This Data Processing Agreement (“DPA”) governs the processing of Personal Data by Kincode AI on behalf of the Customer in connection with the provision of the Services.
This DPA forms an integral part of the master services agreement or other agreement governing the provision of Services between the Parties.
The terms “Personal Data”, “Processing”, “Controller”, “Processor”, “Data Subject”, “Personal Data Breach”, and any other terms defined in Regulation (EU) 2016/679 (“GDPR”) shall have the meanings assigned to them under the GDPR.
Kincode AI shall process Personal Data solely for the purpose of providing the Services contracted by the Customer.
Collection
Recording
Organization
Storage
Consultation
Disclosure and communication
Analysis
Reporting
Provision of the Kincode AI platform for:
Employees
Executives
Managers
Candidates (where applicable)
Depending on the configuration selected by the Customer:
Kincode AI does not require or intentionally collect special categories of Personal Data as defined under Article 9 of the GDPR.
The Customer represents and warrants that:
a) It has a valid legal basis for the processing of Personal Data.
b) It is responsible for ensuring that it has the necessary legal basis to use the communication channels selected through the platform, including email, instant messaging applications, collaboration tools, and any other communication methods enabled by the Services.
c) It has provided Data Subjects with all information required under applicable data protection laws.
d) Any instructions provided to Kincode AI comply with applicable law.
e) It acts as the Controller with respect to all Personal Data processed through the Services.
Kincode AI shall:
a) Process Personal Data only on documented instructions from the Customer.
b) Ensure that persons authorized to process Personal Data are subject to appropriate confidentiality obligations.
c) Implement appropriate technical and organizational measures to protect Personal Data.
d) Provide reasonable assistance to the Customer in fulfilling its data protection obligations.
e) Notify the Customer without undue delay of any Personal Data Breach of which it becomes aware.
f) Delete or return Personal Data upon termination of the Services, unless retention is required by applicable law.
g) Notify the Customer, without directly responding unless legally required, of any request received from a Data Subject regarding the exercise of their data protection rights.
h) Provide reasonable assistance in connection with Data Protection Impact Assessments (DPIAs) and prior consultations with supervisory authorities where required.
i) Unless expressly stated otherwise, the Customer’s configuration of the Services and ordinary use of the platform shall constitute documented instructions from the Controller.
Kincode AI maintains appropriate technical and organizational measures designed to protect Personal Data, including:
Detailed information regarding Kincode AI’s security measures is maintained and updated in the security documentation available at: https://trust.kincode.ai
The Customer may request reasonable information demonstrating compliance with the obligations set forth in this DPA.
Kincode AI shall make available relevant security documentation, certifications, audit reports, and policies through its Trust Center.
Any on-site or technical audit shall be subject to reasonable prior notice, conducted during normal business hours, and performed in a manner that does not compromise the security of other customers, confidential information, or the integrity of the Services.
On-site or technical audits may not occur more than once per calendar year unless required by law, triggered by a confirmed security incident, or supported by a reasonable suspicion of non-compliance with this DPA.
The Customer generally authorizes Kincode AI to engage subprocessors in connection with the provision of the Services.
The current list of subprocessors is available at: https://trust.kincode.ai/subprocessors
Kincode AI may update its subprocessors from time to time and will notify Customers of material changes through updates to the Trust Center or through other reasonable notification mechanisms.
The Customer may reasonably object to the appointment of a new subprocessor within thirty (30) calendar days of notification. In the event of a reasonable objection, the Parties shall cooperate in good faith to identify an appropriate solution.
Kincode AI shall impose data protection obligations on its subprocessors that are substantially equivalent to those set forth in this DPA.
Where the processing of Personal Data involves transfers outside the European Economic Area, Kincode AI shall implement appropriate transfer mechanisms in accordance with applicable data protection laws, including where applicable:
Upon reasonable request, Kincode AI shall provide information regarding the safeguards applicable to such transfers.
Kincode AI shall provide reasonable assistance to the Customer in responding to requests relating to:
The Customer, acting as Controller, shall remain primarily responsible for responding to Data Subject requests.
If Kincode AI receives a request directly from a Data Subject relating to Personal Data processed on behalf of the Customer, Kincode AI shall promptly forward such request to the Customer unless legally required to respond directly.
Kincode AI shall notify the Customer of any confirmed Personal Data Breach without undue delay and, in any event, within seventy-two (72) hours of confirmation.
To the extent available, such notification shall include:
Upon termination or expiration of the Services, and unless retention is required by applicable law:
Any liability arising under this DPA shall be subject to the limitations of liability set forth in the applicable agreement governing the provision of the Services between the Parties.
This DPA shall be interpreted in accordance with applicable data protection laws governing the processing of Personal Data, including Regulation (EU) 2016/679 (GDPR), where applicable.
In the event of any conflict between this DPA and the agreement governing the provision of the Services, this DPA shall prevail with respect to matters relating to the processing and protection of Personal Data.
The current technical and organizational measures implemented by Kincode AI are described and maintained in the Kincode AI Trust Center and related security documentation available at: https://trust.kincode.ai
Questions regarding this Data Processing Agreement may be directed to:
Kincode AI
Email: compliance@kincode.ai
Trust Center: https://trust.kincode.ai
.svg){kind=logo}