Optifeed

Data Processing Agreement

Last updated: January 1, 2025

Scope and Purpose

This Data Processing Agreement ("DPA") forms part of the Agreement between Optifeed and the Customer for the provision of Services. This DPA sets out the terms that apply when Personal Data is processed by Optifeed on behalf of the Customer.

Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on Personal Data
  • "Data Controller" means the Customer who determines the purposes of Processing
  • "Data Processor" means Optifeed who processes data on behalf of the Customer
  • "Sub-processor" means any third party engaged by Optifeed to process Personal Data

Data Processing

Optifeed will process Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data to a third country, unless required to do so by applicable law.

Security Measures

  • Encryption of Personal Data at rest and in transit
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Incident response and breach notification procedures
  • Employee training and confidentiality obligations

Sub-processors

Optifeed may engage Sub-processors to process Personal Data. A list of current Sub-processors is available upon request. Optifeed will notify the Customer of any changes to Sub-processors and will ensure Sub-processors are bound by data protection obligations.

Data Subject Rights

Optifeed will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws, including rights of access, rectification, erasure, and data portability.

Data Transfers

When Personal Data is transferred outside the EEA, Optifeed will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by relevant authorities.

Data Breach Notification

In the event of a Personal Data breach, Optifeed will notify the Customer without undue delay after becoming aware of the breach and will provide all information necessary for the Customer to comply with its notification obligations.

Audit Rights

Upon reasonable request and subject to confidentiality obligations, Optifeed will make available information necessary to demonstrate compliance with this DPA and allow for audits conducted by the Customer or an appointed auditor.

Data Retention and Deletion

Upon termination of the Agreement, Optifeed will delete or return all Personal Data to the Customer within 30 days, unless retention is required by applicable law.

Contact Information

For questions about this DPA, please contact our Data Protection Officer at dpo@optifeed.com.