Data Processing Agreement for Blue Elephants Solutions

Last Update: 12. September 2024

1. Introduction
This Data Processing Agreement (“Agreement”) is between Blue Elephants Solutions Pte. Ltd., a Singapore-based company dedicated to providing AI-powered and mobile learning solutions, and our clients. This Agreement outlines the terms regarding how we process personal data on behalf of our clients in compliance with applicable data protection laws.

This Agreement applies to our website, SaaS products—including but not limited to Knowledge Empire, Knowledge Gym, AI Conversation Coach, AI Knowledge Assistant, AI Job Interview Coach, AI Job Interview Coach Pro—and any custom developments or services we provide.

2. Definitions

• Data Controller: The entity that determines the purposes and means of processing personal data.
• Data Processor: The entity that processes personal data on behalf of the Data Controller.
• Personal Data: Any information relating to an identified or identifiable natural person, as defined by applicable data protection laws.
• Processing: Any operation or set of operations performed on personal data, such as collection, recording, storage, modification, or deletion.

3. Scope and Purpose
The Processor agrees to process Personal Data solely for the purposes outlined by the Controller and in accordance with the Controller’s instructions. The Processor shall not process Personal Data for its own purposes, unless required by law.

4. Obligations of the Processor
The Processor agrees to:

• Confidentiality: Ensure that individuals involved in processing Personal Data are bound by confidentiality obligations.
• Security: Implement appropriate technical and organizational measures to protect Personal Data from unauthorized or unlawful processing, accidental loss, destruction, or damage.
• Subprocessing: Only engage subprocessors with the Controller’s prior consent. Subprocessors will adhere to the same data protection obligations as set forth in this Agreement.
• Data Subject Rights: Assist the Controller in responding to data subject requests, such as access, rectification, or deletion of Personal Data.
• Data Breach: Notify the Controller without undue delay after becoming aware of a Personal Data breach.

5. Obligations of the Controller
The Controller agrees to:

• Ensure that the Personal Data provided to the Processor has been collected and processed in compliance with applicable data protection laws.
• Provide lawful instructions regarding the processing of Personal Data.

6. Categories of Data
The Processor may process the following categories of personal data on behalf of the Controller: names, email addresses, mobile phone numbers, employee IDs, department details, job roles, and other information provided by the Controller.

7. International Transfers
Where Personal Data is transferred outside the European Economic Area (EEA), the Processor will ensure that appropriate safeguards, such as Standard Contractual Clauses, are in place to protect the data.

8. Subprocessors
The Processor maintains an up-to-date list of subprocessors, which is available upon request. The Processor will inform the Controller in writing of any intended changes concerning the addition or replacement of subprocessors at least 30 days in advance, thereby giving the Controller the opportunity to object to such changes. If the Controller objects on reasonable grounds and the Processor cannot accommodate the objection, the Controller may terminate the affected Services without penalty.

9. Data Retention and Deletion
Upon termination of services or at the Controller’s request, the Processor will either delete or return all Personal Data, unless applicable law requires the storage of the data.

10. Audits and Inspections
The Processor will provide the Controller with the necessary information to demonstrate compliance with this Agreement and will allow for audits or inspections conducted by the Controller or a third-party auditor mandated by the Controller.

11. Term and Termination
This Agreement will remain in effect for as long as the Processor processes Personal Data on behalf of the Controller. Upon termination, the Processor will delete or return all Personal Data as stated in Section 9.

12. Liability
The Processor’s liability under this Agreement is limited to the amount paid by the Controller in the last month for the services, except where local laws impose higher liability standards.

13. Governing Law and Jurisdiction
This Agreement will be governed by and construed in accordance with the laws of Singapore. Any disputes arising from or in connection with this Agreement will be resolved through binding arbitration in Singapore under the rules of the Singapore International Arbitration Centre (SIAC).

14. Changes to This Agreement
We may modify the Services, Policies, Terms or Agreements at any time. Any updates will be posted on this page, and we recommend that you check back occasionally to stay informed of any changes. Changes will be communicated by updating the “Last Update” Date at the top of this document. Any significant changes will be communicated through a notice on our website or via email.

15. Contact Information
You can find us at 160 Robinson Rd, #14-04, Singapore 068914, reach us by phone at +65 9821 7914, or contact us via email at contact@blue-elephants-solutions.com.

 

 

 

Other relevant Terms, Agreements and Policies:

• Cookie Policy for Blue Elephants Solutions
• Terms of Service for Blue Elephants Solutions
• Privacy Policy for Blue Elephants Solutions
• Data Processing Agreement for Blue Elephants Solutions
• Service Level Agreement for Blue Elephants Solutions
• End-User License Agreement for Blue Elephants Solutions
• Responsible AI Policy for Blue Elephants Solutions
• Refund Policy for Blue Elephants Solutions