Data Processing Addendum

1. Definitions

This Data Processing Addendum ("DPA") forms part of the Agreement between Netzilo, Inc. ("Data Processor") and the Customer ("Data Controller") for the provision of Services.

• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on Personal Data
• "Data Subject" means the individual to whom Personal Data relates
• "GDPR" means the General Data Protection Regulation (EU) 2016/679

2. Processing of Personal Data

Netzilo shall process Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law.

The subject matter, duration, nature, and purpose of the processing, the type of Personal Data and categories of Data Subjects are specified in Annex 1 of this DPA.

3. Security Measures

Netzilo shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Pseudonymization and encryption of Personal Data
• Ensuring ongoing confidentiality, integrity, availability, and resilience
• Ability to restore availability and access to Personal Data in a timely manner
• Regular testing, assessing, and evaluating security measures

4. Subprocessors

The Customer provides general authorization for Netzilo to engage subprocessors. Netzilo shall inform the Customer of any intended changes concerning the addition or replacement of subprocessors, giving the Customer the opportunity to object.

Current subprocessors are listed in our Subprocessors List document.

5. Data Subject Rights

Netzilo shall assist the Customer in fulfilling its obligations to respond to Data Subject requests exercising their rights under applicable data protection laws, including access, rectification, erasure, restriction, portability, and objection.

6. Data Breach Notification

Netzilo shall notify the Customer without undue delay after becoming aware of a Personal Data breach affecting Customer Personal Data, providing sufficient information to allow the Customer to meet any obligations to report to supervisory authorities or inform Data Subjects.

7. Audit Rights

Netzilo shall make available to the Customer all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.