Data Processing Agreement (DPA)
Last updated: January 1, 2025
1. Parties
This Data Processing Agreement (DPA) is entered into between Claimo (Data Processor) and the Customer (Data Controller).
2. Subject of processing
Claimo processes personal data only to the extent necessary to provide the image authenticity verification service.
3. Nature and purpose of processing
Processing is carried out for the purpose of providing the service described in the Terms of Service. Claimo does not process data for other purposes without the explicit consent of the Controller.
4. Data security
Claimo implements appropriate technical and organizational measures to ensure data security, including:
- Data encryption in transit (TLS)
- Access control to systems
- Regular security audits
5. Sub-processing
Claimo may use sub-processors only with the Controller's consent or based on general consent given at the time of contracting.
6. Controller rights
The Controller has the right to:
- Conduct audits of data processing
- Request information about security measures
- Issue binding instructions regarding processing
7. Claimo obligations
- Process data only in accordance with the Controller's instructions
- Ensure confidentiality by staff
- Promptly notify of security breaches
- Delete or return data upon termination of service