Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") amends and forms part of the agreement ("Agreement") between nihito gmbh ("Company") and you ("Customer"). This DPA prevails over any conflicting term of the Agreement regarding data processing.

By registering for or using the nihito platform, the Customer agrees to the terms of this DPA.

Definitions

"Controller", "Data Subject", "Personal Data", "Personal Data Breach", "Processing", "Processor", and "Supervisory Authority" have the meanings given in Swiss data protection law (DSG) and the EU General Data Protection Regulation (GDPR).

Customer Personal Data" means any data that constitutes Personal Data, processed by nihito gmbh to provide the Services to the Customer, where the Customer is the Controller. Data Protection Law" means all applicable laws regarding privacy, data protection, and data security, including Swiss DSG and GDPR

"Sub-processor" means a processor engaged by nihito gmbh to process Customer Personal Data on its behalf.

Subject Matter, Nature, and Purpose

The subject matter and purpose of this DPA is the processing of Customer Personal Data as necessary to provide nihito's services, including hosting, computation, support, and account management Details of data categories and processing activities are set out in Appendix 1

Customer Instructions

nihito gmbh will only process Customer Personal Data as documented in this DPA, the Agreement, and Customer's instructions. If nihito gmbh is required by law to process data otherwise, it will inform Customer unless prohibited by law.

Confidentiality

All personnel authorized to process Customer Personal Data are subject to confidentiality obligations

Security Measures

nihito gmbh will implement appropriate technical and organizational measures as described in Appendix 2.

Sub-processing

nihito gmbh may engage Sub-processors listed at https://nihita.io/legal/ sub-processors, each bound by equivalent confidentiality and security obligations. Customers will be notified of any intended changes to Sub-processors at least 30 days in advance and may object on reasonable grounds relating to data protection.

Assistance

nihito gmbh will assist Customer to fulfill its legal obligations under GDPR and DSG, including support with Data Subject Rights, data protection impact assessments, breach notification, and responding to Supervisory Authorities