AI-powered, automated, and super-accurate speech recognition infrastructure tool for all of your audio and video data.
Made with ❤️ and ☕ in Bucharest
This addendum („Addendum”) is concluded by and between:
Hereinafter, collectively, referred to as “Parties”, and, individually, referred to as “Party”.
WHEREAS
THE PARTIES DECIDED AS FOLLOWS
Personal Data
means any information about an identified or identifiable natural person;
Data Subject
means the natural person whose Personal Data is Processed;
Processing / to Process
means any operation or set of operations which is performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Controller
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data;
Processor
means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller;
Subcontractor
means any Processor appointed by the Processor to Process Personal Data;
Personal Data Breach
means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed;
Relevant Personal Data
means Personal Data Processed by the Processor on behalf of the Controller, as described in Annex 1;
GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
Applicable Legislation
means GDPR, any relevant law implementing GDPR or regulating the protection of Personal Data, and any guidelines, codes of practice or other documents issued by the competent authorities;
Supervisory Authority
means the National Supervisory Authority for the Processing of Personal Data as well as any other supervisory authority concerned, in accordance with the GDPR;
Standard Contractual Clauses
means the standard clauses issued by the European Commission, in accordance with Article 46 of GDPR, for the transfer of Personal Data to countries outside the European Union and the European Economic Area, to which the European Commission has not recognised an adequate level of protection within the meaning of Article 45 of GDPR;
Services
means the services provided by the Parties in the performance of the Agreement.
In Processing Relevant Personal Data:
The Parties shall Process Relevant Personal Data in accordance with the obligations set out in this Addendum, as well as in accordance with obligations imposed by Applicable Legislation.
The Processor Processes the Relevant Personal Data of the Data Subjects only for the purposes set out in Annex 1. The Processor Processes the Personal Data only based on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organisation, unless required to do so by the European Union or member state law to which the Processor is subject. In such a case, the Processor shall inform the Controller of that legal requirement before Processing. For the avoidance of any doubt, any further Processing of any Personal Data contained in the audio / video files (when the latter gave their consent) for training the artificial intelligence algorithms will not represent a breach of Client’s instructions.
The Controller instructs the Processor and authorizes the Processor to instruct each Subcontractor to Process Relevant Personal Data and to transfer Relevant Personal Data to any third country, as necessary for the provision of the Services and the performance of the Agreement, in compliance with the provisions of this Addendum concerning the use of the Subcontractors and the transfer of the Personal Data.
The Processor takes reasonable steps to ensure compliance with the Applicable Legislation by persons who may have access to Relevant Personal Data, ensuring that the access is strictly limited to those who must have such access.
The Processor shall ensure that all the persons referred to in paragraph 1 are informed of the confidentiality of Relevant Personal Data and have undertaken to respect the confidentiality of Relevant Personal Data.
The Controller authorizes the Processor to use any Subcontractor, under the terms provided for in this Addendum, in connection with the Processing of the Relevant Personal Data.
The Processor shall ensure that each Subcontractor is able to respect the level of protection of Relevant Personal Data as required in this Addendum. The Processor shall enter into a contract with each Subcontractor. Obligations similar to those set out in this Addendum for the Processor shall be imposed to the Subcontractor.
The Processor shall inform the Controller of any expected changes regarding the addition or replacement of Subcontractors, the Controller having the right to object, on reasonable grounds, to the Subcontractor used by the Processor.
The Processor shall assist the Controller in the fulfilment of its obligations arising from the exercise by the Data Subjects of their data protection rights.
The Processor shall notify and cooperate with the Controller on any request from a Data Subject for the exercise of a right in connection with Relevant Personal Data.
The Processor shall implement appropriate technical and organisational measures to ensure a level of security adequate to this risk, as provided for by the GDPR.
The Processor shall notify the Controller within 72 hours, as of the moment when the Processor becomes aware of a Personal Data Breach in connection with Relevant Personal Data.
The Processor shall take immediate action to investigate the Personal Data Breach in connection with Relevant Personal Data and to identify, prevent and mitigate its effects as much as possible.
The Processor shall cooperate with the Controller and take reasonable steps in accordance with the Controller’s documented instructions for the remedy of the Personal Data Breaches in connection with Relevant Personal Data.
Considering the nature of Processing and the information available to the Processor, the Processor assists the Controller in ensuring compliance with the obligations provided for by Articles 35 and 36 of GDPR regarding the data protection impact assessment and prior consultation.
At the time of ceasing the provision of the Services involving the Processing of Relevant Personal Data, the Controller may request the Processor (i) to return to the Controller a copy of all Relevant Personal Data and to remove all copies of the Relevant Personal Data Processed by the Controller and/or (ii) to delete all Relevant Personal Data and to remove all copies of relevant Personal Data Processed by the Processor. The Processor will act in accordance with the instructions received from the Controller, without undue delay.
By way of exception to the provisions of paragraph 1, the Processor shall be able to keep a copy of the Relevant Personal Data, insofar is subject to a legal obligation to that effect and for the storage period required by the European Union or member state law to which the Processor is subject.
The Processor shall inform the Controller if, in its opinion, an instruction infringes the GDPR or other Union or member state data protection provisions.
The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Addendum and in the Applicable Legislation and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. The Controller or the mandated auditor obliges to undertake confidentiality obligations towards the Processor to protect the confidentiality of the information of the Processor and of third parties which might be found out by the Controller or the mandated auditor during the audit.
If the Relevant Personal Data is transferred to a territory or to a country outside the European Union or the European Economic Area not designated by the European Commission as providing an adequate level of protection, the Parties will take appropriate safeguards, including by concluding Standard Contractual Clauses.
This Addendum shall enter into force on the date of its signature and shall cease on the latest of the following dates: (i) the date of termination of the Agreement or (ii) the date of termination of the last Services provided under the Agreement.
This Addendum is governed by Romanian law. The Parties agree that any disputes or complaints arising under this Addendum fall within the jurisdiction of the competent Romanian courts.
Where there is a discrepancy between the provisions of this Addendum and any other agreement between the Parties, including the provisions of the Agreement, this Addendum shall prevail in respect of matters relating to the data protection obligations.
Where the obligations of the Parties need to be amended as a result of changes in the Applicable Legislation or as a result of the issuance by the European Commission or the Supervisory Authority of standard contractual clauses, including in case of modification or adoption of new Standard Contractual Clauses on international transfers, the Parties undertake to amend this Addendum accordingly.
Relevant Personal Data
Data Subjects
Nature and purpose of the Processing of Relevant Personal Data
Subject-matter and duration of the Processing of Relevant Personal Data
Processing operations
AI-powered, automated, and super-accurate speech recognition infrastructure tool for all of your audio and video data.
Made with ❤️ and ☕ in Bucharest
We use cookies to improve your experience and for marketing. Read our Cookie Policy.