Connic
Back to Legal

Data Processing Agreement

Last updated: December 8, 2025

Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Use (the "Agreement") between Connic ("Processor", "we", "us", or "our") and the customer agreeing to these terms ("Customer", "Controller", "you", or "your").

This DPA sets forth the terms and conditions under which Connic will Process Personal Data on behalf of Customer in connection with the Services. This DPA applies to the extent that Connic Processes Personal Data that is subject to applicable Data Protection Laws on behalf of Customer in the course of providing the Services.

This DPA is designed to ensure compliance with the requirements of applicable Data Protection Laws, including but not limited to the European Union General Data Protection Regulation (EU) 2016/679 ("GDPR"), the United Kingdom General Data Protection Regulation ("UK GDPR"), the Swiss Federal Act on Data Protection ("FADP"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable data protection legislation.

This DPA is incorporated into and forms part of the Terms of Use. By agreeing to the Terms of Use (including by clicking "I Agree", "Sign Up", or similar, or by using the Services), you automatically agree to this DPA. No separate signature or acceptance is required.

By using the Services to Process Personal Data, Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of its Authorized Affiliates. For the purposes of this DPA, Customer and its Authorized Affiliates are collectively referred to as "Customer."

1. Definitions

In this DPA, the following terms shall have the meanings set forth below. Capitalized terms not otherwise defined herein shall have the meanings given to them in the Agreement.

  • "Authorized Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with Customer, where "control" means the ownership of more than 50% of the voting securities or equivalent voting interests of the relevant entity.
  • "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For the purposes of this DPA, Customer is the Controller of Customer Personal Data.
  • "Customer Personal Data" means any Personal Data that is Processed by Connic on behalf of Customer in the course of providing the Services, including Personal Data contained in inputs to Customer's deployed Agents, outputs generated by such Agents, and any other data submitted by Customer or its end users through the Services.
  • "Data Protection Laws" means all applicable laws and regulations relating to the Processing of Personal Data and privacy, including but not limited to: (a) the GDPR; (b) the UK GDPR and the UK Data Protection Act 2018; (c) the Swiss FADP; (d) the CCPA/CPRA; (e) the Virginia Consumer Data Protection Act; (f) the Colorado Privacy Act; (g) the Connecticut Data Privacy Act; (h) the Brazilian General Data Protection Law (LGPD); and (i) any other applicable data protection or privacy legislation, in each case as amended, superseded, or replaced from time to time.
  • "Data Subject" means an identified or identifiable natural person to whom Personal Data relates.
  • "EEA" means the European Economic Area, which consists of the member states of the European Union plus Iceland, Liechtenstein, and Norway.
  • "Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored, or otherwise Processed by Connic.
  • "Processing" (including its cognate forms "Process" and "Processed") means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • "Processor" means a natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Controller. For the purposes of this DPA, Connic is the Processor of Customer Personal Data.
  • "Services" means the Connic platform and related services provided by Connic to Customer pursuant to the Agreement, including the hosting, deployment, and execution of Customer's AI Agents.
  • "Standard Contractual Clauses" or "SCCs" means: (a) for transfers of Personal Data from the EEA, the standard contractual clauses for the transfer of personal data to third countries pursuant to Commission Implementing Decision (EU) 2021/914; (b) for transfers from the UK, the International Data Transfer Agreement or the UK Addendum to the EU SCCs; and (c) for transfers from Switzerland, the applicable standard contractual clauses as recognized by the Swiss Federal Data Protection and Information Commissioner.
  • "Sub-processor" means any third party engaged by Connic or its affiliates to Process Customer Personal Data on behalf of Customer in connection with the Services.
  • "Supervisory Authority" means an independent public authority established by an EU Member State pursuant to Article 51 of the GDPR, the UK Information Commissioner's Office, or any other data protection authority with jurisdiction over the Processing of Personal Data under this DPA.

2. Scope and Roles of the Parties

2.1 Roles

The parties acknowledge and agree that with respect to the Processing of Customer Personal Data: (a) Customer is the Controller; (b) Connic is the Processor acting on behalf of Customer; and (c) Connic may engage Sub-processors in accordance with the requirements set forth in Section 7 of this DPA.

