1. Categories of Data Subjects

Data Subjects of any Client Personal Data that generally can be processed in the Digital Inspector as a Service (“DIaaS”) Solution may include Client's and its affiliates' employees, contractors, business partners, or customers, and to the extent required by law any other legal entities whose personal data is processed by BrainMatter. 

BrainCreators will process Personal Data of all Data Subjects listed above in accordance with the Agreement. Given the nature of the Services, Client acknowledges that BrainCreators is not able to verify or maintain the above list of Categories of Data Subjects. Therefore, if Client will not use the DIaaS Solution with all the Data Subjects as set out above, then Client is responsible for providing complete, accurate, and up-to-date information to BrainCreators on the actual Data Subjects from within the above list that Client will process in BrainMatter via Additional Instructions to BrainCreators as set out in the BrainCreators Data Processing Addendum (DPA).

2. Personal Data

The lists as set out below are the Types of Personal Data and Special Categories of Personal Data that generally can be processed within this Digital Inspector as a Service. BrainCreators will process all Types of Personal Data and Special Categories of Personal Data listed below in accordance with the Agreement. Given the nature of the Services, Client acknowledges that BrainCreators is not able to verify or maintain the below lists of Types of Personal Data and Special Categories of Personal Data. Therefore, if Client will not use this Digital Inspector as as Service for all the Types of Personal Data and Special Categories of Personal Data as set out below, then Client is responsible for providing complete, accurate, and up-to-date information to BrainCreators on the actual Types of Personal Data and Special Categories of Personal Data from within the below list that Client will process in this Digital Inspector as a Service via Additional Instructions to BrainCreators as set out in the DPA.

2.1 Personal Data

• Basic Personal Information (such as name, address, phone number, email, etc.)

• Technically Identifiable Personal Information (such as device IDs, usage-based identifiers, static IP address, etc. - when linked to an individual)

• Employment Related Identifiable Information (any HR data such as job history, performance review information, etc.)

• Personal Location Information (such as geolocation and temporal data)

Client should not include personal data in text fields that are not intended for or do not request personal data.

2.2 Special Categories of Personal Data

• Personal Data revealing racial or ethnic origin

• Personal Data revealing religious or philosophical beliefs

• Biometric data, medical- or health data

3. Processing Activities

The processing activities with regard to Client Content (including Client Personal Data) within the DIaaS Solution include:

• Receipt of Content from Data Subjects and/or third parties

• Computer processing of Content, including data transmission, data retrieval, data access, and network

• Access to allow data transfer if required

• Technical customer support involving Content at Customer request, including monitoring, problem

• Determination, and problem resolution

• Transformation and transition of Content as necessary to deliver the DIaaS Solution(s)

• Storage and associated deletion of Content

• Backup of Content

4. Duration of processing 

BrainCreators  will remove Content (including Client Personal Data) that is stored or persisted within the DIaaS Solution(s) within 90 days after termination or expiration of the DIaaS Solution(s). Some Content  may remain in the DIaaS Solution(s) backup until the expiration of such backups 90 days after data is removed from the online service.

5. Technical and Organizational Measures

The following Technical and Organization Measures (TOMs) apply to all Content processed by BrainCreators within DIaaS Solution (including Client Personal Data):

5.1 Base Technical and Organizational Measures

BrainCreators's foundational Technical and Organizational Measures for data protection within its DIaaS Solution are as described in BrainCreators's Data Security and Privacy Principles for the Digital Inspector as a Service Solution, or as otherwise described below or within the specific the DIaaS Solutions - Additional Service Description (https://www.braincreators.com/DIaaS/AdditionalSD/AutomatedRoadInspection).

5.2 Amendment to TOMs

This Digital Inspector as a Service Solution makes the following Amendments to the foundational TOMs as described within BrainCreators Data Security and Privacy Principles for Digital Inspector as a Service Solution:

• This section is intentionally left blank

5.3 Additional TOMs

The following additional TOMs are applicable to this Digital Inspector as a Service Solution:

• This section is intentionally left blank

5.3.1 Data Protection

• This section is intentionally left blank

5.3.2 Business Continuity

• This section is intentionally left blank

5.4 Certifications

This Digital Inspector as a Service Solution provides the following industry-recognized compliance, certifications, attestations, or reports as one measure of proof of thisDigital Inspector as a Service's implementation of these Technical and Organizational Measures:

• This section is intentionally left blank, today the DIaaS Solutions are hosted within Equinix Amsterdam.

6. Return of Content

• If requested prior to termination or expiration of the Service, BrainCreators will return a copy of Client Content that is accessible to BrainCreators within a reasonable period and in a reasonable format at Client's additional expense.
• BrainCreators will maintain the right to use Content (excluding Client Personal Data) that is stored or persisted as part of Digital Inspector's skills, unless otherwise agreed with the client. 

7. BrainCreators Hosting and Processing Locations

The following BrainCreators data hosting and processing locations are utilized for this Digital Inspector as a Service Solution. Client may be able to request that BrainCreators utilize a subset of these locations.

• BrainCreators Data Hosting Locations:

  • Equinix Amsterdam

• BrainCreators Data Processing Locations:

  • Equinix Amsterdam

8. Third Party Sub-Processors

This Digital Inspector as a Service Solution involves the following third party Sub-processors in the Processing of Content, including Client Personal Data:

• Third Party Sub-Processors:

  • None

• Any changes to Sub-processors will be communicated via update of this document as published on https://www.braincreators.com/DIaaS/AdditionalSD/AutomatedRoadInspection. Additional details on each 3rd party sub-processor are available upon request.

9. Privacy Contact and Customer Notifications

• The general privacy contact for the Digital Inspector as a Service Solution is DPA.support@braincreators.com 

10. Data Privacy Officer and Other Controllers

• Client is responsible for providing complete, accurate and up-to-date information about its data privacy officer and any other Controllers (including their data privacy officer). Please see the Privacy Contact and Customer communications section for contact information.