customer will notify Peerlogic. Amendments to this DPA may be needed.

7. SECURITY

7.1 ControlsPeerlogic will maintain security measures aligned with Peerlogic Information Security Standards and will not reduce security during the Agreement term.

7.2 Audits

Security measures are externally audited. Audit reports can be provided to Customer upon written request, under confidentiality constraints.

8. PERSONAL DATA BREACH MANAGEMENT AND NOTIFICATION

8.1 Notification

Peerlogic will notify Customer of data breaches in accordance with the law. The notice will outline the breach’s nature, impact, and corrective measures.

8.2 Public Statements

Customer will not publicly identify Peerlogic in relation to a data breach without written approval, unless legally required. If so, Peerlogic should be notified and disclosure minimized.

9. AUDIT AND DEMONSTRATION OF COMPLIANCE

9.1 Information Sharing

On request, Peerlogic will provide data to show compliance with data protection laws. Customer must dispose of this data once its purpose is met.

9.2 Audit Terms

Peerlogic allows annual audits by a Customer-approved auditor, under specified conditions like pre-scheduling and nondisclosure agreements. Customer bears all costs and responsibilities for the audit.

10. RETURN OR DELETION OF PERSONAL DATA

Peerlogic will delete all Customer Data 30 days post-Agreement termination, except where legally required to keep it or for archived back-ups.

11. DISPUTE RESOLUTION

Both parties commit to resolving disputes through good faith negotiations before legal proceedings. Includes a step-by-step negotiation process between executives..

12. TERM

Becomes binding on the earliest of three possible dates: execution date, Agreement effective date, or when Peerlogic starts Processing Personal Data. Continues until the Agreement ends.

13. AUTHORIZED AFFILIATES

13.1 Relationship

Authorized Affiliates are bound by this DPA if Customer processes their data. Any violation by them is deemed a violation by the Customer.

13.2 Communication

Customer is responsible for all communications with Peerlogic and may act on behalf of its Authorized Affiliates.

14. MODIFICATIONS

Parties can propose changes to the DPA 45 days in advance due to new data protection laws. Peerlogic will try to accommodate reasonable changes. If an agreement isn’t reached within 30 days, either party can terminate the Agreement for the affected Services. No refunds will be given for this termination.

15. LIMITATION OF LIABILITY

15.1 Aggregate Liability

Liability is capped as per the ‘Limitation of Liability’ section in the Agreement and applies to all Affiliates collectively.

15.2 Clarification

Total liability for all claims is aggregate and applies to all DPAs under this Agreement, not individually to each Affiliate.

16. CONFLICT

16.1 DPA vs Agreement

If a conflict arises between this DPA and the Agreement regarding data processing, the DPA prevails.

16.2 DPA vs Standard Contractual Clauses

In case of a conflict, the Standard Contractual Clauses take precedence over this DPA and its schedules.