This Data Processing Agreement ("Agreement") is entered into between the user of Baseline ("Controller") and Baseline ("Processor"), collectively referred to as the "Parties."
By using Baseline services, the Controller agrees to the terms of this Agreement regarding the processing of personal data.
1. Purpose and Scope1.1 This Agreement governs the processing of personal data by Baseline on behalf of the Controller as part of the services provided by Baseline.
1.2 Baseline only processes the personal data that the Controller chooses to upload or submit via the platform. The Controller bears full responsibility for determining the types and categories of personal data that are submitted.
1.3 Baseline does not control, review, or determine the nature of the personal data provided by the Controller.
2. Categories of Data Subjects and Types of Personal Data2.1 Categories of Data Subjects: The Controller is solely responsible for determining the categories of data subjects whose personal data is uploaded to the Baseline platform. This may include, but is not limited to:
2.2 Types of Personal Data: The Controller is solely responsible for determining the types of personal data uploaded or submitted via Baseline. This may include, but is not limited to:
Baseline does not actively manage or verify the types of personal data uploaded to the platform.
3. Responsibilities of the Processor3.1 Baseline processes personal data solely as instructed by the Controller and in accordance with the functionalities provided through the platform.
3.2 Baseline will not process personal data for any purposes other than those necessary to provide the services unless explicitly instructed otherwise by the Controller or required by law.
4. Controller's Responsibilities4.1 The Controller is solely responsible for ensuring that the personal data it uploads to Baseline complies with all applicable data protection laws, including obtaining necessary consents from data subjects, if required.
4.2 The Controller is responsible for determining the legality, appropriateness, and accuracy of the personal data uploaded to Baseline.
4.3 The Controller is solely responsible for categorizing and classifying the personal data, including sensitive or special categories of data, if applicable, and for ensuring that appropriate safeguards are in place before uploading such data to the platform.
5. Compliance with Data Protection Laws5.1 Both Parties agree to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), to ensure the protection of personal data processed under this Agreement.
5.2 The Controller confirms that the personal data provided to Baseline has been collected lawfully, and that the Controller has the right to provide such data to Baseline for processing.
6. Security Measures6.1 Baseline implements appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
6.2 Baseline regularly reviews and updates its security measures to ensure the protection of the personal data processed through its platform.
7. Sub-processors7.1 Baseline may engage sub-processors to fulfill its obligations under this Agreement. A list of authorized sub-processors is available upon request.
7.2 Baseline ensures that all sub-processors comply with the same data protection obligations outlined in this Agreement.
7.3 The Controller acknowledges and agrees to the use of sub-processors by Baseline.
8. Data Subject Rights8.1 Baseline will assist the Controller, to the extent possible, in fulfilling data subjects' requests to exercise their rights under applicable data protection laws (e.g., access, rectification, erasure).
8.2 The Controller is responsible for handling and responding to such data subject requests unless the Controller instructs Baseline otherwise.
8.3 Any requests received directly by Baseline will be forwarded to the Controller, unless prohibited by law.
9. Data Breach Notification9.1 In the event of a personal data breach, Baseline will notify the Controller without undue delay after becoming aware of the breach.
9.2 Baseline will provide the Controller with all necessary information and assistance required to fulfill the Controller’s legal obligations regarding breach notification.
10. Data Retention and Deletion10.1 Baseline will retain personal data only as long as necessary for the purposes of providing its services, or as required by law.
10.2 Upon termination of the services or at the Controller’s request, Baseline will delete or return all personal data, unless legal requirements mandate retention.
11. Audit and Compliance11.1 The Controller has the right to audit Baseline’s compliance with the terms of this Agreement. Baseline agrees to provide all relevant documentation and access to systems and records necessary to verify compliance.
11.2 Audits must be requested with reasonable notice and will be conducted during normal business hours.
12. Restrictions on International Data Transfers12.1 No Transfers Outside the EU: Baseline commits that it will not transfer any personal data outside the European Union (EU) unless explicitly instructed by the Controller and in compliance with applicable data protection laws.
12.2 Data Storage and Processing within the EU: Baseline will store and process all personal data within the borders of the European Union. No personal data will be transferred to any country or territory outside the EU unless adequate safeguards are in place, and with the explicit consent of the Controller, in accordance with GDPR requirements.
12.3 Sub-processors within the EU: Baseline will only engage sub-processors that operate within the EU unless otherwise explicitly authorized by the Controller.
13. Liability13.1 Baseline’s liability for any breach of this Agreement is limited to the extent permitted by applicable law and as defined under the Baseline Terms and Conditions.
13.2 The Controller remains fully responsible for ensuring compliance with data protection obligations, including but not limited to obtaining all necessary consents and ensuring the lawfulness of the personal data uploaded.
14. Amendments14.1 Baseline reserves the right to update or modify this Agreement from time to time. Any material changes will be communicated via the platform, and continued use of Baseline after such changes constitutes acceptance of the revised terms.