1.1. The Processor agrees to process personal data on behalf of the Controller for the purpose of providing services as described in the primary agreement.
1.2. The agreement shall remain in effect for the duration of the business relationship between the parties or until terminated by either party in accordance with the terms below.
The Processor will process personal data solely for the following purposes:
The types of personal data processed include:
4.1. Use of AI Technology
The Controller uses AI-driven systems to analyze user preferences, generate recommendations, and create tailored music production insights. The Processor acknowledges that the personal data provided may be processed by these AI systems to enhance user experience and generate automated decisions based on user inputs.
4.2. Transparency and Accountability
The Processor shall ensure transparency in the processing of personal data using AI systems by informing the Controller about how the AI system processes data, how decisions are made, and any potential impact on data subjects.
4.3. Mitigation of Bias and Fairness
The Processor agrees to implement safeguards to mitigate bias within the AI systems and to ensure that AI-generated decisions do not discriminate against individuals or groups based on sensitive personal data, in accordance with applicable data protection laws.
4.4. Automated Decision-Making
Where automated decision-making (including profiling) is involved, the Processor agrees to provide meaningful information about the logic involved, as well as the significance and potential consequences for the data subject, as required by law.
4.5. Data Minimization and Purpose Limitation
The Processor will ensure that only the data strictly necessary for the intended purposes is used in AI processing and that data will not be used for any purposes beyond those defined in this agreement.
4.6. Human Oversight
Where applicable, human oversight mechanisms will be in place to monitor, review, and validate AI-generated outcomes to ensure compliance with data protection and fairness requirements.
The Processor shall process personal data only on documented instructions from the Controller and shall not use the data for any other purpose.
The Processor will implement appropriate technical and organizational measures to ensure the security of personal data, including but not limited to:
The Processor may engage sub-processors to carry out specific data processing activities. The Processor must inform the Controller of any changes concerning the addition or replacement of sub-processors, providing the Controller the opportunity to object.
In the event that personal data is transferred outside of the European Economic Area (EEA), the Processor shall ensure such transfers are made in accordance with GDPR or other applicable regulations.
In the event of a data breach, including breaches affecting AI systems, the Processor shall notify the Controller without undue delay and provide details about the breach and the potential impact on the data processed by AI. The notification should include information on how the breach affects the functioning and decision-making of AI systems.
Upon termination of the agreement or when processing is no longer necessary, the Processor will either delete or return the personal data as instructed by the Controller.
The Controller reserves the right to conduct audits and inspections of the Processor’s data protection measures, either through a third-party auditor or directly.
The Processor will be liable for damages caused by non-compliance with data protection laws. Both parties agree to indemnify each other in cases of data breaches resulting from negligence or unlawful data processing.
This agreement can be terminated by either party with 14 days’ written notice. Upon termination, the Processor must return or delete all personal data as per the Controller’s instructions.
This Agreement shall be governed by and construed in accordance with the laws of Georgia.
