Infopilot Logo 60 2

Data Processing Agreement (DPA)

Last Updated: 22.01.2025

This Data Processing Agreement (DPA) is entered into between:

  • Reload People Ltd., a company registered in England and Wales under company number [Insert Company Number], with its registered office at 20-22 Wenlock Road, London, N1 7GU, United Kingdom (“Processor” or “InfoPilot.ai”);
  • The Customer (“Controller”), which is any business or professional using InfoPilot.ai for its operations.

This DPA is incorporated into and supplements the Terms and Conditions available at https://infopilot.ai/terms-and-conditions/.

1. Purpose and Scope

1.1 The Controller engages InfoPilot.ai to process personal data on its behalf in connection with the services provided by InfoPilot.ai.
1.2 This DPA defines the responsibilities of both parties in relation to data protection, ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1.3 The processing activities covered under this DPA include, but are not limited to:

  • AI-based response automation and analytics.
  • Automated customer support via chatbot interactions;
  • Data collection from customer interactions;
  • Integration with third-party communication platforms (e.g., WhatsApp, Messenger, Telegram, Zendesk);

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, including collection, recording, structuring, storage, retrieval, and deletion.
  • Data Controller: The entity that determines the purposes and means of processing personal data (the Customer).
  • Data Processor: The entity that processes personal data on behalf of the Controller (InfoPilot.ai).
  • Data Subject: Any natural person whose personal data is processed.
  • Sub-Processor: Any third party engaged by the Processor to assist in processing personal data.

3. Obligations of the Processor (InfoPilot.ai)

InfoPilot.ai, as a Data Processor, agrees to:
3.1 Process personal data only under the documented instructions of the Controller.
3.2 Ensure that all personnel handling personal data are bound by confidentiality agreements.
3.3 Implement appropriate technical and organizational measures to ensure the security and integrity of the data.
3.4 Not use personal data for its own purposes or disclose it to unauthorized third parties.
3.5 Assist the Controller in complying with data subject rights (e.g., access, rectification, erasure).
3.6 Notify the Controller without undue delay in case of a personal data breach.

4. Obligations of the Controller (Customer)

The Controller agrees to:
4.1 Ensure that the processing of personal data complies with applicable laws and that InfoPilot.ai is lawfully engaged as a processor.
4.2 Provide clear and documented instructions regarding data processing activities.
4.3 Ensure that any personal data provided to InfoPilot.ai has been lawfully collected and that data subjects have been informed about the processing.
4.4 Implement appropriate measures to secure personal data before sharing it with InfoPilot.ai.

5. Security Measures

5.1 InfoPilot.ai implements and maintains appropriate security measures, including:

  • Data Encryption: Encrypting data in transit and at rest where applicable.
  • Access Control: Restricting access to personal data to authorized personnel only.
  • Data Minimization: Limiting data collection to what is strictly necessary for service delivery.
  • Incident Management: A formal process to detect, report, and respond to security incidents.

5.2 Controller’s Responsibility: The Controller is responsible for ensuring that it secures its own systems and access credentials to the InfoPilot.ai platform.

6. Sub-Processing

6.1 The Controller authorizes InfoPilot.ai to engage sub-processors for the provision of services, provided that:

  • InfoPilot.ai ensures that all sub-processors comply with the same data protection obligations outlined in this agreement.
  • A list of current sub-processors is maintained and available upon request.
  • The Controller is notified in advance of any changes to the list of sub-processors.

6.2 Approved Sub-Processors
InfoPilot.ai currently engages the following sub-processors:

  • Google Analytics (Website analytics)
  • Stripe (Payment processing)
  • Amazon Web Services (AWS) (Cloud hosting)
  • Google Dialogflow (Chatbot AI processing)
  • OpenAI (AI-generated responses)

7. International Data Transfers

7.1 Location of Processing: InfoPilot.ai processes personal data in the United Kingdom and the European Economic Area (EEA).
7.2 Transfers Outside the UK/EEA: If personal data is transferred outside these jurisdictions, InfoPilot.ai ensures adequate protection by:

  • Relying on recognized adequacy decisions for third countries.
  • Implementing Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO).

8. Data Subject Rights Assistance

8.1 InfoPilot.ai shall assist the Controller in responding to data subject requests under UK GDPR, including:

  • Right of Access, Rectification, and Erasure.
  • Right to Data Portability.
  • Right to Restrict Processing or Object to Processing.

8.2 Requests must be directed to privacy@reloadzx.com, and InfoPilot.ai will provide assistance within 30 days.

9. Data Breach Notification

9.1 InfoPilot.ai shall notify the Controller without undue delay in case of a personal data breach affecting customer data.
9.2 The notification will include:

  • The nature of the breach.
  • Categories and volume of affected data.
  • Potential consequences and mitigation measures.
  • Actions taken to address the issue.

10. Termination and Deletion of Data

10.1 Upon termination of the contract, InfoPilot.ai shall:

  • Delete or anonymize all personal data unless required by law to retain it.
  • Provide confirmation of deletion upon request.

10.2 If the Controller requests the return of data before deletion, InfoPilot.ai will provide it in a structured, commonly used format.

11. Governing Law and Jurisdiction

11.1 This DPA is governed by the laws of England and Wales.
11.2 Any disputes arising from this DPA shall be resolved in the courts of London, United Kingdom.

12. Contact Information

For any inquiries related to this DPA, you can contact:

📧 Email: privacy@reloadzx.com
📍 Address: Reload People Ltd., 20-22 Wenlock Road, London, N1 7GU, United Kingdom