intuIA.aiintuIA.ai

Data Processing Addendum (DPA)

Effective date: 1 de octubre de 2025

This Data Processing Addendum ("Addendum", "DPA") forms an integral part of the Terms and Conditions of Use ("Master Agreement") between the CLIENT (Controller) and Integration IT S.A.S. (Processor). In case of conflict regarding personal data processing, this DPA prevails over the Master Agreement.

1. Definitions

"Data Protection Laws": all applicable laws, including Colombia’s Law 1581/2012 and the GDPR. "Personal Data": any information relating to an identified or identifiable natural person processed by the Processor on behalf of the Controller. "Personal Data Breach": a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data. "Subprocessor": a third party engaged by the Processor to carry out specific processing activities.

2. Purpose and Processing Details

  1. Roles: The Client is Controller; Integration IT S.A.S. is Processor.
  2. Purpose: Process Personal Data solely to provide the Services described in the Master Agreement and Commercial Proposal.
  3. Details: See Appendix 1.

3. Processor Obligations

  1. Instructions: Process only under the Controller’s documented and lawful instructions; notify if any instruction infringes Data Protection Laws.
  2. Confidentiality: Ensure authorized personnel are bound by strict confidentiality.
  3. Security: Implement appropriate technical and organizational measures (GDPR Art. 32). See Appendix 2.
  4. Subprocessors: General authorization. Public list at /en/legal/subprocessors (as applicable); 30‑day notice of changes; impose equivalent obligations; remain liable for subprocessors.
  5. Assistance: Help the Controller respond to data subject requests (access, rectification, erasure, etc.).
  6. Breach Notification: Without undue delay and in any case within 72 hours after becoming aware, including minimum required information.
  7. Return/Deletion: Upon termination, return or delete Personal Data at Controller’s choice; delete copies within 30 days unless legally required.
  8. Audits: Make available information to demonstrate compliance and allow reasonable audits under confidentiality.

4. Controller Obligations

Warrant a valid legal basis, proper information to data subjects, and lawful instructions to the Processor.

5. International Transfers

Transfers to countries without an adequate level of protection will rely on appropriate safeguards (e.g., EU SCCs) or equivalent mechanisms.

6. General Provisions

  • Precedence: This DPA prevails over the Master Agreement in case of conflict.
  • Liability: Subject to the limitations of the Master Agreement.
  • Governing Law and Jurisdiction: Laws of Colombia; courts of Medellín.

Appendix 1: Processing Details

  • Purpose and Duration: Provision of intuIA.ai services during the Master Agreement’s term.
  • Nature and Purpose: Collection, storage, processing and analysis to automate conversations, process information, generate responses, provide support and improve the Service.
  • Types of Data: Authorized Users (name, email, phone, role, authentication); Personal Data within Customer Content (as determined by the Controller); Technical metadata (IP, identifiers, logs).
  • Categories of Data Subjects: Controller’s employees/contractors and End Users (customers, leads, suppliers, etc.).

Appendix 2: Security Measures

  • Encryption: TLS 1.2+ in transit; AES‑256 at rest.
  • Access: Least privilege; physical/logical controls; MFA for critical systems.
  • Infrastructure: Cloud providers with certifications (ISO 27001, SOC 2); DDoS/malware protection.
  • Monitoring and Logging: Continuous monitoring; audit logs.
  • Incident Management: Documented response and notification plan.
  • Secure Development: Code reviews and periodic vulnerability scans.
  • Training: Security and privacy training for personnel with access.
Back to top
Escríbenos por WhatsAppWhatsAppintuIA.ai