Last Updated: April 1, 2025

    1. Introduction

    This Data Processing Agreement ("DPA") forms part of the Terms of Service between TicketBuddy.ai ("Processor", "we", "us", or "our") and the user or entity ("Controller", "you", or "your") using our Services (collectively, the "Parties").

    This DPA applies where and only to the extent that we process Personal Data on your behalf in the course of providing the Services and where such Personal Data is subject to Data Protection Laws. This DPA reflects the Parties' agreement with respect to the processing of Personal Data.

    2. Definitions

    "Data Protection Laws" means all laws and regulations applicable to the Processing of Personal Data under the Agreement, including, without limitation, the GDPR and the CCPA, as applicable.

    "GDPR" means the General Data Protection Regulation (EU) 2016/679.

    "CCPA" means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq.

    "Personal Data" means any information relating to an identified or identifiable natural person ('Data Subject').

    "Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automated means.

    Other terms used but not defined in this DPA shall have the meanings provided in the Terms of Service or the applicable Data Protection Laws.

    3. Processing of Personal Data

    3.1. Processing Instructions

    We will Process Personal Data only in accordance with your documented instructions. The Terms of Service and this DPA constitute your complete and final instructions regarding the Processing of Personal Data.

    3.2. Details of Processing

    The subject matter of the Processing is the provision of the Services as described in the Terms of Service. The duration of the Processing shall be for the term of the Terms of Service. The nature and purpose of the Processing shall be to provide the Services. The types of Personal Data processed include customer contact information, customer support inquiries, and related data. The categories of Data Subjects include your customers, users, and other individuals about whom data is provided to us by you or on your behalf.

    4. Data Security

    We will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, as appropriate:

    • The pseudonymization and encryption of Personal Data;
    • The ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
    • The ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
    • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.

    5. Subprocessors

    5.1. Authorization

    You hereby authorize us to engage subprocessors to Process Personal Data in connection with the Services. We will maintain a list of our current subprocessors, which will be made available upon request.

    5.2. Obligations

    We will ensure that each subprocessor is subject to obligations regarding the protection of Personal Data that are no less protective than those to which we are subject under this DPA.

    5.3. Changes to Subprocessors

    We will inform you of any intended changes concerning the addition or replacement of subprocessors, thereby giving you the opportunity to object to such changes.

    6. Data Subject Rights

    We will provide reasonable assistance to you in responding to requests from Data Subjects exercising their rights under applicable Data Protection Laws.

    7. Data Protection Impact Assessment and Prior Consultation

    We will provide reasonable assistance to you with any data protection impact assessments and prior consultations with supervisory authorities that you are required to carry out under applicable Data Protection Laws.

    8. Return or Deletion of Personal Data

    Upon termination of the Services, we will, at your choice, delete or return all Personal Data to you and delete existing copies unless applicable law requires storage of the Personal Data.

    9. Audit Rights

    We will make available to you all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by you or an auditor mandated by you, under reasonable terms and conditions.

    10. International Transfers

    We will not transfer Personal Data outside the European Economic Area unless adequate protection for the Personal Data is ensured in accordance with applicable Data Protection Laws.

    11. Breach Notification

    We will notify you without undue delay after becoming aware of a Personal Data breach affecting the Personal Data we Process on your behalf.

    12. Contact Information

    For questions regarding this DPA, please contact us at info@ticketbuddy.ai.