Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between Crystol AI and our customers for the provision of our services. This DPA reflects our commitment to processing personal data in compliance with applicable data protection laws, including the GDPR.

2. Definitions

For the purposes of this DPA, "Personal Data," "Data Subject," "Processing," "Controller," and "Processor" have the meanings given to them in the GDPR or equivalent applicable data protection legislation.

3. Scope of Processing

Crystol AI processes personal data on behalf of customers to provide our AI-powered customer support services. The types of data processed include customer communications, support tickets, and related metadata.

4. Our Obligations

• Process personal data only on documented instructions from you
• Ensure personnel are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures
• Assist you in responding to data subject requests
• Delete or return personal data upon termination of services
• Make available information necessary to demonstrate compliance

5. Sub-processors

We may engage sub-processors to assist in providing our services. A current list of sub-processors is available upon request. We will notify you of any changes to sub-processors and you may object to such changes.

6. International Transfers

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

7. Data Breach Notification

We will notify you without undue delay upon becoming aware of a personal data breach affecting your data, and will provide information necessary for you to fulfill your own breach notification obligations.

8. Contact

For questions about this DPA or to request a signed copy, please contact us at support@crystol.ai