2.2 Customer's Responsibilities

Customer, as Controller, is responsible for:

  • Ensuring that it has a valid legal basis for the Processing of Customer Personal Data, including obtaining all necessary consents from Data Subjects where required
  • Providing all necessary notices to Data Subjects regarding the Processing of their Personal Data, including information about the use of Connic as a Processor
  • Ensuring that the Processing instructions provided to Connic comply with applicable Data Protection Laws
  • Ensuring that Customer Personal Data is accurate, complete, and up-to-date
  • Responding to Data Subject requests and exercising Data Subject rights, with Connic's assistance as set forth in this DPA
  • Implementing appropriate technical and organizational measures to protect Personal Data within its own systems and when transmitting data to Connic
  • Determining the types of Personal Data to be Processed and the categories of Data Subjects whose data will be Processed
  • Complying with all Data Protection Laws applicable to Controllers

2.3 Connic's Responsibilities

Connic, as Processor, is responsible for:

  • Processing Customer Personal Data only on documented instructions from Customer, including with respect to transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law
  • Ensuring that persons authorized to Process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality
  • Implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as described in Section 5 of this DPA
  • Engaging Sub-processors only in accordance with Section 7 of this DPA
  • Assisting Customer in responding to Data Subject requests and in ensuring compliance with Customer's obligations under applicable Data Protection Laws
  • Notifying Customer of Personal Data Breaches in accordance with Section 6 of this DPA
  • Making available to Customer all information necessary to demonstrate compliance with this DPA and allowing for and contributing to audits, including inspections, as set forth in Section 9 of this DPA
  • At Customer's choice, deleting or returning all Customer Personal Data after the end of the provision of Services, as set forth in Section 11 of this DPA

3. Details of Processing

3.1 Subject Matter of Processing

The subject matter of the Processing is the provision of the Services to Customer pursuant to the Agreement. Connic provides a platform for hosting and executing AI Agents, and in doing so may Process Customer Personal Data that is submitted to, processed by, or output by Customer's deployed Agents.

3.2 Duration of Processing

Connic will Process Customer Personal Data for the duration of the Agreement, unless otherwise agreed in writing or required by applicable law. Upon termination of the Agreement, Connic will handle Customer Personal Data in accordance with Section 11 of this DPA.

3.3 Nature and Purpose of Processing

Connic Processes Customer Personal Data for the following purposes:

  • Hosting and executing Customer's AI Agents, including processing inputs and generating outputs
  • Storing Agent configurations, deployment data, and execution logs as necessary to provide the Services
  • Providing Connectors that enable Customer's Agents to receive and send data via webhooks, WebSockets, Kafka, and other integration mechanisms
  • Maintaining and improving the Services, including troubleshooting, debugging, and performance optimization
  • Providing technical support to Customer
  • Complying with applicable legal obligations

3.4 Types of Personal Data

The types of Personal Data Processed depend on Customer's use of the Services and the nature of Customer's deployed Agents. Customer determines what Personal Data is submitted to the Services. Personal Data may include, but is not limited to:

  • Contact information (name, email address, phone number, address)
  • Account credentials and authentication data
  • Professional information (job title, employer, professional history)
  • Communication content (messages, queries, support requests)
  • User-generated content submitted to Agents
  • Technical data (IP addresses, device identifiers, usage logs)
  • Any other Personal Data that Customer chooses to submit through the Services

Special Categories of Personal Data: Customer should not submit special categories of Personal Data (as defined in Article 9 of the GDPR) to the Services unless Customer has ensured that appropriate safeguards are in place and has a valid legal basis for such Processing. If Customer does submit special categories of Personal Data, Customer is solely responsible for ensuring compliance with applicable Data Protection Laws regarding such data.

