Data Processing Agreement

DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement ("DPA") is entered into by and between:

(1) Kliniq LLC, a Florida limited liability company, with a business address at 650 NE 32ND STREET UNIT 2206, MIAMI, FL 33137 ("Processor" or "Kliniq"); and

(2) The Client identified in the applicable Services Agreement, Terms of Service, or Order Form ("Controller" or "Client").

This DPA supplements and forms part of the Kliniq Terms of Service, Acceptable Use Policy (AUP), Service Level Acknowledgement (SLA), and Privacy Policy (collectively, the "Master Agreements"). In case of conflict, the more protective provision for Kliniq shall govern.

1. DEFINITIONS

"Personal Data"

means any information relating to an identified or identifiable natural person as defined under GDPR, HIPAA, or other applicable law.

"Processing"

means any operation performed on Personal Data, whether automated or not, including but not limited to collection, storage, use, disclosure, transfer, or deletion.

"Controller"

means the entity that determines the purposes and means of Processing Personal Data.

"Processor"

means the entity that Processes Personal Data on behalf of the Controller.

"Subprocessor"

means any third party engaged by Kliniq to assist in providing Services.

"Applicable Laws"

means GDPR, HIPAA, CCPA, and all other privacy or data protection laws that may apply.

2. SUBJECT MATTER & SCOPE

2.1 Kliniq shall only process Personal Data on documented instructions from Client, unless required to do so by law.
2.2 The Client instructs Kliniq to process Personal Data as necessary to provide the Services defined in the Master Agreements.
2.3 Kliniq does not determine the purposes of Processing and disclaims any responsibility for the legal basis of data collection by Client.

3. CLIENT OBLIGATIONS

3.1 Client is solely responsible for ensuring lawful collection and disclosure of Personal Data. Client warrants that it has obtained all necessary consents and rights.
3.2 Client shall not provide unlawful, excessive, or irrelevant data. Client agrees to indemnify Kliniq against claims arising from unlawful data submission.
3.3 Client remains fully responsible for responding to data subject rights requests under GDPR or HIPAA.

4. PROCESSOR OBLIGATIONS

4.1

Confidentiality

Kliniq shall ensure persons authorized to process Personal Data are under confidentiality obligations.

4.2

Security

Kliniq shall implement commercially reasonable technical and organizational measures to protect Personal Data, without guarantee of error-free or breach-proof security.

4.3

Subprocessors

Client authorizes Kliniq to engage Subprocessors at its sole discretion. A current list may be provided upon request. Kliniq is not liable for failures of Subprocessors.

4.4

International Transfers

Personal Data may be transferred globally, including outside the EU/EEA or the U.S. state of origin, subject to standard safeguards as Kliniq deems appropriate.

5. DATA SUBJECT RIGHTS

5.1 Where GDPR applies, Kliniq shall provide reasonable assistance, at Client's cost, for responding to data subject requests.
5.2 Kliniq may redirect data subject requests to Client. Client agrees it is responsible for fulfilling such requests.

6. HIPAA COMPLIANCE

6.1 If Client qualifies as a Covered Entity, and Services involve Protected Health Information (PHI), Kliniq shall execute a separate Business Associate Agreement (BAA).
6.2 Absent a duly executed BAA, Kliniq disclaims HIPAA liability in full.

7. DATA BREACH

7.1 Kliniq shall notify Client without undue delay upon becoming aware of a Personal Data Breach.
7.2 Notification shall include, where feasible, a description of breach, categories of data, and remedial actions. No specific response timeline is guaranteed.
7.3 Kliniq shall not be liable for indirect or consequential damages arising from a Personal Data Breach.

8. AUDITS & INFORMATION

8.1 Upon request, Kliniq shall provide summary information demonstrating compliance with this DPA.
8.2 Client agrees any audits are limited to review of documentation and may not extend to intrusive inspection of systems. Kliniq may charge reasonable fees.

9. TERM & TERMINATION

9.1 This DPA remains effective for the duration of Services provided under the Master Agreements.
9.2 Upon termination, Kliniq may delete or return Personal Data, at its sole discretion, unless retention is required by law.

10. LIABILITY & INDEMNITY

10.1 Kliniq's liability under this DPA is strictly limited to direct damages proven to result from gross negligence or willful misconduct by Kliniq.
10.2 In all cases, Kliniq's aggregate liability is capped at the lesser of: (a) USD $100, or (b) total fees paid by Client in the 30 days preceding the event.
10.3 Kliniq shall not be liable for indirect, incidental, consequential, punitive, or exemplary damages.
10.4 Client shall indemnify, defend, and hold harmless Kliniq from any claims, damages, or losses arising from Client's instructions, data, or failures to comply with law.

11. GOVERNING LAW & DISPUTES

11.1 This DPA is governed by the laws of Florida, USA.

11.2 Any disputes shall be resolved exclusively by binding arbitration in Miami, Florida, under AAA rules. Class actions and jury trials are waived.

12. RELATIONSHIP WITH MASTER AGREEMENTS

12.1 This DPA supplements the Kliniq Terms of Service, AUP, SLA, and Privacy Policy.
12.2 In case of conflict, the more protective provision for Kliniq prevails.
12.3 This DPA does not modify Kliniq's disclaimers, liability caps, or exclusions set forth in the Master Agreements, all of which remain in full force.

Authorized By

Pretish Patel

Founder & CEO

Kliniq LLC

Questions About Data Processing?

If you have any questions about this Data Processing Agreement or our data processing practices, please contact us. We're here to help ensure proper data handling and compliance.

sales@kliniq.tech Contact Support