📄 Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of the agreement between you ("Business", "Client", or "Data Controller") and FlowQuantic ("FlowQuantic", "we", "our", or "Processor"), the legal entity behind the PetQuantic platform, governing your use of services provided via PetQuantic, including any software, platform, or tools made available by FlowQuantic (collectively, the "Services").

This DPA applies when FlowQuantic processes Personal Data on behalf of the Business in the course of providing the Services through PetQuantic.

1. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on Personal Data, whether or not by automated means.
• Data Controller: The party that determines the purposes and means of the processing of Personal Data.
• Data Processor: The party that processes Personal Data on behalf of the Controller.
• Applicable Law: All data protection and privacy laws applicable to the processing, including but not limited to the GDPR, CCPA, or similar U.S. state privacy laws.

2. Roles and Responsibilities

• The Business is the Data Controller.
• FlowQuantic is the Data Processor.
• FlowQuantic agrees to process Personal Data only on documented instructions from the Business, unless required to do so by law.

3. Purpose of Processing

FlowQuantic will process Personal Data only as necessary to provide the Services, including:

• Scheduling and managing appointments,
• Customer communications (e.g. SMS or email confirmations),
• Performance and usage analytics,
• Data storage and backup.

4. Data Security

FlowQuantic implements appropriate technical and organizational measures to ensure the security of Personal Data, including but not limited to:

• Encrypted data in transit and at rest,
• Access control and authentication protocols,
• Regular audits and vulnerability assessments.

5. Sub-processors

FlowQuantic may engage third-party sub-processors (such as hosting or SMS providers) to assist in delivering the Services. A list of current sub-processors is available upon request. FlowQuantic will:

• Ensure sub-processors are bound by data protection obligations no less protective than this DPA,
• Notify the Business of any material changes to sub-processors.

6. Data Subject Rights

FlowQuantic will assist the Business in responding to requests from data subjects regarding:

• Access,
• Rectification,
• Deletion,
• Objection to processing,
• Data portability.

7. Data Breach Notification

In the event of a confirmed data breach affecting Personal Data, FlowQuantic will notify the Business without undue delay and provide information necessary to comply with any legal obligations.

8. Data Transfers

If Personal Data is transferred across borders (e.g. from the EU to the US), FlowQuantic will implement appropriate safeguards in compliance with applicable data protection laws.

9. Return or Deletion of Data

Upon termination of the Services, FlowQuantic will, at the request of the Business:

• Return all Personal Data, or
• Permanently delete such data, unless otherwise required by law.

10. Audits and Compliance

Upon reasonable request, FlowQuantic will provide documentation demonstrating its compliance with this DPA and applicable data protection laws. FlowQuantic agrees to cooperate with supervisory authorities, if applicable.

11. Governing Law and Jurisdiction

This DPA is governed by the laws of the State of Massachusetts, without regard to conflict of laws principles. Any dispute shall be subject to the exclusive jurisdiction of the courts located in Massachusetts.

12. Contact Information

If you have questions about this DPA, please contact: