Global Data Processing & Privacy Agreement

1. PARTIES

This Agreement is entered into between FISIOTOOL SOFTWARE LLC (Processor) and the entity contracting our services (Controller). It forms an integral part of our Master Services Agreement.

2. GDPR COMPLIANCE (EUROPEAN UNION)

For EU data protection law, Customer acts as Controller and FISIOTOOL as Processor pursuant to Article 28 GDPR.

• Processor Obligations: Process data only on instructions, ensure confidentiality, and implement technical security measures (Article 32).
• International Transfers: Transfers outside the EEA rely on Standard Contractual Clauses (SCCs) and supplementary safeguards.

3. UNITED STATES PRIVACY COMPLIANCE

Aligned with CCPA, CPRA and other state frameworks. FISIOTOOL acts as "Service Provider", processing personal information only for business purposes and not selling any data.

4. SECURITY MEASURES

Implementation of encryption in transit and at rest, access controls, audit logging, and incident response procedures.

5. CONTACT

For privacy inquiries: admin@recovery-protocol.com