3.5 Categories of Data Subjects

The categories of Data Subjects whose Personal Data may be Processed depend on Customer's use of the Services. Data Subjects may include:

  • Customer's employees, contractors, and representatives
  • Customer's end users who interact with Customer's deployed Agents
  • Customer's customers and prospective customers
  • Customer's business contacts and partners
  • Any other individuals whose Personal Data is submitted to the Services by Customer

4. Customer Instructions

4.1 Processing Instructions

Connic will Process Customer Personal Data only in accordance with Customer's documented instructions. Customer's instructions are documented in: (a) this DPA; (b) the Agreement; (c) Customer's use and configuration of the Services; and (d) any other written instructions provided by Customer and acknowledged by Connic.

Customer instructs Connic to Process Customer Personal Data to the extent necessary to provide the Services in accordance with the Agreement. This includes Processing necessary to: host and execute Customer's Agents; store and retrieve data as directed by Customer's configurations; transmit data through Connectors as configured by Customer; provide technical support; and maintain and secure the Services.

4.2 Additional Instructions

Customer may provide additional instructions regarding the Processing of Customer Personal Data, provided that such instructions are consistent with the Agreement and this DPA. If Connic determines that additional instructions require changes to the Services or additional resources, the parties will negotiate in good faith regarding any necessary amendments to the Agreement and any associated fees.

4.3 Unlawful Instructions

If Connic believes that an instruction from Customer infringes applicable Data Protection Laws or other applicable laws, Connic will promptly inform Customer. Connic will not be required to comply with instructions that Connic reasonably believes would violate applicable law. If Connic is required by applicable law to Process Customer Personal Data other than as instructed by Customer, Connic will inform Customer of such legal requirement before Processing, unless prohibited by law from doing so.

5. Security Measures

5.1 Security Obligations

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Connic will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including as appropriate:

  • The pseudonymization and encryption of Personal Data
  • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing systems and services
  • The ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident
  • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing

5.2 Specific Security Measures

Connic maintains a comprehensive security program that includes the following measures:

  • Encryption: Encryption of Customer Personal Data in transit using TLS 1.2 or higher, and encryption at rest using AES-256 or equivalent encryption standards
  • Access Controls: Role-based access controls, including least-privilege principles, to limit access to Customer Personal Data to authorized personnel only
  • Authentication: Strong authentication mechanisms for access to systems containing Customer Personal Data, including support for multi-factor authentication
  • Network Security: Firewalls, intrusion detection systems, and network segmentation to protect against unauthorized access
  • Monitoring and Logging: Continuous monitoring of systems and logging of access to Customer Personal Data for security and audit purposes
  • Vulnerability Management: Regular vulnerability assessments, penetration testing, and timely patching of identified vulnerabilities
  • Employee Security: Background checks for employees with access to Customer Personal Data, security awareness training, and confidentiality agreements
  • Physical Security: Physical access controls at data center facilities, including surveillance, access logging, and environmental controls
  • Incident Response: Documented incident response procedures for detecting, responding to, and recovering from security incidents
  • Business Continuity: Business continuity and disaster recovery plans to ensure availability and resilience of the Services

A detailed description of Connic's security measures is available at connic.co/legal/security.

5.3 Updates to Security Measures

Connic may update its security measures from time to time, provided that such updates do not materially decrease the overall security of the Services. Connic will inform Customer of any material changes to its security measures that may affect Customer Personal Data.

5.4 Customer's Security Responsibilities

Customer is responsible for implementing appropriate security measures within its own environment, including: securing Customer's account credentials and API keys; configuring appropriate access controls for its users; implementing security measures in Customer's Agent code and Tools; securing data in transit between Customer's systems and the Services; and evaluating whether the security measures provided by Connic are appropriate for Customer's Processing activities.

6. Personal Data Breach Notification

6.1 Breach Notification

Connic will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data. Taking into account the nature of the Processing and the information available to Connic, Connic will use reasonable efforts to provide notification within seventy-two (72) hours of becoming aware of the breach.

6.2 Breach Notification Content

To the extent known, Connic's notification will include:

  • A description of the nature of the Personal Data Breach, including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned
  • The name and contact details of Connic's data protection officer or other contact where more information can be obtained
  • A description of the likely consequences of the Personal Data Breach
  • A description of the measures taken or proposed to be taken by Connic to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects

Where, and in so far as, it is not possible to provide all information at the same time, information may be provided in phases without further undue delay.

