Emerald Solutions Data Processing Agreement (DPA)

Effective Date: 1 January 2025

This Data Processing Agreement ("DPA") forms part of the Emerald Solutions End User License & User Agreement ("Agreement") between the customer ("Customer," "you," or "your") and Emerald Solutions LLC ("Emerald Solutions," "we," "us," or "our") and applies to the extent Emerald Solutions processes personal data on your behalf in providing the platform and related services.

1. Definitions
   1. Personal Data: Any information relating to an identified or identifiable natural person processed by Emerald Solutions on behalf of the Customer.
   2. Processing: Any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
   3. Data Controller: The entity that determines the purposes and means of processing Personal Data (you, the Customer).
   4. Data Processor: The entity that processes Personal Data on behalf of the Data Controller (Emerald Solutions).
2. Scope and Purpose. Emerald Solutions processes Personal Data only as necessary to provide and improve the platform and related services, in accordance with your documented instructions, the Agreement, and applicable data protection laws (including GDPR, CCPA, and others as applicable).
3. Customer Responsibilities
   1. Ensure you have the right to provide Personal Data to Emerald Solutions for processing.
   2. Provide instructions to Emerald Solutions regarding the processing of Personal Data.
4. Emerald Solutions Obligations
   1. Processing Only on Instructions: Process Personal Data only on documented instructions from the Customer, unless required by law.
   2. Confidentiality: Ensure persons authorized to process Personal Data are bound by confidentiality obligations.
   3. Security: Implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, or disclosure.
   4. Subprocessors: May engage subprocessors to assist in providing services. A list of current subprocessors is available upon request. Emerald Solutions will ensure subprocessors are bound by data protection obligations equivalent to those in this DPA. You will be notified of any changes to subprocessors and may object on reasonable grounds.
   5. Assistance: Assist the Customer in responding to data subject requests and complying with obligations under applicable data protection laws.
   6. Data Breach Notification: Notify the Customer without undue delay after becoming aware of a Personal Data breach, and provide information as required by applicable law.
   7. Data Deletion or Return: Upon termination of the Agreement, delete or return Personal Data to the Customer, except as required by law.
5. International Data Transfers. Emerald Solutions may transfer Personal Data outside your jurisdiction, including to the United States, in compliance with applicable data protection laws. Where required, such transfers will be subject to appropriate safeguards, such as Standard Contractual Clauses.
6. Audit Rights. Upon reasonable notice, and subject to confidentiality, you may audit Emerald Solutions' compliance with this DPA up to once per year or as required by law.
7. Liability. Emerald Solutions' liability for breach of this DPA is subject to the limitations of liability set forth in the main Agreement.
8. Term. This DPA remains in effect for as long as Emerald Solutions processes Personal Data on your behalf under the Agreement.
9. Contact. For questions about this DPA or data processing practices, contact mike@emeraldresults.com.