This Data Processing Agreement (“DPA”) is part of the Terms and Conditions (the “Agreement”) between Pollux Tech, Inc. (“Processor”) and the Customer (“Controller”). It governs the processing of personal data provided by the Customer in connection with their use of the Pollux platform (the “Service”).
1. Definitions
For the purposes of this DPA:
2. Scope and Roles
3. Customer Responsibilities
The Customer represents and warrants that:
a. It has the legal right to collect, share, and process Personal Data through the Pollux platform.
b. It has provided all necessary notices and obtained all required consents from data subjects.
c. It complies with applicable data protection laws.
d. It will configure its use of the Service in a manner that ensures compliance with Applicable Data Protection Laws.
4. Processor Obligations
Pollux Tech, Inc. agrees to:
a. Process Data Only as Instructed: Process Personal Data only as instructed by the Customer and as necessary to provide the Service.
b. Confidentiality: Ensure that personnel authorized to process Personal Data are bound by confidentiality obligations.
c. Security: Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (e.g., encryption, access controls).
d. Data Breach Notification: Notify the Customer without undue delay upon becoming aware of a data breach affecting Personal Data.
e. Assistance: Provide reasonable assistance to the Customer in responding to data subject requests or regulatory inquiries, provided such assistance does not impose a disproportionate burden on Pollux.
f. Deletion or Return of Data: Upon termination of the Agreement, delete or return all Personal Data within 30 days, unless applicable law requires retention.
5. Subprocessors
The Customer provides general consent for Pollux Tech, Inc. to engage subprocessors for the provision of the Service.
Current Subprocessors:
| Subprocessor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting and storage | United States |
| Stripe | Payment processing | United States |
a. Notification of Changes: Pollux will notify the Customer of any changes to subprocessors and provide the opportunity to object within 10 business days. Objections must be based on legitimate legal concerns.
b. Subprocessor Agreements: Pollux ensures that all subprocessors are bound by agreements that impose obligations equivalent to those in this DPA. Pollux is not liable for damages arising solely from the actions of subprocessors.
6. Data Subject Rights
Pollux Tech, Inc. will assist the Customer in fulfilling its obligations to data subjects under applicable data protection laws.
a. Requests for access, rectification, deletion, or data portability will be processed only upon the Customer’s documented request.
b. The Customer is responsible for verifying the identity of data subjects and ensuring that requests are legally valid.
c. Pollux reserves the right to charge for excessive requests or those requiring significant technical effort.
7. Security Measures
Pollux implements and maintains industry-standard measures to protect Personal Data, including:
The Customer is responsible for ensuring secure access to its account, including proper management of user credentials and API keys.
8. Liability
To the fullest extent permitted by law:
a. Pollux Tech, Inc.’s total liability for all claims under this DPA is limited to the fees paid by the Customer in the 12 months preceding the event giving rise to the claim.
b. Pollux is not liable for indirect, incidental, or consequential damages, including loss of profits, data, or business opportunities.
c. Pollux is not liable for damages arising from the actions of subprocessors unless directly caused by Pollux’s breach of this DPA.
9. International Transfers
Pollux Tech, Inc. may transfer Personal Data to subprocessors or locations outside the Customer’s jurisdiction. Such transfers will comply with applicable data protection laws, including the use of Standard Contractual Clauses or other approved mechanisms.
10. Audit Rights
Upon request, Pollux Tech, Inc. will provide documentation necessary to demonstrate compliance with this DPA. The Customer may audit Pollux’s data protection practices subject to the following conditions:
a. Audits are limited to once per calendar year and must be scheduled with 30 days’ advance notice.
b. Audits must not interfere with Pollux’s operations.
c. The Customer will bear all costs associated with the audit.
11. Term and Termination
This DPA remains effective as long as Pollux Tech, Inc. processes Personal Data on behalf of the Customer. Upon termination of the Agreement, Pollux will delete or anonymize all Personal Data within 30 days, unless applicable law requires longer retention.
12. Contact Information
For questions about this DPA or data protection practices, contact:
Pollux Tech, Inc.
8 The Green, Suite B
Dover, DE 19901
United States
Email: legal@polluxplatform.com
If you have questions about these Terms, or need to contact us for any reason, you can reach us at:
Contact:
+1 800 940 3043
Email:
info@polluxplatform.com
Connect with us