6.3 Connic's Assistance

Connic will cooperate with Customer and take reasonable commercial steps to assist in the investigation, mitigation, and remediation of each Personal Data Breach. Connic will also assist Customer in meeting Customer's obligations under applicable Data Protection Laws with respect to notification of Personal Data Breaches to Supervisory Authorities and Data Subjects.

6.4 No Acknowledgment of Fault

Connic's notification of or response to a Personal Data Breach under this Section 6 shall not be construed as an acknowledgment by Connic of any fault or liability with respect to the Personal Data Breach.

7. Sub-processors

7.1 Authorization to Use Sub-processors

Customer provides general authorization for Connic to engage Sub-processors to Process Customer Personal Data in connection with the Services. The current list of Sub-processors authorized by Customer is available at connic.co/legal/sub-processors.

7.2 Sub-processor Agreements

Connic will ensure that each Sub-processor is bound by a written agreement that imposes data protection obligations no less protective than those imposed on Connic under this DPA. Connic will remain fully liable to Customer for the performance of its Sub-processors' obligations under such agreements.

7.3 Changes to Sub-processors

Connic will provide Customer with prior notice of any intended changes concerning the addition or replacement of Sub-processors, including the name of the Sub-processor and the Processing activities to be performed. Connic will provide such notice at least thirty (30) days before engaging a new Sub-processor, giving Customer the opportunity to object to the engagement.

Notification of new Sub-processors will be provided by: (a) updating the Sub-processor list at connic.co/legal/sub-processors; and (b) sending an email notification to the email address associated with Customer's account. Customer may subscribe to receive notifications of Sub-processor changes.

7.4 Objection to Sub-processors

Customer may object to Connic's use of a new Sub-processor by notifying Connic in writing within thirty (30) days of receiving notice of the new Sub-processor, provided that such objection is based on reasonable grounds relating to data protection. If Customer objects, the parties will discuss Customer's concerns in good faith with a view to achieving a commercially reasonable resolution.

If the parties are unable to reach a resolution, Customer may, as its sole remedy, terminate the affected Services by providing written notice to Connic. Connic will refund Customer any prepaid fees for the terminated Services covering the period after the effective date of termination.

7.5 Liability for Sub-processors

Connic will be liable for the acts and omissions of its Sub-processors to the same extent Connic would be liable if performing the Services directly under this DPA, subject to the limitations of liability set forth in the Agreement.

8. Data Subject Rights

8.1 Data Subject Requests

Taking into account the nature of the Processing, Connic will assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer's obligation to respond to requests by Data Subjects exercising their rights under applicable Data Protection Laws, including but not limited to the right of access, rectification, erasure, restriction, data portability, and objection.

8.2 Response to Data Subject Requests

If Connic receives a request from a Data Subject in relation to Customer Personal Data, Connic will:

  • Promptly notify Customer of the request, unless prohibited by law from doing so
  • Not respond directly to the Data Subject, except to acknowledge receipt and redirect the Data Subject to Customer, unless otherwise instructed by Customer or required by law
  • Provide Customer with reasonable cooperation and assistance in responding to such requests, taking into account the nature of the Processing

8.3 Customer's Self-Service Capabilities

Connic provides Customer with self-service capabilities through the Services that enable Customer to access, export, correct, and delete Customer Personal Data. Customer agrees to use such self-service capabilities to fulfill Data Subject requests to the extent practicable before requesting assistance from Connic.

8.4 Costs of Assistance

Connic will provide reasonable assistance with Data Subject requests at no additional charge. However, if Customer's requests require assistance that is disproportionate or excessive, Connic may charge a reasonable fee based on Connic's administrative costs. Connic will inform Customer of any such charges in advance.

9. Audits and Compliance Verification

9.1 Audit Rights

Connic will make available to Customer all information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer, subject to the terms of this Section 9.

