ADE Data Processing Addendum

This Data Processing Addendum ("DPA") supplements and is incorporated into the ADE Terms and Conditions and any applicable order form governing the use of the Service.

This DPA applies where Autonomous Digital processes Personal Data on behalf of Customer as a processor or service provider under applicable privacy law.

1. Roles of the Parties

Customer acts as the controller, business, or equivalent deciding the purposes and means of processing Personal Data submitted to the Service, except where applicable law provides otherwise. Autonomous Digital acts as the processor, service provider, or equivalent when processing such Personal Data on the Customer's behalf to provide the Service.

2. Subject Matter and Duration

The subject matter of processing is the provision of the Service. The duration of processing is the period during which Autonomous Digital processes Personal Data on the Customer's behalf in connection with the Service, unless longer retention is required by law or permitted under the governing agreement.

3. Nature and Purpose of Processing

Autonomous Digital may process Personal Data as necessary to host, store, retrieve, organize, analyze, transmit, secure, support, maintain, and provide the Service, to respond to Customer instructions, and to comply with law.

4. Types of Personal Data and Categories of Data Subjects

The types of Personal Data and categories of data subjects depend on how the Customer uses the Service. They may include business contact data, account identifiers, usage logs, communications data, workflow data, and other Personal Data that the Customer chooses to submit or enable through the Service.

5. Customer Instructions

Autonomous Digital will process Personal Data on documented instructions from Customer as set out in the governing agreement, this DPA, the Service configuration, or other documented Customer directions, unless otherwise required by law or unless the instruction would violate applicable law or the governing agreement. Such instructions include, without limitation, Customer’s use of the Service and any actions taken by Customer or its users within the Service, including, without limitation, uploading data, submitting content, configuring settings, enabling features or integrations, or otherwise directing how the Service processes Personal Data.

6. Confidentiality

Autonomous Digital will ensure that persons authorized to process Personal Data are subject to appropriate confidentiality obligations.

7. Security Measures

Autonomous Digital will implement reasonable and appropriate technical and organizational measures designed to protect Personal Data, taking into account the nature of the data, the risks involved, and the Service configuration and scope.

8. Subprocessors

Customer authorizes Autonomous Digital to use subprocessors in connection with the Service. Autonomous Digital will impose data protection obligations on subprocessors that are no less protective than those in this DPA, as appropriate to the services they provide. Information identifying subprocessors that process Customer Personal Data on behalf of Customer may be made available to current customers upon request, subject to reasonable verification of customer status and appropriate confidentiality protections, including a commercially reasonable non-disclosure agreement where appropriate. Autonomous Digital is not required to disclose internal security measures, contractual terms, technical architecture, model-routing logic, or other commercially sensitive information beyond what is reasonably necessary to identify the relevant subprocessor and the general nature of its processing role.

9. Assistance

Taking into account the nature of the processing and the information available to Autonomous Digital, Autonomous Digital will provide commercially reasonable assistance to Customer in responding to data subject requests, security matters, and certain regulatory obligations, where required by law and where Customer cannot reasonably fulfil the obligation without Autonomous Digital's assistance.

10. Data Incidents

If Autonomous Digital becomes aware of a confirmed Personal Data breach affecting Personal Data processed on Customer's behalf, Autonomous Digital will provide notice without undue delay where required by law, contract, or Autonomous Digital’s applicable incident response procedures, subject to the information reasonably available at the time and to legal and security considerations.

11. Deletion and Return

Upon termination of the applicable Services, Autonomous Digital will delete or return Personal Data in accordance with the governing agreement, Service functionality, and applicable law. If the governing agreement does not specify whether Personal Data will be deleted or returned, Autonomous Digital may delete such Personal Data unless applicable law requires retention or return.

12. International Transfers

Where required by law, the parties will rely on an appropriate transfer mechanism for cross-border transfers of Personal Data, including standard contractual clauses or other lawful transfer safeguards where applicable. Personal Data may be processed in countries other than the country in which it was collected as part of providing the Service. Where Autonomous Digital enters into specific data transfer arrangements or makes transfer-related documentation available, those materials will govern to the extent applicable.

13. Audit and Information Requests

To the extent required by applicable law, Autonomous Digital will make available information reasonably necessary to demonstrate compliance with this DPA, including relevant documentation and other reasonable evidence of compliance, subject to reasonable limitations on confidentiality, security, burden, frequency, and scope.

14. Conflict

If there is a conflict between this DPA and the ADE Terms and Conditions regarding Personal Data processing, this DPA controls to the extent of the conflict.