Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Terms & Conditions and Privacy Policy of BrightDove AI Solutions (“Processor”) when providing services to its customers (“Controller”). It outlines our obligations under the EU General Data Protection Regulation (GDPR) regarding the processing of personal data on behalf of our customers.

1. Subject Matter

The Processor shall process personal data only for the purposes of delivering AI services, automation tools, and related business functions as described in the agreement between Controller and Processor.

2. Duration

The Processor will process personal data for the duration of the service agreement unless otherwise instructed by the Controller.

3. Nature and Purpose of Processing

The Processor provides AI and automation services, which may involve the storage, transmission, or structured analysis of data provided by the Controller or its users. Processing is carried out strictly for service delivery, improvement, and security.

4. Types of Data Processed

• Contact details (e.g., name, email, phone)
• Business information (e.g., company name, role, industry)
• End-user data provided by the Controller (e.g., text prompts, uploaded files)
• Technical usage data (e.g., IP addresses, device identifiers)

5. Obligations of the Processor

• Process data only on documented instructions from the Controller.
• Ensure staff are bound by confidentiality agreements.
• Implement appropriate technical and organizational security measures.
• Assist the Controller with data subject requests (access, deletion, portability, etc.).
• Assist with data protection impact assessments (DPIAs) where relevant.
• Delete or return all personal data at the end of service provision (unless legally required to retain).
• Make available information necessary to demonstrate compliance with GDPR.

6. Subprocessors

The Controller authorizes the use of subprocessors necessary for providing services (e.g., hosting providers, payment processors, analytics tools). A current list of subprocessors is available on request. The Processor shall ensure subprocessors are bound by the same obligations as outlined in this DPA.

7. International Data Transfers

Where data is transferred outside the EEA, the Processor shall ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Security Measures

The Processor maintains industry-standard security measures, including but not limited to encryption, access controls, monitoring, and secure data hosting. Detailed documentation is available upon request.

9. Controller Responsibilities

The Controller is responsible for ensuring that personal data is collected and shared with the Processor lawfully, and that it has the necessary legal basis (e.g., consent, contract, legitimate interest) for processing.

10. Liability

Liability under this DPA follows the limitations of liability set forth in the main Terms & Conditions unless otherwise required by applicable data protection laws.

11. Contact