Data Processing Addendum

This Data Processing Addendum applies where a customer uses Dialoqra to process personal data of third parties and, for that customer-controlled personal data, KS Creating CommV acts as a processor or service provider on the customer's behalf. It is incorporated into the legal framework governing Dialoqra whenever the Terms of Service provide for its application, unless the parties sign a separate written data processing agreement that expressly supersedes it.

This addendum does not apply to processing for which Dialoqra acts as an independent controller, including account administration, authentication, billing administration, service security, abuse prevention, legal compliance, limited service analytics, and support-related processing performed to operate the platform itself.

For customer-controlled personal data, the customer acts as controller and Dialoqra acts as processor only to the extent required to provide the hosted service. The customer is responsible for determining whether the personal data should be uploaded, how it should be structured, which users may access it, how long it should remain available, and whether any notices, consents, assessments, or other legal measures are required.

The customer's documented instructions consist of the service configuration selected by the customer, the actions taken in the product by the customer's authorized users, the Terms of Service, this addendum, and any additional written instructions accepted by KS Creating CommV. Dialoqra may refuse instructions that are unlawful, technically infeasible, insecure, or outside the scope of the service.

The subject matter of the processing is the hosted storage, organization, display, indexing, collaboration, export, support, backup, and security handling of customer-controlled content and related metadata placed into Dialoqra by the customer or its authorized users.

The duration of the processing lasts for as long as Dialoqra provides the relevant service and for any limited retention period that is reasonably necessary for backups, incident handling, deletion workflows, legal holds, or non-waivable legal obligations. The nature and purpose of the processing are limited to providing, securing, maintaining, troubleshooting, and supporting the contracted service.

Depending on how the customer uses Dialoqra, data subjects may include the customer's users, employees, contractors, collaborators, clients, end users, or other individuals whose information the customer chooses to place in workspace content.

Personal data may include identifiers, contact details, project or workflow information, comments, uploaded files, dialogue content, notes, role and access metadata, timestamps, logs, and any other personal data the customer or its users choose to include in the service.

KS Creating CommV will ensure that persons authorized to process customer-controlled personal data are subject to appropriate confidentiality obligations. We will apply commercially reasonable technical and organizational measures designed to protect customer-controlled personal data against unauthorized access, unlawful disclosure, misuse, alteration, accidental loss, or destruction, taking into account the nature of the service and the risks presented by the processing.

Those measures may include transport security, environment and access controls, authentication and session protections, role-based access patterns, logging, backup and recovery controls, and anti-abuse safeguards. No security measure can eliminate all risk, and the customer remains responsible for secure endpoint use, access governance, and deciding what data is uploaded.

The customer grants a general authorization for Dialoqra to use subprocessors that are reasonably necessary to operate, secure, support, and improve the service, such as hosting, authentication, payment, messaging, monitoring, support, and professional-service providers. We remain responsible for ensuring that subprocessors are bound by appropriate data-protection obligations relevant to the services they perform for us.

Because Dialoqra may rely on infrastructure and providers in different countries, customer-controlled personal data may be processed internationally. Where applicable law requires transfer safeguards, we aim to use measures such as adequacy decisions, contractual safeguards, and supporting technical or organizational protections. Customers may contact us to request information about the subprocessors or transfer safeguards relevant to the service.

Taking into account the nature of the processing and the information available to us, we will provide reasonable assistance to the customer in responding to data subject requests, security incidents, or legally required assessments to the extent the customer cannot reasonably fulfill those obligations without our help. We may satisfy this obligation through self-service functionality, product documentation, support responses, or other reasonable means.

If we become aware of a personal data breach affecting customer-controlled personal data, we will take steps we consider reasonably necessary to investigate, contain, and mitigate the incident, and we will notify the customer where and when applicable law requires or where the incident materially affects the service.

During the subscription term, the customer may use available service functionality to access, export, or delete customer-controlled content. After termination or expiration of the relevant service, we may retain customer-controlled personal data only for the limited period reasonably necessary to complete deletion workflows, honor backup rotation, investigate incidents, enforce our agreements, or comply with non-waivable legal obligations.

Once retention is no longer necessary for those purposes, we may delete or anonymize the remaining customer-controlled personal data in accordance with our operational policies. Backup copies may persist for a limited period before they are overwritten in the ordinary course of operations.

We will make available information reasonably necessary to demonstrate compliance with this addendum, taking into account the nature of the service and the need to protect the security, confidentiality, and privacy of other customers and our systems. We may satisfy this through legal documentation, support responses, security summaries, or other appropriate documentation.

If the customer has a specific legal need for additional audit information that cannot reasonably be satisfied through the materials already made available, the parties may discuss a proportionate written information request or limited audit process subject to confidentiality protections, security safeguards, scope controls, and reimbursement of our reasonable costs, unless applicable law requires otherwise.

If this addendum conflicts with the Privacy Policy regarding customer-controlled processor activities, this addendum controls for that processor relationship. In all other respects, the Terms of Service and Privacy Policy continue to apply.

Questions about this addendum may be sent to support@dialoqra.com. Operator identification for this addendum: KS Creating CommV, registered in Belgium, enterprise/VAT number BE 0802.256.712, contact email support@dialoqra.com.