About
Get Started

Data Processing Agreement

This Data Processing Agreement (DPA) outlines how Smartest Assistant processes personal data in compliance with GDPR, CCPA, and other applicable privacy regulations.

📋

Our Commitment to Data Protection

We are committed to protecting personal data and ensuring compliance with all applicable data protection laws and regulations. This agreement establishes the framework for responsible data processing in our business relationship.

Compliant With:
GDPR, CCPA, PIPEDA, LGPD
Regular Updates:
Reviewed annually and updated as needed
Last updated: January 2024
Effective date: January 1, 2024

Data Processing Purposes and Legal Basis

How and why we process personal data in our business operations

Service Delivery

Contract performance
Description:

Processing personal data to provide virtual assistant services as requested by clients

Data Types:
  • Contact information
  • Business requirements
  • Communication preferences
  • Task specifications
Retention Period:
Duration of service agreement plus 2 years

Customer Support

Legitimate interests
Description:

Processing data necessary to provide customer support and resolve service issues

Data Types:
  • Support communications
  • Service usage data
  • Issue resolution records
  • Feedback data
Retention Period:
3 years from last customer interaction

Legal Compliance

Legal obligation
Description:

Processing required to comply with legal obligations and regulatory requirements

Data Types:
  • Financial records
  • Tax information
  • Regulatory filings
  • Compliance documentation
Retention Period:
As required by applicable laws (typically 7 years)

Marketing Communications

Consent
Description:

Processing for marketing communications and business development (with consent)

Data Types:
  • Contact preferences
  • Marketing engagement data
  • Communication history
  • Interest indicators
Retention Period:
Until consent is withdrawn or 2 years of inactivity

Your Data Protection Rights

Understanding your rights under data protection regulations and how to exercise them

Right to Access

Request access to personal data we process about you

How to Exercise:
Email [email protected] with verification of identity
Response Time:
30 days

Right to Rectification

Request correction of inaccurate or incomplete personal data

How to Exercise:
Contact us with the specific information that needs correction
Response Time:
30 days

Right to Erasure

Request deletion of personal data (subject to legal obligations)

How to Exercise:
Submit deletion request with reason and scope of deletion
Response Time:
30 days

Right to Portability

Request personal data in a structured, commonly used format

How to Exercise:
Email request specifying desired format and scope
Response Time:
30 days

Right to Object

Object to processing based on legitimate interests or direct marketing

How to Exercise:
Email objection with specific processing activities
Response Time:
30 days

Right to Restrict Processing

Request limitation of processing under certain circumstances

How to Exercise:
Contact us with specific restriction requirements
Response Time:
30 days

Data Security Measures

Comprehensive security controls protecting personal data throughout its lifecycle

Technical Safeguards

  • End-to-end encryption for data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication for system access
  • Regular security updates and patch management
  • Intrusion detection and prevention systems
  • Automated backup and disaster recovery systems

Administrative Safeguards

  • Comprehensive privacy and security training
  • Background checks for all personnel
  • Role-based access controls and permissions
  • Regular security audits and assessments
  • Incident response and breach notification procedures
  • Data retention and secure disposal policies

Physical Safeguards

  • Secure data center facilities with biometric access
  • Environmental controls and monitoring systems
  • Redundant power and network infrastructure
  • 24/7 security monitoring and surveillance
  • Secure destruction of physical storage media
  • Visitor access controls and logging

International Data Transfers

How we ensure adequate protection when transferring personal data across borders

Standard Contractual Clauses (SCCs)

Description:

EU Commission approved contractual clauses for transfers outside the EEA

Scope:
All transfers to countries without adequacy decisions
Additional Safeguards:
Additional security measures and impact assessments

Adequacy Decisions

Description:

Transfers to countries recognized by the EU as having adequate protection

Scope:
Transfers to UK, Canada, and other recognized countries
Additional Safeguards:
Ongoing monitoring of adequacy status

Binding Corporate Rules (BCRs)

Description:

Internal privacy rules for multinational corporate groups

Scope:
Internal data transfers within corporate group
Additional Safeguards:
Comprehensive governance and accountability measures

Data Breach Response

Our procedures for handling and notifying data breaches in compliance with regulations

🚨

Detection

Immediate identification and assessment of potential data breaches through automated monitoring and reporting systems.

📋

Assessment

Rapid evaluation of breach scope, affected data, potential risks, and required notification obligations within 24 hours.

📢

Notification

Notification to supervisory authorities within 72 hours and affected individuals without undue delay when required.

🔧

Remediation

Implementation of containment measures, system repairs, and preventive actions to avoid future incidents.

Data Protection Contact

Get in touch with our data protection team for questions or to exercise your rights

Data Protection Officer

Response Time
Within 30 days

Our Data Protection Officer is available to assist with privacy inquiries, rights requests, and compliance questions. All communications are handled confidentially and professionally.

Supervisory Authority: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. We are committed to working cooperatively with authorities to resolve any concerns.

Related Legal Information

Additional policies and agreements that complement our data processing practices

🔒

Privacy Policy

Comprehensive privacy policy detailing our information collection and usage practices.

🍪

Cookie Policy

Detailed information about our cookie usage and how to manage your preferences.

📄

Terms of Service

Service terms and conditions that govern our business relationship and data processing.