9.2 Audit Procedures

Customer's audit rights will be exercised as follows:

  • Documentation Review: Customer may request copies of Connic's relevant policies, procedures, certifications, and audit reports (such as SOC 2 reports) to verify Connic's compliance with this DPA. Connic will provide such documentation within a reasonable timeframe, subject to appropriate confidentiality protections.
  • Security Questionnaires: Customer may submit reasonable security questionnaires to Connic, which Connic will complete within a reasonable timeframe (typically thirty (30) days).
  • Third-Party Audits: Upon Customer's request, Connic will provide copies of relevant third-party audit reports, certifications, and assessments, subject to any confidentiality restrictions.
  • On-Site Audits: If the above measures are insufficient to verify compliance, and to the extent required by applicable Data Protection Laws, Customer may conduct or commission an on-site audit of Connic's facilities and operations, subject to the following conditions: (a) Customer provides at least sixty (60) days' prior written notice; (b) the audit is conducted during normal business hours and does not unreasonably disrupt Connic's operations; (c) Customer's auditors agree to appropriate confidentiality obligations; and (d) Customer bears the costs of the audit.

9.3 Confidentiality of Audit Results

Any information obtained through audits under this Section 9 shall be treated as Confidential Information of Connic. Customer agrees not to disclose audit results to third parties without Connic's prior written consent, except as required by applicable law or a Supervisory Authority.

9.4 Regulatory Audits

Connic will cooperate with any audit or investigation by a Supervisory Authority or other regulatory body to the extent such audit or investigation relates to Customer Personal Data.

10. International Data Transfers

10.1 Data Location

Connic offers multi-region data storage options. Customer may select the geographic region(s) in which Customer Personal Data will be stored and processed, subject to the options available under Customer's Subscription tier. The available regions and Customer's selected region(s) are specified in Customer's account settings.

Regardless of Customer's selected region, certain Processing may occur in other locations where Connic or its Sub-processors maintain facilities, as necessary to provide the Services (such as for technical support or infrastructure maintenance).

10.2 Transfer Mechanisms

To the extent that Connic Processes Customer Personal Data originating from the EEA, UK, or Switzerland in a country that has not been recognized as providing an adequate level of data protection, Connic will ensure that appropriate safeguards are in place to protect such data. These safeguards include:

  • Standard Contractual Clauses: Connic offers to enter into the Standard Contractual Clauses with Customer for transfers of Customer Personal Data to third countries. By entering into this DPA, Customer is deemed to have entered into the applicable Standard Contractual Clauses with Connic, which are incorporated by reference.
  • UK Addendum: For transfers from the UK, the UK Addendum to the EU SCCs or the UK International Data Transfer Agreement shall apply, as appropriate.
  • Swiss Addendum: For transfers from Switzerland, the Standard Contractual Clauses shall be interpreted in accordance with the guidance of the Swiss Federal Data Protection and Information Commissioner.

10.3 Standard Contractual Clauses Details

Where the Standard Contractual Clauses apply, they shall be deemed completed as follows:

  • Module Two (Controller to Processor) shall apply where Customer is a Controller and Connic is a Processor
  • For Clause 7, the optional docking clause shall apply
  • For Clause 9, Option 2 (general written authorization) shall apply, and the time period for prior notice of Sub-processor changes shall be thirty (30) days
  • For Clause 11, the optional language shall not apply
  • For Clause 17, Option 1 shall apply, and the Member State shall be Ireland
  • For Clause 18(b), disputes shall be resolved by the courts of Ireland
  • Annex I.A (List of Parties): The data exporter is Customer; the data importer is Connic
  • Annex I.B (Description of Transfer): As described in Section 3 of this DPA
  • Annex I.C (Competent Supervisory Authority): The Irish Data Protection Commission, or the Supervisory Authority of Customer's establishment in the EEA
  • Annex II (Technical and Organizational Measures): As described in Section 5 of this DPA and at connic.co/legal/security

10.4 Transfer Impact Assessments

Connic will conduct transfer impact assessments as required by applicable Data Protection Laws and guidance from Supervisory Authorities. Upon Customer's request, Connic will provide relevant information to assist Customer in conducting its own transfer impact assessments.

