This Data Processing Agreement (DPA) is part of the Design Machines LLC Terms and Conditions and outlines how we process personal data on your behalf while providing our software and services.

1. Definitions

• Personal Data: Information about an identifiable person (e.g., name, email, or other unique identifiers).
• Processing: Actions performed on Personal Data, such as collection, storage, or deletion.
• Data Subject: The individual whose data is processed.
• Controller: You, the party that determines how and why Personal Data is processed.
• Processor: Design Machines LLC, the party that processes data on your behalf.
• Sub-processor: Third parties engaged by Design Machines to assist in data processing.

2. Roles and Responsibilities

• Your Role: As the Controller, you are responsible for ensuring that all Personal Data you share with us is collected and processed in compliance with applicable laws.
• Our Role: As the Processor, we process Personal Data solely based on your instructions, the Terms and Conditions, and applicable data protection laws.

3. Data Processing Details

We process Personal Data for the following purposes:

• Providing software and services.
• Storing and managing your data as required.
• Complying with legal obligations when necessary.

We will notify you if we cannot comply with your instructions or if your instructions appear to conflict with data protection laws.

4. Confidentiality

We ensure that all personnel with access to your data are bound by confidentiality agreements and only access data on a need-to-know basis.

5. Security Measures

We implement industry-standard measures to protect your data, including:

• Prevention of unauthorized access.
• Data encryption where applicable.
• Regular monitoring and updates to our security practices.

6. Sub-processors

We may engage trusted Sub-processors to assist with data processing.

• Notification of New Sub-processors: We will notify you before engaging new Sub-processors, allowing you to object if necessary.
• List of Sub-processors: Available upon request.

7. Data Transfers

• Data is stored and processed within regions that meet adequacy standards for data protection.
• If data is transferred to a region without such standards, we will ensure compliance.

8. Data Subject Rights

We will assist you in responding to requests from Data Subjects (e.g., access, correction, deletion of data) as required by applicable laws. You are responsible for any associated costs.

9. Data Breach Notification

If a data breach occurs, we will:

• Notify you within 48 hours of becoming aware of the breach.
• Provide relevant details about the incident and assist in mitigating its impact.

10. Data Deletion and Return

At the end of our service, you can request that we either delete or return all Personal Data. We may retain a single copy if required by law or for legal purposes.

11. Termination

This DPA terminates when your agreement with us ends. Certain obligations, such as confidentiality and liability, may survive termination.

12. Liability

Our liability under this DPA is limited as per the Terms and Conditions.