JUST KINETICS DATA PROCESSING AGREEMENT (EU GDPR APPENDIX)

Data Processing Agreement (Appendix A)

This Data Processing Agreement (“DPA”) forms part of the Master Services Agreement between Just Kinetics (“Processor”) and the Customer (“Controller”).

  1. Subject Matter

This DPA governs the processing of Personal Data by the Processor on behalf of the Controller in connection with the Services.

  1. Duration

Processing shall continue for the duration of the Services unless otherwise required by law.

  1. Nature and Purpose of Processing
  • Clinical documentation
  • Rehabilitation and performance monitoring
  • Secure storage and reporting
  • System maintenance and support
  1. Categories of Data Subjects
  • Patients
  • Athletes
  • Clinicians
  • Administrative users
  1. Types of Personal Data
  • Identification data
  • Contact information
  • Health and performance data (Article 9)
  • Technical usage data
  1. Processor Obligations

Processor shall:

  • Process data only on documented instructions
  • Ensure confidentiality
  • Implement appropriate technical and organisational measures
  • Support data subject rights requests
  1. Subprocessors

Processor may engage subprocessors subject to written agreements imposing equivalent obligations.

  1. International Transfers

Transfers outside the EEA/UK shall be governed by Standard Contractual Clauses.

  1. Security Measures

Measures include:

  • Encryption at rest and in transit
  • Role-based access control
  • Audit logging
  1. Data Breach Notification

Processor shall notify the Controller without undue delay after becoming aware of a Personal Data breach.

  1. Deletion or Return of Data

Upon termination, Personal Data shall be returned or deleted unless legally required to retain