QamaqQamaq
|

Data Processing Agreement (DPA)

Our commitment to protecting your data in compliance with GDPR and other data protection regulations

Last Updated: January 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer") and Qamaq ("Processor") and sets forth the terms and conditions governing the processing of Personal Data on behalf of the Customer.

1. Definitions

Personal Data:Any information relating to an identified or identifiable natural person that is processed by Qamaq on behalf of the Customer.
Processing:Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
Data Subject:The individual to whom Personal Data relates.
GDPR:General Data Protection Regulation (EU) 2016/679.

2. Scope and Nature of Processing

Subject Matter of Processing

Qamaq processes Personal Data to provide AI-powered knowledge management, document processing, workflow automation, and collaborative workspace services.

Categories of Data Subjects

  • Customer's employees and contractors
  • Customer's clients and end-users
  • Individuals mentioned in uploaded documents

Types of Personal Data

  • Contact information (names, email addresses, phone numbers)
  • Professional information (job titles, department, organization)
  • Account credentials and authentication data
  • User-generated content and documents
  • Usage data and system logs
  • Communication metadata

Purpose of Processing

  • Providing AI-powered knowledge base and search functionality
  • Enabling document processing and automated workflows
  • Facilitating team collaboration and communication
  • Maintaining platform security and preventing fraud
  • Providing customer support services
  • Service improvement and analytics

3. Customer's Obligations

The Customer warrants that:

  • It has the legal right to transfer Personal Data to Qamaq for processing
  • It has obtained all necessary consents from Data Subjects
  • It will comply with all applicable data protection laws
  • Processing instructions provided to Qamaq are lawful
  • It will implement appropriate security measures for data in its control

4. Qamaq's Obligations

4.1 Processing Instructions

Qamaq shall process Personal Data only in accordance with Customer's documented instructions and applicable data protection laws.

4.2 Confidentiality

Qamaq ensures that personnel authorized to process Personal Data have committed to confidentiality or are under appropriate statutory obligations of confidentiality.

4.3 Security Measures

Qamaq implements appropriate technical and organizational measures to ensure data security, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Security monitoring and incident detection systems
  • Regular backups and disaster recovery procedures
  • Employee security training and awareness programs

4.4 Sub-processors

Qamaq may engage sub-processors to assist in providing the Services. Current sub-processors include cloud infrastructure providers and AI model providers. Customer will be notified of any changes to sub-processors with 30 days' notice.

5. Data Subject Rights

Qamaq will assist Customer in fulfilling Data Subject rights requests, including:

Right of Access

Access to personal data

Right to Rectification

Correction of inaccurate data

Right to Erasure

Deletion of personal data

Right to Data Portability

Export data in machine-readable format

6. Data Breach Notification

In the event of a Personal Data breach, Qamaq will:

  • Notify Customer without undue delay and within 72 hours of becoming aware
  • Provide details of the nature of the breach and affected data
  • Describe measures taken or proposed to address the breach
  • Cooperate with Customer in investigating and mitigating the breach
  • Document all data breaches and make records available to Customer

7. Data Transfers

Personal Data may be transferred to and processed in countries outside the European Economic Area (EEA). Qamaq ensures such transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Other appropriate safeguards as required by law

8. Audits and Compliance

Qamaq will make available to Customer information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, by Customer or an auditor appointed by Customer, subject to reasonable notice and confidentiality obligations.

9. Data Deletion and Return

Upon termination or expiration of the Services, Qamaq will:

  • At Customer's choice, return all Personal Data or securely delete it within 30 days
  • Provide confirmation of deletion upon request
  • Retain data only to the extent required by applicable law
  • Continue to protect any retained data in accordance with this DPA

Data Protection Contact

For questions about this DPA or data processing practices:

Email: privacy@qamaq.io

Data Protection Officer: dpo@qamaq.io