Loading...
This Data Processing Addendum (“DPA”) describes the data protection terms that apply when Ask Lou LLC (“Asklou”, “we”, “us”) processes personal data on behalf of a business customer in connection with the Services.
Availability and execution. We provide a DPA for customers who require it (for example, for GDPR/UK GDPR). This DPA becomes binding only if (and when) it is executed by the parties, whether as an attachment to an order form, a click-accepted addendum, or another written agreement that incorporates it.
To request our current DPA, contact us at privacy@asklou.co.
For purposes of this DPA:
Subject matter. Asklou provides the Services to Customer and processes personal data within Customer Data as necessary to provide, secure, support, and maintain the Services.
Duration. Processing continues for the term of the Agreement and any applicable retention period described in our Privacy Policy and/or Customer’s instructions, subject to legal requirements.
Nature and purpose. Hosting, storage, retrieval, transmission, and other processing of Customer Data to provide the Services, including account management, customer support, security, abuse prevention, and service improvements consistent with the Agreement and Privacy Policy.
Categories of data subjects and data. Depending on Customer’s use of the Services, data subjects may include Customer’s employees, contractors, customers, leads, vendors, and other end users. Personal data may include identifiers and contact details (e.g., name, email, phone number), communications content, and other information Customer chooses to submit to the Services.
Customer instructs Asklou to process personal data included in Customer Data only to provide the Services and as otherwise permitted by the Agreement, this DPA, and applicable law. Customer is responsible for ensuring it has a lawful basis to provide personal data to Asklou and for providing any notices and obtaining any consents required by law.
Asklou will ensure that personnel authorized to process personal data are subject to appropriate confidentiality obligations.
Asklou will implement and maintain reasonable technical and organizational measures designed to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure. Specific measures may evolve over time as we improve our security program.
Asklou may engage subprocessors to help provide the Services (for example, cloud hosting, communications providers, and other infrastructure vendors). Asklou will impose data protection obligations on subprocessors consistent with this DPA.
We will provide information about key subprocessors on request at privacy@asklou.co. Where required by applicable law, we will provide a mechanism for Customer to receive notice of material changes to subprocessors.
To the extent required by law and applicable to Asklou’s role as processor, Asklou will provide reasonable assistance to Customer to respond to requests from data subjects to exercise their rights, taking into account the nature of the processing and information available to Asklou.
Upon termination of the Services, Asklou will delete or return Customer Data in accordance with the Agreement and applicable law, subject to reasonable backup and retention practices.
If personal data is transferred from the EEA/UK/Switzerland to a country not recognized as providing an adequate level of protection, the parties will use a legally valid transfer mechanism where required (for example, Standard Contractual Clauses).
To the extent the CCPA/CPRA applies, Asklou will not “sell” or “share” personal information (as those terms are defined under California law) that it processes on Customer’s behalf, and will process such personal information only to provide the Services and as otherwise permitted by the Agreement and applicable law.
Questions or requests regarding this DPA should be sent to privacy@asklou.co.