This Data Processing Agreement (“Agreement”) forms part of the Terms of Service or any other contract (“Principal Agreement”) between Larsaai.com (“Processor”) and the customer (“Controller”) who uses Larsaai.com services.
1. Definitions
For the purposes of this Agreement:
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data, such as collection, storage, use, transfer, or deletion.
“Controller” means the party determining the purposes and means of the Processing.
“Processor” means the party processing Personal Data on behalf of the Controller.
“Data Protection Laws” means all applicable laws relating to data protection, including the GDPR (Regulation (EU) 2016/679).
2. Subject Matter
The Processor shall process Personal Data solely to provide the services under the Principal Agreement and in accordance with the Controller’s documented instructions.
3. Duration
This Agreement remains in force for as long as the Processor processes Personal Data on behalf of the Controller under the Principal Agreement.
4. Nature and Purpose of Processing
The Processor will process Personal Data for the purposes of:
Providing Larsaai.com AI calling, automation, and communication services.
Managing customer accounts, communication, and support.
Complying with legal obligations.
5. Categories of Data Subjects
The Personal Data processed may concern the following categories:
Customers and prospective customers of the Controller.
Employees, agents, and contractors of the Controller.
Other individuals whose data is entered into the Larsaai.com platform.
6. Categories of Personal Data
Personal Data may include:
Names, phone numbers, and email addresses.
Call transcripts and interaction history.
Appointment and scheduling data.
Any other data submitted by the Controller in using the service.
7. Processor Obligations
The Processor shall:
Process Personal Data only on documented instructions from the Controller.
Ensure personnel authorized to process the data are bound by confidentiality.
Implement appropriate technical and organizational measures to protect the data.
Assist the Controller in responding to data subject rights requests.
Assist the Controller in ensuring compliance with data security, breach notifications, and data protection impact assessments.
Delete or return all Personal Data after the end of the provision of services, unless retention is required by law.
Make available all necessary information to demonstrate compliance with this Agreement.
8. Sub-Processors
The Controller authorizes the Processor to engage sub-processors for processing activities, provided:
The Processor maintains a list of sub-processors and informs the Controller of any intended changes.
Sub-processors are bound by data protection obligations equivalent to those in this Agreement.
9. Data Transfers
If Personal Data is transferred outside the European Economic Area, the Processor will ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.
10. Security Measures
The Processor will maintain security measures, including:
Encryption of data in transit and at rest.
Access controls and authentication measures.
Regular vulnerability assessments.
11. Data Breach Notification
In the event of a personal data breach, the Processor will notify the Controller without undue delay, providing details of the breach and steps taken to mitigate it.
12. Liability
Each party’s liability under this Agreement is subject to the limitations and exclusions set out in the Principal Agreement.
13. Governing Law
This Agreement is governed by the laws of Romania (or the jurisdiction specified in the Principal Agreement), with exclusive jurisdiction in the competent courts of that jurisdiction.
14. Contact Information
For data protection matters, contact:
Data Protection Officer
Larsaai.com
Email: privacy@larsaai.com
