Effective Date: August 1st, 2024


DATA PROCESSING AGREEMENT

This Data Processing Agreement ("DPA") forms part of the Terms of Use (or other similarly titled written or electronic agreement addressing the same subject matter) ("Agreement") between Customer (as defined in the Agreement) and 101 GenAI, Inc. This DPA governs how 101 GenAI, Inc. (the "Processor") provides software and services (the "Services") to the Customer (the "Controller"). The Controller and the Processor are referred to individually as a "Party" and collectively as the "Parties."

The Parties seek to implement this DPA to comply with the requirements of the EU General Data Protection Regulation ("EU GDPR") concerning the Processor's handling of Personal Data (as defined under the EU GDPR) in relation to their obligations under the Agreement. This DPA applies specifically to the Processor's processing of Personal Data provided by the Controller as part of their obligations.

Except as modified below, the terms of the Agreement remain in full force and effect.

1. Definitions

Unless defined otherwise in this DPA, the terms herein will have the meaning given to them under the EU GDPR or the Agreement. The following terms will have the corresponding meanings assigned to them below:

1.1 "Data Transfer" refers to the transfer of Personal Data from the Controller to the Processor, between establishments of the Processor, or with a Sub-processor.
1.2 "EU GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council regarding the protection of personal data and the free movement of such data.
1.3 "Standard Contractual Clauses" means the contractual clauses attached as Schedule 1 pursuant to the European Commission's Implementing Decision on Standard Contractual Clauses for transferring Personal Data to processors in third countries that do not ensure adequate data protection.
1.4 "Controller" means the entity that determines the purposes and means of processing personal data.
1.5 "Processor" means the entity processing personal data on behalf of the Controller.
1.6 "Sub-processor" means a third-party processor engaged by the Processor to process Personal Data on behalf of the Controller.

2. Purpose of this Agreement

This DPA outlines the obligations of 101 GenAI, Inc. in processing Personal Data and is limited to 101 GenAI, Inc.'s obligations under the Agreement. If there's any conflict between the Agreement and this DPA, the DPA will take precedence.

3. Categories of Personal Data and Data Subjects

The Controller authorizes 101 GenAI, Inc. to process Personal Data to the extent determined by the Controller, which is outlined in Annex I to Schedule 1 of this DPA.

4. Purpose of Processing

The processing of Personal Data by 101 GenAI, Inc. is limited to providing the agreed-upon Services to the Controller or its Clients, in accordance with the Agreement.

5. Duration of Processing

101 GenAI, Inc. will process Personal Data for the duration of the Agreement, unless otherwise agreed in writing by the Controller.

6. Data Controller's Obligations

6.1 The Controller warrants that it has all necessary rights to provide Personal Data to 101 GenAI, Inc. for processing in relation to the Services. The Controller is responsible for ensuring an appropriate legal basis for the processing and for obtaining and maintaining any necessary consents from Data Subjects.
6.2 The Controller must provide all Data Subjects with a relevant privacy notice.
6.3 The Controller may instruct 101 GenAI, Inc. to delete Personal Data at any time, unless required by law to retain the data.
6.4 The Controller must promptly inform 101 GenAI, Inc. if it receives:
  • Complaints or claims related to data privacy
  • Requests from Data Subjects seeking to access, correct, or delete Personal Data
  • Regulatory requests or any other legal processes regarding Personal Data.

7. Data Processor's Obligations

7.1 101 GenAI, Inc. will follow written instructions from the Controller regarding Personal Data processing.
7.2 101 GenAI, Inc. will assist the Controller with requests from Data Subjects or regulatory authorities concerning the processing of Personal Data.
7.3 If required, 101 GenAI, Inc. will obtain Data Subject consent and ensure proper data protection when transferring data outside 101 GenAI, Inc.'s boundaries.

8. Data Secrecy

8.1 101 GenAI, Inc. will ensure personnel with access to Personal Data are:
  • Informed about its confidential nature, and
  • Trained in data security and privacy standards.
8.2 101 GenAI, Inc. will implement industry-standard measures to protect the confidentiality and integrity of Personal Data.

9. Audit Rights

9.1 Upon reasonable request, 101 GenAI, Inc. will provide information to demonstrate compliance with this DPA and relevant data protection laws.
9.2 Audits at 101 GenAI, Inc.'s premises require at least thirty (30) days' notice, and the Controller bears the cost.

10. Data Transfers

Any transfer of Personal Data outside the EEA for processing must comply with Schedule 1 of this DPA, including the use of Standard Contractual Clauses.

11. Sub-processors

11.1 The Controller agrees that 101 GenAI, Inc. may engage Sub-processors for Service delivery, ensuring these Sub-processors follow the same or higher standards of data protection. The current list of approved Sub-processors is detailed in Annex III of Schedule 1.
11.2 If the Controller has concerns about a Sub-processor's processing activities, both Parties will work in good faith to address these concerns.

12. Personal Data Breach Notification

12.1 101 GenAI, Inc. will notify the Controller without undue delay if it becomes aware of a Personal Data Breach that risks the rights and freedoms of Data Subjects.
12.2 101 GenAI, Inc. will assist the Controller in meeting their obligations to notify regulatory authorities and Data Subjects about the breach, as required.

13. Return and Deletion of Personal Data

13.1 101 GenAI, Inc. will return or delete all Personal Data at the end of the Agreement or as otherwise instructed by the Controller.
13.2 Any remaining Personal Data will be deleted after the end of the Agreement.

14. Technical and Organizational Measures

101 GenAI, Inc. will implement appropriate technical and organizational measures to protect Personal Data from unauthorized access, loss, or destruction, as detailed in Annex II of Schedule 1.

101 GenAI, Inc.
By: _______________________
Name: _____________________
Title: _____________________
Date: _____________________

Customer
By: _______________________
Name: _____________________
Title: _____________________
Date: _____________________

Schedule 1

Annex I: List of Parties

Data Exporter: Customer (as per the Order Form)

Data Importer: 101 GenAI, Inc. (as per the Order Form)

Annex II: Technical and Organizational Measures

Detailed measures include (but are not limited to): encryption, access controls, firewalls, data isolation, and secure data storage mechanisms.

Annex III: Approved Sub-processors

101 GenAI, Inc. currently engages the following Sub-processors:

  • Amazon Web Services: Cloud Hosting and Infrastructure Services – USA and India

  • Google Cloud: Cloud Hosting and Infrastructure Services – USA and India

  • OpenAI: Large Language Model (LLM) Services – USA

  • Anthropic: Large Language Model (LLM) Services – USA

  • Mistral AI: Large Language Model (LLM) Services – France

  • Perplexity AI: Large Language Model (LLM) Services – USA

  • X AI: Large Language Model (LLM) Services – USA

  • Deepseek Cloud: Large Language Model (LLM) Services - China

  • Deepgram: Large Language Model (LLM) Services – USA

  • Groq Cloud: Large Language Model (LLM) Services – USA

  • Together AI: Large Language Model (LLM) Services – USA

  • Sentry: Application Performance Monitoring Services - USA

  • StackPro Technologies Pvt. Ltd.: Software Development and Maintenance Services - India

  • Intercom: Customer Support Platform - USA

  • Webknot Technologies Pvt. Ltd.: Technical and infrastructure support services - India

  • Beyond Codes: Sales Outreach Platform – USA

  • Monday: CRM Platform - USA

  • Mailchimp: Community Engagement Platform - USA

  • Stripe: Payment Processing – USA

If you have any questions, please contact dpo@101gen.ai