Data Processing Agreement

1. Definitions

"Applicable Data Protection Laws" means the data protection and privacy laws applicable to the processing of personal data under this DPA, including, where relevant, the GDPR and CCPA/CPRA.

"Customer Personal Data" means any personal data processed by HaloVoice on behalf of the Customer in connection with the Services.

2. Roles and Responsibilities

HaloVoice will process Customer Personal Data only on behalf of and under the documented instructions of the Customer, in accordance with Applicable Data Protection Laws and this DPA. The Customer remains responsible for ensuring that it has all required legal bases for the processing of Personal Data and has provided any required notices or obtained any required consents.

3. Purpose of Processing

HaloVoice will process Customer Personal Data solely to provide the Services as described in the Agreement and related documentation. Personal data will not be processed for purposes outside the scope of providing, securing, or supporting the Services unless agreed in writing by the Parties.

4. Data Subject Rights

HaloVoice shall provide commercially reasonable assistance to the Customer to enable the Customer to respond to data subject requests (e.g., access, correction, deletion) under Applicable Data Protection Laws. If HaloVoice receives a direct request from a data subject regarding Customer Personal Data, HaloVoice shall promptly notify the Customer unless prohibited by law.

5. Security Measures

HaloVoice agrees to implement and maintain appropriate technical and organizational measures to protect Customer Personal Data from unauthorized access, loss, alteration, or disclosure. Security measures will be in line with industry standards and Applicable Data Protection Laws.

6. Data Transfers

HaloVoice may transfer Customer Personal Data internationally where necessary to provide the Services.

7. Sub-processors

HaloVoice is authorized to engage Sub-processors to assist in providing the Services. HaloVoice will enter into written agreements with Sub-processors imposing data protection obligations no less protective than this DPA. HaloVoice will notify the Customer of changes to its list of Sub-processors in advance and, where required by Applicable Data Protection Laws, allow reasonable time for Customer to object.

8. Personal Data Breach

HaloVoice will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data and will reasonably assist Customer in investigating and mitigating the breach, as required by Applicable Data Protection Laws.

9. CCPA/CPRA Specific Obligations

To the extent Customer Personal Data is subject to CCPA/CPRA, HaloVoice shall not sell or share Customer Personal Data and will process such Personal Data solely for the specified purposes under the Agreement and this DPA. HaloVoice will assist the Customer in fulfilling its CCPA/CPRA obligations (e.g., handling deletion requests) where appropriate.

10. Incorporation

This DPA is incorporated by reference into and forms part of the Agreement between HaloVoice and the Customer.