Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the agreement between Akkio and its customers for the provision of services, in accordance with applicable data protection laws including GDPR.
1Definitions
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
"Data Controller" refers to the Customer who determines the purposes and means of processing.
"Data Processor" refers to Akkio, which processes data on behalf of the Controller.
2Data Processing Scope
Akkio processes Personal Data only as necessary to provide the contracted services and in accordance with documented instructions from the Customer. The categories of data processed include account information, usage data, and any content submitted to the platform. Processing activities are limited to what is strictly necessary for service delivery.
3Security Measures
Akkio implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest, access controls, regular security assessments, and employee training. Details of our security practices are available in our Security documentation.
4Sub-processors
Akkio may engage sub-processors to assist in providing services. We maintain a list of current sub-processors and will notify customers of any changes. Sub-processors are bound by data protection obligations no less protective than those in this DPA. Customers may object to new sub-processors within 30 days of notification.
5Data Subject Rights
Akkio assists customers in responding to data subject requests including access, rectification, erasure, portability, and objection to processing. We provide tools and processes to facilitate these requests and will respond to customer inquiries within reasonable timeframes.
6Data Breach Notification
In the event of a personal data breach, Akkio will notify the Customer without undue delay and within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, categories of data affected, approximate number of data subjects, and measures taken or proposed to address the breach.