Roles and Scope
Customer is the controller (or business) and Prodv0 is the processor (or service provider) for personal data submitted to the platform under the main service agreement.
This DPA applies to personal data processed in connection with workspace operation, workflow execution, metadata logging, and support activity.
Processing Instructions
Prodv0 processes personal data only on documented instructions from customer, including instructions communicated through product configuration, API requests, and support tickets.
If Prodv0 believes an instruction violates applicable data protection law, Prodv0will notify customer unless prohibited by law.
Security Measures
Prodv0 implements technical and organizational safeguards appropriate to risk, including access controls, encryption safeguards, environment segregation, and incident response procedures.
Security controls may evolve, provided overall protection is not materially reduced.
Subprocessors
Customer authorizes Prodv0 to use subprocessors for infrastructure, support, and operational delivery, subject to written agreements imposing data protection obligations materially equivalent to this DPA.
Prodv0remains responsible for subprocessors' performance of data protection obligations.
Customer Instructions and Obligations
Customer is responsible for determining a lawful basis for processing and for ensuring that instructions provided to Prodv0 are lawful, documented, and aligned with applicable data protection law.
- Customer remains responsible for data quality, accuracy, and permitted collection.
- Customer should avoid sending special category or highly regulated data unless expressly covered by written terms.
- Customer must configure workspace access using least-privilege principles.
International Transfers
Where personal data is transferred internationally, Prodv0 will use recognized legal transfer mechanisms required by applicable law.
Data Subject Assistance
Taking into account the nature of processing, Prodv0 will provide reasonable assistance to customer for handling data subject rights requests and regulatory obligations.
- Assistance may include search, export, correction, restriction, or deletion support.
- Customer remains responsible for evaluating request validity and issuing final responses to data subjects unless required otherwise by law.
Security Incident Notice
Prodv0 will notify customer without undue delay after confirming a security incident affecting customer personal data and provide available details necessary for customer legal compliance.
Notification includes known incident scope, likely impact, and remediation steps in progress, subject to legal and security constraints.
Return and Deletion
Upon termination of services, Prodv0 will return or delete customer personal data according to contractual terms and lawful retention obligations.
Customer may request deletion workflows and account closure through approved support channels.
Audit and Information Rights
Prodv0 will make available information reasonably necessary to demonstrate compliance with this DPA, including security documentation appropriate to the customer plan and legal requirements.
Where contractually available, audits may be performed under confidentiality and security safeguards.
Records and Cooperation
Prodv0 maintains processor records required by applicable law and cooperates with supervisory authority inquiries to the extent legally required.
Customer and Prodv0 will coordinate in good faith where regulatory communications, complaints, or investigations involve customer personal data processed under this DPA.
Liability and Precedence
Liability under this DPA is subject to the allocation and caps in the applicable master service or commercial agreement, unless prohibited by law.
If this DPA conflicts with the main agreement on data protection issues, this DPA prevails for those issues.
Email: privacy@prodv0.net