Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Master Services Agreement or Terms of Service ("Agreement") between Stride World ("Processor") and the Customer ("Controller").

1. Subject Matter and Duration

This DPA applies to the processing of Personal Data by Stride on behalf of the Customer in the course of providing its services. The duration of the processing corresponds to the duration of the Agreement.

2. Nature and Purpose of Processing

The Processor will process Personal Data for the purpose of providing CRM enrichment, data analysis, and GTM expansion services as described in the Agreement. The data is processed exclusively within the European Union (AWS eu-west-1).

3. Categories of Data Subjects

The Personal Data concerns the following categories of data subjects:

• Customer's employees, agents, and manufacturing partners.
• Individuals whose data is contained in the Customer's CRM or submitted for enrichment.

4. Types of Personal Data

The processing includes the following types of Personal Data:

• Contact information (name, email, phone number, job title).
• Professional information (company, role, location).
• Connection data (IP addresses, logs).

5. Rights and Obligations of the Controller

The Controller is responsible for ensuring that a legal basis exists for the processing of Personal Data and for informing data subjects about the processing.

6. Obligations of the Processor

The Processor shall:

• Process Personal Data only on documented instructions from the Controller.
• Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
• Assist the Controller in responding to requests from data subjects exercising their rights.
• Delete or return all Personal Data to the Controller after the end of the provision of services.

7. Subprocessing

The Controller authorizes the Processor to engage the following sub-processors:

• Amazon Web Services EMEA SARL (Infrastructure & Storage) - Location: Ireland (EU)

The Processor shall inform the Controller of any intended changes concerning the addition or replacement of other processors.

8. Security Measures

The Processor implements security measures including, but not limited to:

• Encryption of data at rest (AES-256) and in transit (TLS 1.2+).
• Strict access control and role-based access (RBAC).
• Regular vulnerability scanning and security assessments.