Data Processing Addendum
This Data Processing Addendum (“DPA”) forms part of the agreement between Edutain 360 LLC (“Processor”, “Edutain 360”, “we”, “our”, or “us”) and the customer (“Controller”, “Customer”, or “you”) for the provision of services.
This DPA applies whenever Edutain 360 processes Personal Data on behalf of the Customer.
Definitions
For purposes of this DPA:
- Applicable Data Protection Law means all applicable privacy and data protection laws, including where applicable the General Data Protection Regulation (EU) 2016/679 (“GDPR”), UK GDPR, and other applicable privacy laws.
- Controller means the entity determining the purposes and means of processing Personal Data.
- Processor means the entity processing Personal Data on behalf of the Controller.
- Personal Data means any information relating to an identified or identifiable natural person.
- Processing means any operation performed on Personal Data including collection, storage, use, transmission, deletion, or disclosure.
Scope
This DPA applies whenever Edutain 360 processes Personal Data while providing:
- Custom eLearning development
- Learning Management System (LMS) services
- Learning consulting
- AI-assisted learning services
- Course hosting
- Technical support
- Content management
- Training administration
- SaaS platform services
Roles of the Parties
The Customer acts as the Controller.
Edutain 360 acts as the Processor.
Each party agrees to comply with applicable data protection laws.
Nature of Processing
Edutain 360 may process Personal Data solely for the purpose of delivering agreed services.
Processing activities may include:
- Hosting learner accounts
- Managing user enrollments
- Delivering training
- Tracking course completion
- Generating learning reports
- Technical support
- Customer communications
- Platform administration
- System maintenance
Categories of Personal Data
Depending on the services provided, Personal Data may include:
- Name
- Email address
- Job title
- Employer
- User ID
- Learning progress
- Assessment results
- Course completion history
- Login activity
- Device information
- IP address
- Support communications
Customers should avoid uploading unnecessary sensitive personal data unless explicitly agreed.
Categories of Data Subjects
Personal Data may relate to:
- Employees
- Contractors
- Customers
- Learners
- Instructors
- Administrators
- Job applicants
- Website users
Processing Instructions
Edutain 360 shall process Personal Data only:
- According to documented Customer instructions;
- As required to provide the contracted services; or
- As required by applicable law.
Confidentiality
Edutain 360 shall ensure that personnel with access to Personal Data are bound by confidentiality obligations and receive appropriate privacy and security training.
Security Measures
Edutain 360 implements reasonable technical and organizational safeguards appropriate to the risks involved, including where appropriate:
- Encryption of data in transit
- Access controls
- Authentication mechanisms
- Role-based permissions
- Secure cloud infrastructure
- Backup procedures
- Logging and monitoring
- Software updates
- Vulnerability management
Security measures may evolve over time as technology and industry practices change.
Subprocessors
Edutain 360 may engage trusted subprocessors to provide infrastructure and support services.
Examples include:
- Cloud hosting providers
- Payment processors
- Email delivery providers
- Customer support platforms
- Analytics providers
- AI service providers
- Learning technology vendors
Edutain 360 remains responsible for ensuring subprocessors are subject to appropriate contractual obligations regarding Personal Data.
A current list of subprocessors will be provided upon reasonable request.
International Transfers
Where Personal Data is transferred internationally, Edutain 360 will implement appropriate safeguards required by applicable law.
These safeguards may include:
- Standard Contractual Clauses (SCCs)
- Contractual safeguards
- Other lawful transfer mechanisms
Data Subject Requests
Where legally permitted, Edutain 360 will promptly notify the Customer of requests relating to:
- Access
- Correction
- Deletion
- Restriction
- Portability
- Objection
Edutain 360 will assist the Customer in responding to such requests where reasonably required.
Data Breach Notification
Edutain 360 shall notify the Customer without undue delay after becoming aware of a confirmed Personal Data breach affecting Customer data.
The notification shall include, where available:
- Nature of the incident
- Categories of affected data
- Likely consequences
- Mitigation measures taken
- Recommended actions
Assistance
Taking into account the nature of the processing, Edutain 360 will provide reasonable assistance to the Customer regarding:
- Security obligations
- Data Protection Impact Assessments (where applicable)
- Regulatory inquiries
- Compliance with applicable data protection laws
Data Retention
Personal Data will be retained only for as long as necessary to provide the services, comply with legal obligations, resolve disputes, and enforce contractual rights.
Upon termination of the services, Personal Data will be deleted or returned to the Customer upon request, unless retention is required by law.
Audits
Upon reasonable written request and subject to appropriate confidentiality obligations, Edutain 360 will make available information reasonably necessary to demonstrate compliance with this DPA.
Audits shall:
- Be conducted during normal business hours;
- Be limited to once per year unless required by law; and
- Not unreasonably interfere with business operations.
Liability
Each party’s liability under this DPA shall be governed by the limitation of liability provisions contained in the applicable Services Agreement or Terms & Conditions.
Governing Law
This DPA shall be governed by the governing law specified in the applicable Services Agreement.
If no governing law is specified, this DPA shall be governed by the laws of the State of Delaware, United States.
Order of Precedence
If there is a conflict between this DPA and the applicable Services Agreement concerning Personal Data processing, this DPA shall prevail solely with respect to data protection obligations.
Contact
Questions regarding this DPA may be directed to:
