Data Processing Addendum

1. Introduction

This Data Processing Addendum ("DPA") supplements the Terms of Service between you ("Customer") and Quantix Labs Inc. ("Quantix Labs," "we," "us," or "our") and governs the processing of Personal Data by Quantix Labs on behalf of Customer in connection with the Services.

This DPA is designed to meet the requirements of applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA").

2. Definitions

For the purposes of this DPA:

• "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Quantix Labs on behalf of Customer.
• "Data Subject" means the identified or identifiable natural person to whom Personal Data relates.
• "Controller" means the natural or legal person that determines the purposes and means of processing Personal Data.
• "Processor" means the natural or legal person that processes Personal Data on behalf of the Controller.
• "Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, or destruction.
• "Sub-processor" means any third party engaged by Quantix Labs to process Personal Data on behalf of Customer.

3. Roles and Responsibilities

3.1 Data Controller

Customer acts as the Data Controller for Personal Data processed through the Services. As Controller, Customer is responsible for:

• Determining the purposes and means of processing Personal Data
• Ensuring lawful basis for processing under applicable data protection laws
• Providing appropriate privacy notices to Data Subjects
• Obtaining necessary consents for processing
• Responding to Data Subject requests and exercising Data Subject rights

3.2 Data Processor

Quantix Labs acts as the Data Processor for Personal Data processed through the Services. As Processor, we will:

• Process Personal Data only for the purposes specified by Customer
• Implement appropriate technical and organizational measures
• Assist Customer in fulfilling Data Subject requests
• Notify Customer of any personal data breaches
• Delete or return Personal Data upon termination of services

4. Processing Instructions

Quantix Labs will process Personal Data only in accordance with Customer's documented instructions, which include:

• The terms and conditions of the main agreement
• This DPA and its appendices
• Additional written instructions provided by Customer that are consistent with the terms of this DPA

If Quantix Labs believes that any instruction from Customer violates applicable data protection law, we will inform Customer and may refuse to carry out the instruction.

5. Categories of Data and Data Subjects

5.1 Categories of Data Subjects

Personal Data processed may relate to the following categories of Data Subjects:

• Customer's employees, contractors, and authorized users
• Customer's clients and customers
• Individuals whose data is processed through Customer's use of the Services

5.2 Categories of Personal Data

The Personal Data processed may include:

• Contact information (names, email addresses, phone numbers)
• Professional information (job titles, company information)
• Account information (usernames, authentication data)
• Business data uploaded or created through the Services
• Usage data and analytics information

6. Security Measures

Quantix Labs implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of Personal Data in transit and at rest
• Measures to ensure ongoing confidentiality, integrity, and availability of processing systems
• Measures to restore availability and access to Personal Data in a timely manner
• Regular testing and evaluation of security measures
• Access controls and authentication mechanisms
• Staff training and confidentiality agreements

7. Sub-processors

7.1 Authorized Sub-processors

Customer provides general authorization for Quantix Labs to engage Sub-processors for processing Personal Data, subject to the conditions set forth in this DPA.

7.2 Sub-processor Requirements

Quantix Labs ensures that any Sub-processor:

• Provides sufficient guarantees to implement appropriate technical and organizational measures
• Is bound by data protection obligations equivalent to those in this DPA
• Is subject to regular monitoring and auditing

7.3 Changes to Sub-processors

Quantix Labs will inform Customer of any intended changes concerning the addition or replacement of Sub-processors with at least 30 days' notice. Customer may object to such changes on reasonable grounds.

8. Data Subject Rights

Quantix Labs will assist Customer in fulfilling Data Subject requests by:

• Providing Customer with the ability to search, export, and delete Personal Data
• Responding to Data Subject requests directed to Quantix Labs by referring them to Customer
• Providing reasonable assistance in responding to Data Subject requests
• Implementing technical measures to facilitate Data Subject rights

9. Personal Data Breaches

In the event of a Personal Data breach, Quantix Labs will:

• Notify Customer without undue delay and within 72 hours of becoming aware of the breach
• Provide detailed information about the nature of the breach
• Describe the likely consequences of the breach
• Outline measures taken or proposed to address the breach
• Assist Customer in meeting regulatory notification requirements

10. Data Protection Impact Assessments

Quantix Labs will provide reasonable assistance to Customer in conducting Data Protection Impact Assessments (DPIAs) where required under applicable data protection law, including providing information about our processing activities and security measures.

11. International Data Transfers

Personal Data may be transferred to and processed in countries outside the European Economic Area (EEA) or other applicable jurisdictions. Quantix Labs ensures that such transfers comply with applicable data protection laws through appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Other appropriate safeguards as required by law

12. Audits and Records

Quantix Labs maintains records of processing activities and implements measures to demonstrate compliance with this DPA. Customer may conduct audits of Quantix Labs' compliance with this DPA, subject to reasonable notice and confidentiality obligations.

13. Data Retention and Deletion

Upon termination of the Services, Quantix Labs will:

• Provide Customer with a reasonable opportunity to export Personal Data
• Delete all Personal Data within 90 days of termination
• Confirm deletion in writing upon Customer request
• Ensure that Sub-processors also delete Personal Data

Quantix Labs may retain Personal Data as required by applicable law or regulation.

14. Liability and Indemnification

Each party's liability under this DPA is subject to the limitation of liability provisions in the main agreement. Each party will indemnify the other against claims arising from its breach of this DPA.

15. Contact Information

For questions about this DPA or data protection matters, please contact:

16. Effective Date and Modifications

This DPA is effective as of the date set forth above and will remain in effect for the duration of the Services. Quantix Labs may modify this DPA to comply with applicable data protection law, with reasonable notice to Customer.