This DPA is incorporated into the services agreement between the client ("Controller") and Beyond Image Solutions ("Processor") and applies where BIS processes personal data on behalf of the Controller.
BIS shall process personal data only on documented instructions from the Controller, including for purposes set out in the main services agreement.
BIS implements encryption in transit and at rest, access controls, regular testing, incident response procedures, and employee training on data protection.
BIS uses sub-processors including cloud infrastructure, AI providers, and telecommunications carriers. A list is available upon request. BIS will provide 30 days notice before adding new sub-processors.
BIS shall notify the Controller within 72 hours of becoming aware of a personal data breach affecting Controller data.
Upon termination, BIS shall delete or return all personal data processed on the Controller's behalf. BIS will certify deletion in writing upon request.
To execute this DPA, contact: hello@beyondimagesolutions.com