Back to Home

Data Processing Addendum (DPA)

Effective Date: April 25, 2025

This Data Processing Addendum ("DPA") outlines the responsibilities and obligations regarding RespondWize's processing of Personal Information on behalf of its customers ("Customer," "Controller," or "you") and ensures compliance with applicable data privacy laws, including FERPA (where applicable) and other relevant U.S. state and federal privacy regulations. This DPA forms part of the agreement(s) between RespondWize and its customers.

Table of Contents

1. Purpose and Scope

This DPA specifies how RespondWize processes Personal Information provided by Customer.

2. Definitions

  • Personal Information: Information related to an identified or identifiable person, processed on behalf of Customer.
  • Processing: Operations performed on Personal Information, including collection, storage, use, disclosure, and deletion.
  • Applicable Data Protection Laws: Includes but is not limited to FERPA, CCPA, and other relevant state or federal privacy laws.

3. Roles of the Parties

  • Customer acts as the Controller, determining the purpose and means of processing.
  • RespondWize acts solely as the Processor, processing data per Customer's documented instructions.

4. Processing Details

  • Subject Matter and Duration: Processing occurs for the duration of the services provided.
  • Nature and Purpose: RespondWize processes Personal Information to deliver services including AI-driven outreach, matching services, and communications.
  • Types of Data: May include contact information, professional or academic interests, voice recordings, and other relevant information provided by Customer.
  • Data Subjects: Includes employees, customers, prospective customers, students, alumni, or any individuals whose data is provided by Customer.

5. Confidentiality

RespondWize ensures its personnel maintain confidentiality and restricts data access to authorized personnel.

6. Security Measures

RespondWize employs appropriate administrative, technical, and physical safeguards, including encryption, access controls, and regular security assessments to protect Personal Information.

7. Sub-Processors

Customer authorizes RespondWize to use necessary sub-processors, provided RespondWize ensures these parties adhere to obligations at least as stringent as this DPA.

8. Data Subject Requests

RespondWize promptly notifies Customer if it receives direct data requests from individuals and assists Customer in fulfilling such requests.

9. Incident Notification

RespondWize notifies Customer without undue delay (within 48 hours) upon becoming aware of any unauthorized disclosure or breach involving Customer Personal Information.

10. Return or Deletion of Data

Upon termination or request, RespondWize shall promptly delete or return all Personal Information received from Customer.

11. Audits and Certifications

RespondWize reasonably cooperates with customers seeking to verify compliance with data protection obligations upon request, subject to reasonable advance notice and agreement by both parties.

12. Compliance with State Privacy Laws

RespondWize complies fully with applicable U.S. state privacy laws, including the CCPA, ensuring no unauthorized selling, sharing, or misuse of Personal Information.

13. Biometric Data

To the extent biometric data (e.g., voiceprints) are processed, RespondWize complies with all applicable biometric privacy laws. Customers must obtain all necessary consents before providing biometric data to RespondWize.

14. FERPA Compliance

Where RespondWize provides services to educational institutions subject to FERPA, RespondWize:

  • Acts as a "school official" with a "legitimate educational interest" in processing education records provided by Customer.
  • Uses FERPA-protected data solely for authorized purposes and does not redisclose data except as permitted by FERPA or explicitly directed by Customer.
  • Promptly deletes or returns all FERPA-protected data upon termination or at Customer's written request.

15. Liability and Indemnification

Each Party indemnifies the other for damages resulting from its own breach of obligations under this DPA or applicable data protection laws.

16. Term and Termination

This DPA remains effective throughout the term of services and thereafter as necessary for compliance with data protection obligations.

17. Miscellaneous

  • Conflict Resolution: This DPA governs all data protection matters, superseding conflicting terms.
  • Governing Law: As specified in the underlying service agreement.
  • Amendments: Must be in writing and signed by authorized representatives.
Last updated: April 25, 2025