This Data Processing Agreement (“Agreement”) forms part of the Service Agreement
Controller (Client): [Client Business Name]
Processor (Provider): Chateeze, operated by Nic Culverhouse, ABN 61371230038
By signing this Agreement, the Client appoints the Provider to process personal data on its behalf for the sole purpose of delivering AI-powered bot services, under the terms set out below.
1. Purpose and Scoperpose of These Terms
The Provider will process personal data only to deliver, maintain, and support the Client’s AI Bot(s) and related services, as defined in the Service Agreement. Processing will be carried out strictly in line with the Client’s written or documented instructions.
2. Definitions
“Personal Data”: Any information relating to an identified or identifiable individual.
“Processing”: Any operation performed on Personal Data, including collection, storage, use, transmission, and deletion.
“Controller”: The Client, which determines the purpose and means of processing.
“Processor”: The Provider, which processes Personal Data on behalf of the Controller.
3. Client Responsibilities (Controller)
The Client is responsible for:
Ensuring that any Personal Data collected by the Bot is done lawfully and in compliance with the Privacy Act 1988 (Cth) and other applicable laws.
Providing accurate instructions and ensuring that data subjects are informed about how their data will be used.
Not requesting or instructing the Bot to collect sensitive data unless agreed in writing.
4. Provider Responsibilities (Processor)
The Provider shall:
1. Process Personal Data only as instructed by the Client.
2. Keep all Personal Data confidential.
3. Implement robust technical and organisational measures to protect Personal Data.
4. Notify the Client if a legal obligation requires disclosure of Personal Data.
5. Assist the Client in meeting obligations under the Privacy Act 1988 and, where applicable, overseas privacy regulations (e.g., GDPR).
5. Categories of Data Processed
The Bot may process:
Contact details (names, email addresses, phone numbers).
Booking or order information.
Conversation logs between the Bot and end-users.
Other business-relevant details provided by the Client.
Sensitive personal data (health data, financial account details, etc.) will not be processed unless explicitly agreed in writing.
6. Security Measures
The Provider will implement:
Data encryption in transit and at rest.
Password-protected and access-controlled systems.
Hosting on secure, monitored servers.
Regular backups and disaster recovery protocols.
Staff access limited to those with a business need-to-know.
7. Sub-Processors
The Provider may engage approved sub-processors (e.g., hosting services, AI platforms) to deliver services.
A current list of sub-processors will be maintained and provided to the Client on request.
All sub-processors will be bound by written terms that offer equal or greater protection than this Agreement.
8. International Data Transfers
If data is transferred outside Australia, the Provider will ensure that:
Transfers comply with applicable privacy laws.
Adequate safeguards (e.g., standard contractual clauses, privacy certifications) are in place.
9. Data Breach Response
In the event of a suspected or confirmed data breach, the Provider will:
Notify the Client within 48 hours of discovery.
Provide available details about the breach.
Cooperate fully in containing, investigating, and remedying the breach.
10. Data Retention & Deletion
All Client data will be deleted within 30 days of contract termination unless required by law to retain it.
Upon request, the Provider will return all data in a usable format before deletion.
11. Term & Termination
This Agreement remains in force for the duration of the Service Agreement and automatically ends when the Provider ceases to process Personal Data on behalf of the Client.
Signed for and on behalf of:
Controller (Client)
Name: ___________________________
Signature: _______________________
Date: ___________________________
Processor (Provider)
Name: Chateeze - Nic Culverhouse
Signature: _______________________
Date: ___________________________