DPA Data Processing Agreement

• Data Processing Agreement (DPA) for REVUOP Last updated: January 5, 2025
• This Data Processing Agreement ("DPA") is part of the Terms of Service ("Agreement") between [Customer Name] ("Customer," "you," "your") and REVUOP ("the Software," "Processor," "we," "our," "us"). This DPA governs the processing of personal data that we perform on behalf of the Customer in connection with the provision of the Software, ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
• 1. Definitions: Data Controller: The entity that determines the purposes and means of processing personal data. Data Processor: The entity that processes personal data on behalf of the Data Controller. Data Subject: Any identified or identifiable individual whose personal data is processed. Personal Data: Any information related to an identified or identifiable individual. Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or erasure. Sub-Processor: Any third party appointed by the Processor to process personal data on behalf of the Customer.
• 2. Roles and Responsibilities: Customer as Data Controller: The Customer acts as the Data Controller for all personal data processed through the Software. As Data Controller, the Customer is responsible for determining the legal basis for processing and ensuring compliance with applicable data protection laws. REVUOP as Data Processor: REVUOP acts as the Data Processor and processes personal data on behalf of the Customer in accordance with this DPA and the Customer's instructions.
• 3. Types of Personal Data Processed: REVUOP processes the following types ofpersonal data on behalf of the Customer: End-user data: Names, email addresses, reviews, feedback, video testimonials, and other information submitted through review requests or landing pages. Customer data: Names, email addresses, contact information, login credentials, and other business-related data.
• Usage data: IP addresses, device information, and data related to the usage of the Software. The scope of the data processed may change based on the services provided by REVUOP, and the Customer will be informed accordingly.
• 4. Purpose of Processing: REVUOP processes personal data for the following purposes: Aggregating reviews from third-party platforms (e.g., Google, Facebook). Responding to reviews via artificial intelligence on behalf of the Customer. Sending review request campaigns and processing feedback. Sharing reviews through widgets and social media platforms. Performing analytics to track and enhance reputation management. Automating processes such as the sending of review requests.
• 5. Duration of Processing: The processing of personal data will continue for the duration of the Agreement, unless otherwise required by law or requested by the Customer for data deletion.
• 6. Processor Obligations: REVUOP agrees to: Process data only under instructions from the Customer: We will process personal data only as necessary to provide the Software and in accordance with the Customer's documented instructions. Ensure confidentiality: All employees or contractors involved in processing personal data are subject to a duty of confidentiality. Implement security measures: We will implement technical and organizational measures to protect personal data from unauthorized access, loss, alteration, or disclosure. Assist the Customer: We will assist the Customer in fulfilling obligations related to data subject requests and compliance with applicable laws, including performing data protection impact assessments when required. Data breach Notification: We will notify the Customer without undue delay if we become aware of a data breach and provide reasonable information and assistance.
• 7.Customer Obligations: As Data Controller, the Customer agrees to: Provide lawful instructions: Ensure all instructions provided to REVUOP are lawful and comply with data protection laws. Inform data subjects: Provide necessary privacy notices and obtain required consents where applicable. Ensure legal basis for processing: Confirm valid legal grounds (e.g., consent, legitimate interest) for processing data. Respond to data subject requests: Handle requests related to personal data processed through the Software, with REVUOP providing assistance as needed.
• 8. Sub-Processors: REVUOP may engage Sub-Processors to process personal data on behalf of the Customer. We will: Maintain security standards: Ensure all Sub-Processors provide equivalent data protection measures. Notify Customers of changes: Inform the Customer of any additions or replacements of Sub-Processors, offering an opportunity to object. Remain accountable: Be fully liable for the performance of Sub-Processors. A list of Sub-Processors is available upon request.
• 9. International Data Transfers: REVUOP may transfer personal data outside the European Economic Area (EEA) or other regions with differing data protection laws. In such cases, we will ensure compliance through: Standard Contractual Clauses (SCCs). Other lawful mechanisms providing adequate protection.
• 10. Security Measures: REVUOP implements technical and organizational security measures to safeguard personal data, including: Encryption of personal data during transmission. Access controls and authentication systems. Regular security assessments and audits. Incident response plans for handling breaches.
• 11. Data Subject Rights: REVUOP will assist Customers in meeting obligations related to data subjects' rights under applicable laws, including: Access: Provide access to their personal data. Rectification: Correct inaccurate data. Erasure: Request data deletion ("right to be forgotten"). Restriction/Objection: Restrict or object to processing. Portability: Provide data in a portable format. Requests from data subjects will be forwarded to the Customer, with REVUOP offering assistance as needed.
• 12. Data Retention and Deletion: Upon termination or expiration of the Agreement, REVUOP will, at the Customer’s request: Return all personal data processed on behalf of the Customer, or Delete all personal data, unless retention is required by law.
• 13. Audit Rights: Customers may request audits of REVUOP's processing activities to verify compliance with this DPA. Audits: Require reasonable notice. Must minimize disruption. Will be conducted at the Customer's expense.
• 14. Liability: Liability under this DPA is subject to the limitations outlined in the Agreement, except as prohibited by data protection laws.
• 15. Governing Law: This DPA is governed by and construed in accordance with the laws of Nevada, USA, without regard to conflict of laws principles.
• 16. Termination: This DPA remains effective as long as REVUOP processes personal data on behalf of the Customer. The terms continue to apply as long as REVUOP retains such data.
• 17. Contact Information: For questions or concerns regarding this DPA or data privacy rights, please contact us at: SUPPORT@REVUOP.COM