Data Processing Addendum

1. Introduction

This Data Processing Addendum ("DPA") forms part of the agreement between you ("Customer") and Getia AS ("Processor") for the use of GetIntent ("the Service").

This DPA applies where we process personal data on your behalf as a data processor under GDPR and other applicable data protection laws.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data
• Controller: The entity that determines the purposes and means of processing
• Processor: The entity that processes personal data on behalf of the controller
• Subprocessor: Any third party engaged by the processor to process personal data

3. Scope of Processing

The Processor shall:

• Process personal data only on documented instructions from the Customer
• Ensure that persons processing data are subject to confidentiality obligations
• Implement appropriate technical and organizational security measures
• Assist the Customer in responding to data subject requests
• Delete or return all personal data upon termination of services

4. Subprocessors

The Customer authorizes the Processor to engage subprocessors as listed in the Subprocessors List.

The Processor shall ensure that subprocessors are bound by data protection obligations no less protective than those in this DPA.

5. Security Measures

The Processor implements the following security measures:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and authentication
• Regular security assessments and penetration testing
• Incident response procedures
• Employee security training

6. Data Breach Notification

In the event of a personal data breach, the Processor shall notify the Customer without undue delay (and in any event within 72 hours) after becoming aware of the breach.

7. International Transfers

When personal data is transferred outside the EEA, the Processor ensures appropriate safeguards are in place, including Standard Contractual Clauses where required.

8. Audit Rights

The Processor shall make available to the Customer all information necessary to demonstrate compliance with this DPA and allow for audits conducted by the Customer or an appointed auditor.

9. Contact

For questions about this DPA: