This Data Processing Agreement (the "Agreement") is entered into as of the Effective Date by and between:

Technitive Solutions Pvt Ltd, a company registered in Pune, India, operating under the brand name "RoboResponseAI" (hereinafter referred to as "RoboResponseAI");


[Customer Name], a company registered in [Country], having its registered office at [Address] (hereinafter referred to as the "Customer");

(each a "Party" and collectively the "Parties").

WHEREAS the Parties have entered into a separate agreement, being the Terms Of Use and Privacy Policy (the "Principal Agreement") for the provision of a software-as-a-service chatbot based on OpenAI's GPT technology stack (the "Services");

AND WHEREAS, the Parties acknowledge that the provision of the Services may involve the processing of Personal Data (as defined under the GDPR) on behalf of the Customer;

AND WHEREAS, the Parties wish to enter into this Agreement to ensure the processing of Personal Data is in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR");

NOW, THEREFORE, in consideration of the mutual promises and covenants contained herein, the Parties agree as follows:

  2. For the purposes of this Agreement:

    1. “EEA" means the European Economic Area, which constitutes the member states of the European Union, the United Kingdom, Norway, Iceland and Liechtenstein.
    2. “EU Data Protection Legislation” means
      1. prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, including any applicable national implementations of it; and
      2. Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (as amended, replaced or superseded) (" GDPR");
    3. “Controller” shall mean the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data;
    4. “Processor” shall mean an entity which processes Personal Data on behalf of the Controller;
    5. “Personal Data” means any information relating to an identified or identifiable natural person.
    6. “Data Subject” means the individual to whom Personal Data relates
    7. "Sub-Processor" means any Data Processor engaged by RoboResponseAI to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-Processors may include third parties or members of the RoboResponseAI group. ;

    • 2.1. RoboResponseAI shall process Personal Data only on behalf of the Customer and in accordance with the Customer's documented instructions, unless otherwise required by applicable law.
    • 2.2. RoboResponseAI shall not process Personal Data for its own purposes or for any purpose other than the performance of the Services under the Principal Agreement.

    1. Compliance with Laws:
    2. Customer is responsible for adhering to all applicable Data Protection Laws in relation to the Processing of Personal Data and the instructions issued to RoboResponseAI within the scope of the Agreement. This includes ensuring the accuracy, quality, and legality of Customer Data, complying with transparency and lawfulness requirements for collecting and using Personal Data, obtaining necessary consents, and ensuring the right to transfer or provide access to the Personal Data to RoboResponseAI. Customer is also responsible for ensuring that its Instructions to RoboResponseAI regarding the Processing of Personal Data comply with applicable laws, including Data Protection Laws. Additionally, Customer must comply with all relevant laws, including Data Protection Laws, pertaining to emails and content managed through the Subscription Services, such as obtaining necessary consents for sending emails and complying with email content regulations. If Customer is unable to fulfill these responsibilities or comply with applicable Data Protection Laws, it must promptly inform RoboResponseAI.

    3. RoboResponseAI Instructions:
    4. The Agreement, along with Customer's use of the Subscription Service in accordance with the Agreement, constitutes Customer's comprehensive and final instructions to RoboResponseAI regarding the Processing of Personal Data. Any additional instructions beyond the scope of these Instructions require prior written agreement between Customer and RoboResponseAI.

    1. 4.1. RoboResponseAI shall ensure that its personnel authorized to process Personal Data are subject to appropriate confidentiality obligations.
    2. 4.2. RoboResponseAI shall implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
    3. 4.3. RoboResponseAI shall provide reasonable assistance to the Customer in ensuring compliance with the Customer's obligations under GDPR, including data subject rights, data protection impact assessments and reporting of personal data breaches.
    4. 4.4. RoboResponseAI shall notify the Customer of any data breach affecting Personal Data and provide reasonable assistance to the Customer in addressing such breach.
    5. 4.5. RoboResponseAI shall make available to the Customer all information necessary to demonstrate compliance with the obligations set out in this Agreement and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

    • 5.1. The Customer authorizes RoboResponseAI to engage Sub-Processors to assist in the performance of the Services.
    • 5.2. RoboResponseAI shall ensure that the data protection obligations on the Sub-Processor are no less protective than those set out in this Agreement.

