How we process and protect your data as a data processor
Important Notice
This Data Processing Agreement ("DPA") forms part of our Terms of Service and governs how Apito LLC ("Apito", "we", "us", or "our") processes personal data on behalf of our customers.
Agreement Acceptance
BY USING OUR SERVICES, YOU AGREE TO THIS DATA PROCESSING AGREEMENT. This DPA is automatically incorporated into our Terms of Service and applies to all customers who use our API builder platform.
In this DPA:
a) "Data Controller"
means the customer who determines the purposes and means of processing personal data;
b) "Data Processor"
means Apito, who processes personal data on behalf of the Data Controller;
c) "Personal Data"
means any information relating to an identified or identifiable natural person;
d) "Processing"
means any operation performed on personal data, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, or destruction;
e) "Sub-processor"
means any third party engaged by Apito to process personal data on behalf of the Data Controller.
As the Data Controller, you are responsible for:
As the Data Processor, we are responsible for:
We process personal data for the following purposes:
The types of personal data we process may include:
We will process personal data for the duration of your use of our services and for a reasonable period thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
You authorize us to engage Sub-processors to process personal data on your behalf. We will ensure that all Sub-processors are bound by contractual obligations that provide the same level of data protection as this DPA.
Our current Sub-processors include:
We will notify you of any intended changes concerning the addition or replacement of Sub-processors, thereby giving you the opportunity to object to such changes.
We will assist you in responding to requests from data subjects to exercise their rights under applicable data protection laws, including:
IMPORTANT BREACH NOTIFICATION
In the event of a personal data breach, we will notify you without undue delay after becoming aware of the breach. We will provide you with all necessary information to help you meet your breach notification obligations under applicable data protection laws.
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
You have the right to audit our compliance with this DPA. We will cooperate with reasonable audit requests and provide you with access to relevant information, subject to confidentiality obligations and reasonable notice requirements.
Upon termination of our services or at your request, we will return or delete all personal data in our possession, except where we are required to retain certain information by law or for legitimate business purposes.
Our liability under this DPA is subject to the limitations set forth in our Terms of Service. We will not be liable for any indirect, incidental, special, consequential, or punitive damages arising from our processing of personal data.
This DPA shall be governed by and construed in accordance with the laws of the State of Wyoming, without regard to its conflict of law provisions. Any disputes arising from this DPA shall be resolved in accordance with the dispute resolution provisions in our Terms of Service.
If you have any questions about this Data Processing Agreement, please contact us at:
This Data Processing Agreement is effective as of the date stated above and applies to all customers using our services.