Data Processing Agreement (DPA)

Purpose

This Data Processing Agreement (“DPA”) forms part of the agreement between the business entity that orders or uses the Syncra AI Services (“Customer”) and the Syncra entity providing those Services (“Processor”). It reflects the parties' commitment to privacy and security when Processor processes personal information on Customer's behalf.

Definitions

“Personal information,” “processing,” “controller,” and “processor” have the meanings given under applicable privacy law (including PIPEDA and, where relevant, the GDPR). “Services” means the subscribed cloud services and related support described in the order or online terms between the parties.

Roles

Customer is the controller of personal information it uploads or causes to be processed through the Services (for example staff, caller, or contact data). Processor processes such data only on Customer's documented instructions as conveyed through the Services configuration and this DPA, unless applicable law requires otherwise (in which case Processor will inform Customer unless prohibited).

Details of processing

Subject matter: provision of AI-assisted communications, scheduling, integrations, and related features.

Duration: for the term of the agreement and as needed to wind down or migrate data afterward.

Nature and purpose: hosting, transmission, storage, analysis, transcription, routing, security monitoring, and support as configured by Customer.

Categories of data subjects: Customer's personnel and authorized users; end users who contact Customer (for example callers or chat visitors), as applicable.

Categories of personal information: identifiers and contact data, account data, audio and text communications where features are enabled, technical logs, and other categories Customer chooses to submit.

Processor obligations

Processor will:

• Process personal information only on documented instructions from Customer unless law requires otherwise.
• Ensure persons authorized to process data are bound by confidentiality.
• Implement appropriate technical and organizational measures for a service of this nature.
• Assist Customer, taking into account the nature of processing, in responding to data subject requests where feasible.
• Assist Customer with security and breach obligations, considering the information available to Processor.
• Delete or return personal information at the end of the Services as described in the agreement, subject to law.
• Make available information reasonably necessary to demonstrate compliance and allow for audits agreed in writing.

Subprocessors

Customer authorizes Processor to engage subprocessors to support the Services (for example cloud hosting, telecommunications, payments). Processor will impose written terms on subprocessors that require an equivalent level of data protection. A current list or update process may be provided in-product or upon request.

International transfers

Where personal information is transferred outside the country of origin, Processor will use safeguards appropriate under applicable law (such as contractual clauses or adequacy decisions where available).

Security incidents

Processor will notify Customer without undue delay after becoming aware of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information processed on Customer's behalf, consistent with legal requirements and Processor's incident process.

Customer responsibilities

Customer is responsible for the lawfulness of its instructions, obtaining and documenting any required consents or notices for recording and AI processing, configuring retention where the product allows, and classifying sensitive data it chooses to upload.

Conflicting terms

If this DPA conflicts with the main agreement, the terms most protective of personal information will prevail to the extent required by applicable privacy law; otherwise the main agreement controls for commercial terms.

Changes

We may update this DPA to reflect changes in law or the Services. We will post the revised DPA and update the “Last updated” date. Continued use of the Services after notice may constitute acceptance where permitted by contract and law.

Contact

For DPA-related inquiries, contact us through your tenant administrator dashboard or the business contact on file for Syncra AI.