10.5 Alternative Transfer Mechanisms

If an alternative data transfer mechanism becomes available under applicable Data Protection Laws that would permit the lawful transfer of Customer Personal Data, the parties may agree to use such alternative mechanism in place of or in addition to the Standard Contractual Clauses.

11. Term, Termination, and Data Return/Deletion

11.1 Term

This DPA shall remain in effect for as long as Connic Processes Customer Personal Data on behalf of Customer. The DPA shall automatically terminate when the Agreement terminates or expires, subject to Section 11.3 below.

11.2 Effect of Termination

Upon termination or expiration of the Agreement, Connic will cease Processing Customer Personal Data, except as required by applicable law or as necessary to complete any ongoing Processing at the time of termination.

11.3 Data Return and Deletion

Upon termination or expiration of the Agreement, at Customer's choice (to be communicated in writing within thirty (30) days of termination), Connic will:

  • Return: Return all Customer Personal Data to Customer in a commonly used, machine-readable format; or
  • Delete: Delete all Customer Personal Data and certify in writing that it has done so.

If Customer does not provide instructions within thirty (30) days of termination, Connic will delete Customer Personal Data. Deletion will be completed within ninety (90) days of termination, except that Connic may retain Customer Personal Data to the extent required by applicable law, in which case Connic will isolate and protect such data and limit any further Processing to that required by law.

11.4 Data Export During Term

During the term of the Agreement, Customer may export Customer Personal Data from the Services at any time using the export functionality provided by the Services or through the API.

12. Liability

12.1 Limitation of Liability

Each party's liability arising out of or related to this DPA (including the Standard Contractual Clauses, where applicable) shall be subject to the limitations and exclusions of liability set forth in the Agreement, to the extent permitted by applicable law.

12.2 Indemnification

Each party shall indemnify and hold harmless the other party from and against any and all claims, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from the indemnifying party's breach of its obligations under this DPA or applicable Data Protection Laws, to the extent that such breach results in a claim against the indemnified party.

13. Assistance with Compliance

13.1 Data Protection Impact Assessments

Taking into account the nature of the Processing and the information available to Connic, Connic will provide reasonable assistance to Customer in conducting data protection impact assessments ("DPIAs") where required by applicable Data Protection Laws. Such assistance may include providing information about the Processing, security measures, and Sub-processors.

13.2 Prior Consultation

Connic will assist Customer in consulting with Supervisory Authorities prior to Processing where required by applicable Data Protection Laws, to the extent that such consultation relates to Processing performed by Connic under this DPA.

13.3 Regulatory Cooperation

Connic will cooperate with Customer and any Supervisory Authority in the performance of its tasks, including responding to inquiries regarding the Processing of Customer Personal Data.

14. General Provisions

14.1 Precedence

In the event of any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of such conflict with respect to the Processing of Customer Personal Data. In the event of any conflict between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

14.2 Amendments

Connic may update this DPA from time to time to reflect changes in Data Protection Laws, regulatory guidance, or Connic's Processing practices. Material changes will be communicated to Customer in advance. Customer's continued use of the Services after such changes take effect constitutes acceptance of the updated DPA.

14.3 Severability

If any provision of this DPA is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The parties shall negotiate in good faith to replace any invalid or unenforceable provision with a valid provision that achieves the original intent of the parties.

14.4 Governing Law

This DPA shall be governed by and construed in accordance with the governing law specified in the Agreement, except to the extent that applicable Data Protection Laws require application of a different law. The Standard Contractual Clauses shall be governed by the law specified therein.

14.5 Entire Agreement

This DPA, together with the Agreement and any documents incorporated by reference, constitutes the entire agreement between the parties regarding the Processing of Customer Personal Data and supersedes all prior or contemporaneous agreements, representations, and understandings regarding such Processing.

15. Contact Information

For questions or concerns regarding this DPA or Connic's Processing of Customer Personal Data, please contact:

Connic

Email (Data Protection): privacy@connic.co

Email (Data Protection Officer): dpo@connic.co

Related Documents

By using the Connic platform to Process Personal Data, Customer acknowledges that it has read, understood, and agrees to be bound by this Data Processing Agreement.