Data Processing Agreement

Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between ClientConnect ("we", "us", "our", or the "Data Processor") and our customers ("you", "your", or the "Data Controller") for the provision of ClientConnect services (the "Services").

This DPA sets out the provisions for the processing and security of Personal Data in accordance with applicable data protection law, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data privacy laws.

Definitions

"Personal Data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

"Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

"Data Processor" means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.

Processing of Personal Data

ClientConnect shall process Personal Data only in accordance with your documented instructions, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law; in such a case, ClientConnect shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

Types of Data Processed

In order to provide the Services, ClientConnect processes the following types of Personal Data:

• Contact information (e.g., name, email address, phone number)
• Account information (e.g., username, password)
• Calendar data and appointment details
• Call records and SMS message content
• Client information provided by you
• Usage data and analytics
• Payment information (processed securely through our payment processors)

Purposes of Processing

ClientConnect processes Personal Data for the following purposes:

• Providing and maintaining the Services
• Managing user accounts and authentication
• Processing and facilitating appointments and calls
• Sending SMS notifications and reminders
• Customer support and communication
• Billing and payment processing
• Improving and optimizing the Services
• Compliance with legal obligations

Security Measures

ClientConnect implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular testing and evaluation of security measures
• Access controls and authentication requirements
• Regular backups and disaster recovery procedures
• Staff training on data protection and security
• Physical security measures for our data centers
• Vendor assessment and management

Subprocessors

ClientConnect may use third-party subprocessors to assist in providing the Services. We maintain a list of our current subprocessors on our website, which we will update at least 30 days before adding or replacing any subprocessor.

By using our Services, you provide general authorization for the engagement of subprocessors. If you object to a new subprocessor, please contact us promptly, and we will work with you to find a reasonable resolution.

Data Subject Rights

ClientConnect will assist you in responding to requests from data subjects exercising their rights under applicable data protection laws. If we receive a request directly from a data subject, we will promptly notify you.

Data Breach Notification

In the event of a personal data breach, ClientConnect will notify you without undue delay and provide information to help you fulfill any data breach reporting obligations.

Data Transfer Mechanisms

If Personal Data is transferred outside of the European Economic Area, ClientConnect ensures that appropriate safeguards are in place, such as standard contractual clauses, adequacy decisions, or other legally approved mechanisms.

Return or Deletion of Data

Upon termination of services, ClientConnect will, at your choice, delete or return all Personal Data to you and delete existing copies, unless applicable law requires storage of the Personal Data.

Audits and Compliance

ClientConnect will make available to you all information necessary to demonstrate compliance with the obligations set out in this DPA and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you.

Contact Information

If you have any questions about our data processing activities or this DPA, please contact our Data Protection Officer at:

Email: support@clientconnect.tech
Address: 1404 Beechwood Ave Nashville, TN 37212