Terms including "Personal Data," "Processing," "Controller," "Processor," and "Data Subject" align with meanings from the General Data Protection Regulation (EU) 2016/679 ("GDPR").
1. Definitions
2. Scope and Purpose
"ROZOR shall process Personal Data solely on documented instructions from the Controller" for service provision, maintenance, diagnostics, support, security monitoring, and legal compliance.
3. Categories of Data and Subjects
Data Subjects
Customer employees, authorized users, and facility occupants/patients where unavoidable.
Personal Data
Identification data, contact details, system usage logs, device telemetry, and limited location data. Special categories (health data) are not intentionally processed unless explicitly agreed.
4. Processor Obligations
ROZOR shall:
- Process Personal Data only on documented instructions
- Ensure authorized personnel maintain confidentiality
- Implement appropriate technical and organizational security measures
- Assist the Controller in responding to Data Subject requests
- Notify the Controller of Personal Data Breaches without undue delay
- Delete or return Personal Data upon Services termination
- Make available compliance demonstration information
5. Security Measures
"ROZOR implements industry-standard measures including access control, encryption, secure infrastructure, incident response, and regular assessments."
6. Sub-Processors & International Transfers
The Controller authorizes ROZOR to engage Sub-Processors with equivalent data protection obligations. For EEA/UK transfers outside, ROZOR ensures safeguards including EU Standard Contractual Clauses (SCCs).
7. Breach Notification & Audits
ROZOR notifies the Controller regarding breaches with consequences and mitigation details. The Controller may audit ROZOR's compliance with reasonable notice, subject to confidentiality and operational constraints.
8. Term, Termination & Liability
This DPA remains effective during Personal Data Processing. Upon termination, ROZOR returns or deletes data. Liability follows main agreement limitations.
9. Governing Law
This DPA is governed by Ontario provincial and Canadian federal law.
Annex I, Processing Details
- Subject Matter
- Robotics, software, and support services provision
- Duration
- Services term
- Nature
- Collection, storage, access, transmission, deletion
- Purpose
- Service delivery and support
Annex II, Technical and Organizational Measures
ROZOR maintains:
- Logical access controls and physical security safeguards
- Network security and firewalls
- Incident response procedures
- Secure development practices
- Vendor risk management
Contact Information
ROZOR dba Robotech Labs Inc.
204-175 Longwood Rd. S, McMaster Innovation Park
ON, L8P 0A1, Canada
Email: legal@rozor.ai