Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between Terravo and the Customer for the provision of Terravo's services. This DPA reflects the parties' agreement with respect to the processing of personal data.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person that is processed by Terravo on behalf of the Customer in connection with the services.

"Data Protection Laws" means all applicable laws relating to data protection and privacy, including GDPR and any national implementing laws.

3. Data Processing

Terravo will process personal data only on documented instructions from the Customer, including with regard to transfers of personal data to a third country, unless required to do so by applicable law.

4. Security Measures

Terravo implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Measures to ensure ongoing confidentiality, integrity, and availability
• Regular testing and evaluation of security measures
• Employee training on data protection

5. Sub-processors

The Customer authorizes Terravo to engage sub-processors for processing personal data. Terravo will maintain an up-to-date list of sub-processors and notify the Customer of any changes.

6. Data Subject Rights

Terravo will assist the Customer in responding to requests from data subjects exercising their rights under Data Protection Laws, including rights of access, rectification, erasure, and portability.

7. Data Breach Notification

Terravo will notify the Customer without undue delay after becoming aware of a personal data breach and will provide information to help the Customer meet its breach notification obligations.

8. Contact

For questions about this DPA or to request a signed copy, please contact legal@terravo.io