Data Processing Addendum
Provided for clients who require a processor agreement. In most reviews Quiet AI is an independent controller of the limited data it collects.
When this applies
This addendum applies where Quiet AI processes personal data on a client's behalf as a processor, for example where a client provides datasets containing personal data for a higher-tier document review. In most reviews we act as an independent controller of the limited data we collect, and this addendum is offered to clients who require one. It forms part of the services agreement when executed.
Roles and scope
The client is the controller and Quiet AI is the processor for personal data processed on the client's documented instructions, solely to perform the review for the duration of the engagement.
Our obligations
- Process personal data only on the client's documented instructions.
- Ensure persons authorized to process the data are bound by confidentiality.
- Apply appropriate technical and organizational security measures.
- Engage sub-processors only under written terms with equivalent obligations.
- Assist the client, where possible, with data-subject requests and security obligations.
- Notify the client without undue delay after becoming aware of a personal-data breach.
- Delete or return personal data at the end of the engagement, subject to legal retention.
- Make available information reasonably necessary to demonstrate compliance.
International transfers
Where personal data is transferred across borders, the parties will put appropriate safeguards in place as required by applicable law.
How to request it
To execute a Data Processing Addendum, contact apply@quietaistandard.org.