Effective Date: March 2025
Last Updated: March 2025
1. Introduction
This Agreement outlines the terms and conditions under which the Service Provider will process personal data on behalf of the Company, in compliance with applicable data protection laws and regulations.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject").
- Processing: Any operation or set of operations performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
- Data Controller: The entity that determines the purposes and means of the processing of Personal Data.
- Data Processor: The entity that processes Personal Data on behalf of the Data Controller.
- Sub-processor: Any third party appointed by the Data Processor to process Personal Data on behalf of the Data Controller.
3. Subject Matter of Processing
The Service Provider will process Personal Data to provide the following services to the Company:
Skills Extraction: Utilizing OpenAI's language models to extract and analyze skills from textual data provided by the Company.
4. Roles and Responsibilities
4.1. Data Controller
The Company is the Data Controller and determines the purposes and means of processing Personal Data.
4.2. Data Processor
The Service Provider is the Data Processor and processes Personal Data on behalf of the Company.
5. Obligations of the Data Processor
The Service Provider agrees to:
- 5.1. Processing Instructions: Process Personal Data only on documented instructions from the Company, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by law.
- 5.2. Confidentiality: Ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- 5.3. Security Measures: Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, as appropriate, pseudonymization and encryption of Personal Data.
- 5.4. Sub-processors: Not engage another processor without prior specific or general written authorization of the Company. In the case of general written authorization, the Service Provider shall inform the Company of any intended changes concerning the addition or replacement of other processors, giving the Company the opportunity to object to such changes.
- 5.5. Data Subject Rights: Assist the Company by appropriate technical and organizational measures, insofar as possible, for the fulfillment of the Company's obligation to respond to requests for exercising the Data Subject's rights.
- 5.6. Data Breach Notification: Notify the Company without undue delay after becoming aware of a personal data breach.
- 5.7. Data Protection Impact Assessment: Assist the Company in ensuring compliance with obligations pursuant to data protection impact assessments and prior consultation.
- 5.8. Deletion or Return of Data: At the choice of the Company, delete or return all Personal Data to the Company after the end of the provision of services relating to processing, and delete existing copies unless applicable law requires storage of the Personal Data.
- 5.9. Audits: Make available to the Company all information necessary to demonstrate compliance with the obligations laid down in this Agreement and allow for and contribute to audits, including inspections, conducted by the Company or another auditor mandated by the Company.
6. Obligations of the Data Controller
The Company agrees to:
- 6.1. Lawful Processing: Ensure that the processing of Personal Data, including the transfer of Personal Data to the Service Provider, has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection laws.
- 6.2. Data Subject Rights: Provide the Service Provider with the necessary information regarding Data Subject requests, ensuring that the Service Provider can assist in fulfilling such requests.
- 6.3. Data Accuracy: Ensure the accuracy, quality, and legality of Personal Data provided to the Service Provider.
7. Use of OpenAI Services
The Service Provider utilizes OpenAI's language models to perform skills extraction from the textual data provided by the Company.
- 7.1. Data Processing: The Service Provider will process the textual data through OpenAI's models to extract relevant skills information.
- 7.2. Data Security: The Service Provider will ensure that appropriate measures are in place to protect the data during processing, in compliance with OpenAI's data usage policies.
- 7.3. Compliance: The Service Provider will ensure that the use of OpenAI services complies with applicable data protection laws and regulations.
8. International Data Transfers
The Service Provider shall not transfer Personal Data to a third country or international organization without the prior written consent of the Company, unless such transfer is required by law.
9. Term and Termination
9.1. Term
This Agreement shall commence on the Effective Date and continue until terminated by either Party with "30 days'" written notice.
9.2. Termination
Upon termination, the Service Provider shall, at the choice of the Company, delete or return all Personal Data to the Company, and delete existing copies unless applicable law requires storage of the Personal Data.
10. Governing Law and Jurisdiction
10.1 Governing Law
This Agreement shall be governed by and construed in accordance with the laws of India.
10.2 Jurisdiction
Any disputes arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts located in Tamil Nadu, India.
11. Contact Information
If you have any questions or concerns about this Agreement, please contact us:
Company Name: SNS Square Consultancy Services Private Limited
Email: support@squarebridge.org
Address: BLOCK-L, Embassy TechVillage, Outer Ring Rd, Devarabisanahalli, Bellandur, Bengaluru, Karnataka 560103.
