Data Processing Agreement

This Data Processing Agreement ("DPA") supplements any services agreement between Nscope Advantage ("Processor") and the client entity receiving services ("Controller") where Processor processes personal data on behalf of Controller.

The parties acknowledge that, with respect to personal data processed under the services agreement, Controller determines the purposes and means of processing and Processor processes personal data on behalf of Controller.

Subject matter, duration, nature, and purpose of processing are defined by the services agreement and documented instructions from Controller. Categories of data subjects and personal data depend on the services requested by Controller.

• Process personal data only on documented instructions from Controller unless otherwise required by law.
• Ensure persons authorized to process personal data are bound by confidentiality obligations.
• Implement appropriate technical and organizational measures to protect personal data.
• Assist Controller, where reasonably requested, with data subject requests and compliance obligations.
• Notify Controller without undue delay after becoming aware of a confirmed personal data breach affecting data processed under this DPA.

Controller authorizes Processor to engage subprocessors necessary for delivery of services. Processor remains responsible for ensuring subprocessors are bound by data protection obligations materially consistent with this DPA.

Where personal data is transferred internationally, the parties will implement appropriate transfer mechanisms required by applicable law.

Processor maintains security controls appropriate to risk, including access controls, encryption in transit where applicable, and procedures for vulnerability management and incident response.

Upon reasonable written request, Processor will provide information necessary to demonstrate compliance with this DPA. Any audit rights are subject to confidentiality protections, scope limitations, and reasonable notice.

Taking into account the nature of processing, Processor will provide reasonable assistance to Controller in responding to requests from data subjects to access, correct, delete, or restrict processing of personal data.

Upon termination of services and at Controller's direction, Processor will return or delete personal data, unless retention is required by law or for legitimate archival purposes permitted by contract.

Liability under this DPA is subject to limitations and exclusions in the underlying services agreement, unless prohibited by applicable law. If there is a conflict between this DPA and the services agreement regarding data protection, this DPA controls for that conflict.

Questions regarding this DPA may be directed to:
Nscope Advantage
1631 Rock Springs Rd, PMB 222, Apopka, FL 32712
Phone: 321-273-7300