Observe.ai (the “Processor”) takes the security and privacy of data subjects (“Consumers”) seriously. Observe.ai leverages the Standard Contractual Clauses (“Standard Contractual Clauses”) for data transfers outside the EEA and the United States. Under the EU GDPR, data transfers may only be made to Processors (“Processors”) who agree to the following controls and obligations. Observe.ai agrees to the terms as follows:
The Processor must have adequate information security in place, taking into account the sensitivity of the data to be received.The data received remains the property of the Controller (the “Controller”) at all times unless ownership is explicitly shared or transferred by a written agreement.The Processor must not use Sub-Processors (“Sub-Processors”) without advanced notification or consent of the Controller; Sub-Processors must have equivalent security and privacy controls to those of Processor.The Processor shall cooperate with the relevant Data Protection Authorities (“Authorities”) in the event of an enquiry.The Processor must keep all received information confidential.The Processor must report data breaches to the Controller without delay.The Processor may need to appoint a mandatory Data Protection Officer (“DPO”). The Processor must do its own due diligence in this matter and appoint a qualified individual, if appropriate.The Processor must keep records of all processing activities.The Processor must comply with United States and EU trans-border data transfer rules.The Processor must help the Controller to comply with data subjects rights.The Processor must assist the Controller in managing the consequences of data breaches.The Processor must delete or return all personal data at the end of the contract at the choice of the Controller.The Processor must inform the Controller if the processing instructions infringe GDPR.The Processor must comply with security and privacy due diligence requirements placed on the Controller for the validation of the above.
Categories of Data Subjects
Customer (“Customer”) may submit, and users may submit on behalf of Customer: Personal Data (“Personal Data”) to the Software Services (“Software Services”), the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
Categories of Personal Data
Customer may submit Personal Data to the Software Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data: