Last updated: May 1, 2023
This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Data Controller") and Solar AI ("Data Processor") regarding the processing of personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
Terms such as "Personal Data", "Data Subject", "Processing", "Controller", "Processor", and "Supervisory Authority" shall have the meanings given to them in the applicable data protection laws.
3.1 The Data Processor shall only process Personal Data on documented instructions from the Data Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which the Data Processor is subject.
3.2 The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction infringes applicable data protection laws.
4.1 The purpose of the processing is to provide the services described in the Terms of Service.
4.2 The types of Personal Data processed may include:
4.3 The categories of Data Subjects whose Personal Data may be processed include:
5.1 The Data Processor shall ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
6.1 The Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
7.1 The Data Processor shall not engage another processor without prior specific or general written authorization of the Data Controller.
7.2 Where the Data Processor engages another processor for carrying out specific processing activities on behalf of the Data Controller, the same data protection obligations as set out in this DPA shall be imposed on that other processor.
8.1 The Data Processor shall assist the Data Controller in responding to requests from Data Subjects exercising their rights under applicable data protection laws.
9.1 The Data Processor shall notify the Data Controller without undue delay after becoming aware of a personal data breach.
9.2 The Data Processor shall assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR.
10.1 At the choice of the Data Controller, the Data Processor shall delete or return all the Personal Data to the Data Controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data.
11.1 The Data Processor shall make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.
12.1 The Data Processor shall not transfer Personal Data outside the European Economic Area (EEA) without the prior written consent of the Data Controller, and only in compliance with applicable data protection laws.
13.1 This DPA shall be governed by the laws of Australia, without regard to its conflict of law provisions.
If you have any questions about this Data Processing Agreement, please contact us at:
Email: privacy@solarai.com
Address: 123 Solar Street, Sydney, NSW 2000, Australia