```Cory's Entities Legal
Data Processing Addendum
Effective Date: [Insert Effective Date]
This Data Processing Addendum applies where Cory's Entities processes personal data on behalf of a business customer as a processor or service provider under applicable data protection laws.
1. Roles
Customer is the controller or business, and Cory's Entities is the processor or service provider, except where Cory's Entities processes information for its own legitimate business purposes as described in the Privacy Policy.
2. Processing Instructions
We will process personal data to provide, secure, maintain, support, and improve the Services; comply with documented instructions; and satisfy legal obligations.
3. Customer Responsibilities
Customer is responsible for lawful collection, notice, consent, permissions, data accuracy, retention instructions, user authorization, and ensuring the Services are appropriate for the categories of data submitted.
4. Confidentiality
We will ensure personnel authorized to process personal data are subject to appropriate confidentiality obligations.
5. Security Measures
We will maintain commercially reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
6. Subprocessors
Customer authorizes use of subprocessors for hosting, infrastructure, AI functionality, analytics, payment, support, security, and related operations. We remain responsible for subprocessors as required by applicable law.
7. Data Subject Requests
Taking into account the nature of processing, we will provide reasonable assistance for verified data subject requests where required and where Customer cannot fulfill the request independently.
8. Security Incidents
We will notify Customer of confirmed security incidents affecting Customer personal data as required by applicable law and available information.
9. Deletion and Return
Upon termination, we will delete or return personal data according to product functionality, agreement terms, legal requirements, backup cycles, and legitimate retention needs.
10. International Transfers
Where required, the parties will use appropriate transfer mechanisms for international transfers of personal data.
11. Conflict
If this Addendum conflicts with the Terms, this Addendum controls only for processing of personal data on behalf of Customer.