Legal
Legal
This Agreement (the "DPA") governs the processing of personal data carried out by the Provider on behalf of the Customer to deliver the Service, in compliance with applicable data protection regulations (GDPR, LGPD, LFPDPPP, among others).
The Customer acts as the data controller for the personal data uploaded to the Service. The Provider acts as the data processor and processes data only following the Customer's instructions, set out in the Terms and this DPA.
The specific categories depend on what the Customer decides to upload to the Service. They may include identification data, contact data, transactional data, business identifiers and, optionally, special categories if the Customer decides to process them (in which case the Customer must have its own legal basis).
The Customer authorizes the Provider to use the subprocessors listed in the Privacy Policy. The Provider will give reasonable prior notice before adding a new subprocessor and will allow the Customer to object on reasonable grounds.
The Provider will notify the Customer without undue delay after becoming aware of a security breach affecting Customer Data, providing the information reasonably needed for the Customer to comply with notification obligations to authority and, where applicable, data subjects.
At the end of the contract, the Customer can export data for 30 days. After that period, the Provider will delete Customer Data from its active systems, except where retention is required by law.
Once per year and with reasonable notice, the Customer can request documented evidence of compliance with this DPA (security reports, certifications, audit logs). On-site audits require prior agreement.
This DPA enters into force when the Terms are accepted and remains in force while the Provider processes Customer Data. In case of conflict between this DPA and the Terms, this DPA prevails on data protection matters.
Legal questions? Email us at hola@rnflows.com.
Create your workspace in minutes. No credit card, nothing to install.