top of page
Data Processing Addendum
This Data Processing Addendum (“DPA”) supplements and is made pursuant to the Agreement between CaregiVR Inc. (“caregiVR") and Customer effective as of the Effective Date. In the case of any conflict between the Agreement and this DPA, the DPA shall prevail with respect to the handling of Personal Information (as defined below). caregiVR and the Customer agree that this DPA sets forth the parties’ obligations governing the handling of Personal Information in connection with the Agreement and the Customer’s use of the Services.
1. DEFINITIONS
2. HANDLING OF CUSTOMER DATA
3. OBLIGATION OF PARTIES
4. SECURITY MEASURES AND BREACHES
5. DATA TRANSFER
6. SUBPROCESSING
7. REQUESTS FROM INDIVIDUALS
8. GENERAL TERMS
1. DEFINITIONS
1.1 Capitalized terms used but not defined in this DPA shall have the same meaning given to them in the Agreement.
Applicable Privacy Law(s): mean privacy laws applicable to caregiVR’s handling of Personal Information under the Agreement, as amended, updated or replaced from time to time.
Personal Information: means information defined as “personal information” (or analogous term) under applicable privacy laws from or about Customers that is made available to caregiVR (or third parties acting on caregiVR’s behalf) by Customer (or End User or third parties acting on Customer’s behalf) as part of using the Services, as well as other personal information Customer chooses to share with caregiVR about its End Users as part of using the Services.
Privacy Breach: has the meaning as interpreted in accordance with Applicable Privacy Laws.
Handling, Handle or Handles: means any operation or set of operations performed on Personal Information, such as collecting, recording, storing, modifying, using, disclosing; or the definition given to such term under Applicable Privacy Laws.
2. HANDLING OF CUSTOMER DATA
2.1 caregiVR does not, on its own, collect or handle information through the Services that directly identifies an individual. However, certain data provided by the Customer or collected on behalf of the Customer may, when combined with other information, be capable of identifying an individual and may therefore constitute Personal Information under Applicable Privacy Laws. caregiVR will treat such data as Personal Information to the extent required by Applicable Privacy Laws and in accordance with the terms of this DPA.
2.2 caregiVR receives and handles Personal Information for the purpose of providing the Services and as otherwise described below, including in Appendix A. caregiVR may also handle such Personal Information to improve the Services, or as otherwise permitted by Applicable Privacy Laws.
2.3 As part of providing and the ongoing improvement of its Services, caregiVR may aggregate, anonymize or de-identify Personal Information.
3. OBLIGATION OF PARTIES
3.1 Each party shall comply with their respective obligations under Applicable Privacy Laws.
3.2 Customer represents and warrants that:
3.2.1 it is in compliance with all obligations under Applicable Privacy Laws to provide notice and transparency concerning the handling of Personal information under the Agreement and in connection with the End User’s use of the Services. To the extent required under Applicable Privacy Laws, Customer shall communicate to the relevant End Users all disclosures necessary for caregiVR to lawfully handle Personal Information in connection with the DPA, including by providing a link to the caregiVR’s Privacy Policy or your own Privacy Policy;
3.2.2 it has all necessary rights, permissions and consents – whether from the individual to whom the Personal Information relates to, or where applicable, from a legally authorized substitute decision-maker or pursuant to another lawful basis – to make available Personal Information to caregiVR in accordance with the Agreement, and Applicable Privacy Laws; and
3.2.3 it is, and will, at all relevant times remain authorized to give instructions to the caregiVR. Customer has the sole responsibility for the accuracy, quality and legality of Personal Information provided to caregiVR and how Customer acquired such information.
3.3 Unless prohibited by applicable laws, Customer agrees to notify caregiVR promptly of any governmental, regulatory or other third party inquiry or complaint concerning Customer’s use of the Services.
3.4 CaregiVR shall promptly notify Customer in writing if a governmental or regulatory authority requests access to Personal Information, unless prohibited from doing so by the governmental or regulatory authority.
4. SECURITY MEASURES AND BREACHES
4.1 caregiVR will implement and maintain appropriate administrative, physical and technological measures designed to protect Personal Information against Privacy Breach.
4.2 caregiVR will impose appropriate contractual obligations upon its personnel including relevant obligations regarding confidentiality, data protection and data security.
4.3 As required by Applicable Privacy Laws, caregiVR will provide notice to Customer upon caregiVR confirming any Privacy Breach. Such notice shall include the information required under Applicable Privacy Laws to the extent such information is reasonably available to caregiVR. caregiVR’s response to, or notice of, a Privacy Breach is not an acknowledgement by caregiVR of any fault or liability.
4.4 caregiVR agrees to investigate any Privacy Breach and use commercially reasonable efforts to identify, prevent, mitigate and remedy the effects.
4.5 The obligations in Sections 4.2 and 4.3 shall not apply to incidents that are caused by Customer or Customer’s End Users.
5. DATA TRANSFER
5.1 Customer acknowledges that Personal Information may be transferred and processed in any country in which caregiVR, or third party service providers are located (including in Canada).
5.2 Customer acknowledge that, in the course of providing services to the Customer, caregiVR may share Personal Information to comply with legal requirements or to respond to a court orders or other similar governmental or regulatory demands; or to prevent or investigate suspected fraud, illegal activity or violation of a contract (such as this Agreement), or its policies. caregiVR will make reasonable efforts before sharing Personal Information to ensure that such disclosure is permitted under Applicable Privacy Laws and will be treated as confidential information under the applicable legal framework.
6. SUBPROCESSING
6.1 Customer acknowledges that caregiVR may use subprocessors and subcontractors and they may process Customer Data on caregiVR’s behalf to perform services under the Agreement.
6.2 caregiVR will be responsible for the acts and omissions of its subprocessors and subcontractors.
7. REQUESTS FROM INDIVIDUALS
7.1 To the extent required under Applicable Privacy Laws, caregiVR will facilitate Customer’s ability to handle and respond to Data Rights Requests from Customer’s End Users related to their use of the Services. “Data Rights Requests” refer to rights available under Applicable Privacy Laws to individuals such as the right of access and correction. Unless prohibited under Applicable Privacy Laws, Customer will reimburse caregiVR with any costs and expenses related to caregiVR’s provision of such assistance.
8. GENERAL TERMS
8.1 The parties to this DPA agree to negotiate in good faith modifications to this DPA if changes are required for caregiVR to continue to handle the Personal Information as contemplated by this DPA in compliance with Applicable Privacy Laws.
8.2 Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained in this DPA.
bottom of page