  8. The RoboResponseAI Service provides Customer with a number of controls that Customer may use to retrieve, correct, delete, or restrict Personal Data, which Customer may use to assist it in connection with its obligations under Data Protection Laws, including its obligations relating to responding to requests from Data Subjects to exercise their rights under applicable Data Protection Laws ("Data Subject Requests").

    To the extent that Customer is unable to independently address a Data Subject Request through the Subscription Service, then upon Customer’s written request RoboResponseAI shall provide reasonable assistance to Customer to respond to any Data Subject Requests or requests from data protection authorities relating to the Processing of Personal Data under the Agreement. Customer shall reimburse RoboResponseAI for the commercially reasonable costs arising from this assistance.

    If a Data Subject Request or other communication regarding the Processing of Personal Data under the Agreement is made directly to RoboResponseAI, RoboResponseAI will promptly inform Customer and will advise the Data Subject to submit their request to Customer. Customer shall be solely responsible for responding substantively to any such Data Subject Requests or communications involving Personal Data.

    • 7.1. Customer acknowledges and agrees that RoboResponseAI is authorized to access and process Personal Data worldwide as required to deliver the Subscription Service in accordance with the Agreement. Specifically, the Personal Data will be transferred to and processed by RoboResponseAI in the United States and other jurisdictions where RoboResponseAI Affiliates and Sub-Processors operate. RoboResponseAI will make attempts to ensure that these transfers will be conducted in compliance with all applicable Data Protection Laws.

  11. Data Breach: In the event of any unauthorized disclosure or breach of Personal Data, RoboResponseAI will promptly notify the Customer within 72 hours of becoming aware of such incident. The notification will be sent to the Customer's registered email address, providing the necessary information to enable the Customer to fulfill its obligations under Article 33 of the GDPR.

    • 9.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, RoboResponseAI shall in relation to the Customer’s Personal Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

    • 10.1. This Agreement shall commence on the Effective Date and shall continue in force until the termination or expiry of the Principal Agreement, unless terminated earlier in accordance with this Agreement.
    • 10.2. Either Party may terminate this Agreement for cause upon written notice to the other Party if the other Party breaches any material term of this Agreement and fails to cure such breach within thirty (30) days of receipt of such notice.
    • 10.3. Upon termination or expiry of this Agreement, RoboResponseAI shall, at the choice of the Customer, delete or return all Personal Data to the Customer and delete existing copies, unless applicable law requires the storage of Personal Data.

    • 11.1. RoboResponseAI's liability for any breach of this Agreement, any negligent or willful misconduct, or any other claim arising out of or in connection with this Agreement shall be subject to the limitations of liability set forth in the Principal Agreement.

    • 12.1. This Agreement shall be governed by and construed in accordance with the laws of Pune,India, without regard to its conflict of laws principles.
    • 12.2. Any dispute arising out of or in connection with this Agreement, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by arbitration in accordance with the [Arbitration Rules of the Country] for the time being in force, which rules are deemed to be incorporated by reference in this clause. The seat of the arbitration shall be Pune,India.

    • 13.1. This Agreement, together with the Principal Agreement, constitutes the entire understanding between the Parties concerning the subject matter hereof and supersedes all prior negotiations, discussions, and agreements, whether written or oral, between the Parties relating thereto.
    • 13.2. If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
    • 13.3. No waiver of any breach of any provision of this Agreement shall constitute a waiver of any prior, concurrent, or subsequent breach of the same or any other provisions hereof, and no waiver shall be effective unless made in writing and signed by an authorized representative of the waiving Party.
    • 13.4. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.

IN WITNESS WHEREOF, the Parties have executed this Agreement as of the Effective Date.

[Customer's Authorized Signatory]

[Address, Name, Title]

[RoboResponseAI's Authorized Signatory]

[Address, Name, Title]