Data Processing Terms.
Effective 15 June 2026
These Data Processing Terms ("DPA") form part of the Terms of Service or other agreement governing the use of the Services (the "Agreement") between the customer ("Customer") and Taso AI ("Provider").
To the extent that Provider processes Personal Data on behalf of Customer in connection with the Services, the following terms apply.
1. Roles of the Parties
For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (EU) 2016/679 ("GDPR"):
- Customer acts as the Controller, and
- Provider acts as the Processor.
Customer is responsible for ensuring that it has a lawful basis for processing Personal Data and for providing required notices to Data Subjects.
2. Processing of Personal Data
Provider shall process Personal Data only:
- to provide the Services in accordance with the Agreement, and
- in accordance with Customer's documented instructions, unless required otherwise by applicable law.
The categories of personal data and data subjects depend on Customer's use of the Services and may include account and contact details of Customer's users (such as name and email address), user authentication and usage data, system logs, and personal data relating to Customer's customers or end users submitted to the Service for analytics and asset management purposes.
3. Confidentiality
Provider shall ensure that persons authorised to process Personal Data are subject to appropriate confidentiality obligations.
4. Security
Provider shall implement appropriate technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
5. Sub-processors
Customer provides a general authorisation for Provider to engage sub-processors in connection with the provision of the Services.
Provider shall ensure that any sub-processor is bound by data protection obligations that are no less protective than those set out in these Data Processing Terms.
Provider shall remain responsible for the performance of its sub-processors.
Provider will make available information about its current sub-processors upon reasonable request.
6. International Transfers
Provider may transfer Personal Data outside the European Economic Area only where appropriate safeguards are in place in accordance with applicable data protection laws, such as an adequacy decision or the European Commission's Standard Contractual Clauses.
7. Assistance
Taking into account the nature of the processing, Provider shall provide reasonable assistance to Customer in responding to data subject requests and in complying with applicable data protection obligations.
8. Personal Data Breach
Provider shall notify Customer without undue delay after becoming aware of a Personal Data breach affecting Personal Data processed on behalf of Customer.
9. Deletion of Data
Upon termination or expiry of the Agreement, Provider shall delete or return Personal Data processed on behalf of Customer, unless retention is required by applicable law.
10. Compliance and Information
Provider shall make available information reasonably necessary to demonstrate compliance with these Data Processing Terms upon reasonable request.
11. Liability
Each party's liability arising out of or related to these Data Processing Terms shall be subject to the limitations of liability set out in the Agreement, unless otherwise required by applicable data protection law.
12. Order of Precedence
In the event of a conflict between these Data Processing Terms and the Agreement, these Data Processing Terms shall prevail with respect to the processing of Personal Data.
13. Contact
Questions regarding the processing of Personal Data under the Services may be directed to:
Taso AI
Email: sales@tasoasset.com
