Vizbl
Sign in Start free
Home Product Technology Solutions 3D Services Pricing Developers Learn Events Help About
Discord ↗ Sign in ↗
Legal

Data Processing Addendum

This Data Processing Addendum (DPA) supplements the Terms of Use and any other agreement between Vizbl Systems, Inc. ('Processor') and the Customer ('Controller'). It applies to Processing of Personal Data by Vizbl on behalf of the Customer.

Effective date: October 21, 2024 Last updated: May 5, 2026 Operator: Vizbl Systems, Inc.

1. Definitions

Capitalized terms used and not defined in this DPA have the meanings given in the GDPR, the UK GDPR, the CCPA/CPRA, or the Terms of Use, as applicable. "Personal Data", "Processing", "Controller", "Processor" and "Sub-processor" have the meanings given in those laws.

2. Scope and roles

The Customer is the Controller of Personal Data submitted to the Platform. Vizbl is the Processor and Processes Personal Data only on the Customer's documented instructions, including those reflected in the Terms of Use and the Customer's configuration of the Platform.

3. Subject matter and duration

The subject matter is Vizbl's provision of the Platform; the duration is the term of the underlying agreement; the nature and purpose are providing AR/3D visualisation services; the categories of data subjects include Customer's authorized users and End Users; and the categories of Personal Data are listed in the Privacy Policy.

4. Vizbl's obligations

  • Process Personal Data only on the Controller's documented instructions, including transfers, unless required by law.
  • Ensure that personnel authorized to Process Personal Data are bound by confidentiality.
  • Implement appropriate technical and organizational measures to protect Personal Data.
  • Assist the Controller, taking into account the nature of Processing, in fulfilling its obligations to respond to data-subject requests.
  • Assist the Controller with security, breach notification, DPIAs and prior consultations.
  • Delete or return Personal Data after the end of the services, unless retention is required by law.
  • Make available all information necessary to demonstrate compliance with this DPA.

5. Sub-processors

The Customer authorizes Vizbl to engage Sub-processors. A current list is available at legal@vizbl.com on request. Vizbl will provide notice of new Sub-processors and the Customer may object on reasonable grounds within 14 days.

6. International transfers

Where Personal Data is transferred outside the EEA, UK or Switzerland to a country without an adequacy decision, the parties rely on the EU Standard Contractual Clauses, the UK Addendum or other lawful transfer mechanisms.

7. Personal Data breach

Vizbl will notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a Personal Data breach affecting Controller's data, with the information reasonably available at that time.

8. Audits

Vizbl will make available, on request, its most recent SOC 2 Type II report or equivalent third-party attestation. On reasonable advance notice, the Controller may conduct an audit limited to the matters required by Article 28(3)(h) GDPR, at the Controller's expense, no more than once per year except where required by a regulator.

9. Liability

The liability provisions of the Terms of Use or any signed Master Services Agreement apply to this DPA.

10. Term

This DPA is effective on the date the Controller accepts the Terms of Use and continues until the end of the underlying agreement.