1. Definitions and Interpretation
1.1. Key Terms
- “GDPR” means Regulation (EU) 2016/679 (the “General Data Protection Regulation”) as in force from 25 May 2018.
- “Controller” means you, the party determining the purposes and means of processing personal data.
- “Processor” means AI GDPR Compliance Analyzer, acting on Controller’s behalf.
- “Personal Data” means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).
- “DPA” means the Data Processing Addendum incorporated by reference into these Terms.
2. Acceptance of Terms
By accessing or using the Service, you agree to these Terms and the DPA. If you do not agree, do not use the Service.
3. Service Description and License
3.1. Service
The Service analyzes your supplied data for GDPR compliance using OpenAI’s API.
3.2. License Grant
Subject to these Terms and the OpenAI Service Terms, we grant you a non‑exclusive, non‑transferable license to use the Service. OpenAI
3.3. Restrictions
You shall not:
- Reverse engineer the Service or extract models’ parameters; see OpenAI Terms of Use.
- Use the Service to process special categories of personal data without ensuring additional lawful basis.
4. Data Protection Roles and Responsibilities
4.1. Controller Obligations
- Ensure you have lawful bases under Art. 6 GDPR for processing.
- Provide accurate instructions and data‑subject notices.
4.2. Processor Obligations
- Process Personal Data only on documented Controller instructions (Art. 28(3) GDPR).
- Implement appropriate technical and organisational measures (Art. 32 GDPR).
- Notify Controller of any personal data breach without undue delay (Art. 33 GDPR).
5. Sub‑processing and International Transfers
We may engage sub‑processors (e.g., OpenAI) under binding written contracts incorporating EU Model Clauses for transfers outside the EEA (Art. 28(4), 46 GDPR). OpenAI
6. Data Subject Rights
Controller remains solely responsible for responding to data‑subject requests (access, rectification, erasure, portability). We will assist within 10 business days.
7. Confidentiality and Security
We commit to confidentiality obligations and apply industry‑standard security controls, including encryption in transit and at rest. Regular audits ensure compliance.
8. Retention and Deletion
Personal Data will be retained only as necessary to provide the Service and as required by law, then securely deleted or returned to you.
9. Limitation of Liability and Indemnity
Our liability is limited as set out in OpenAI’s Service Terms. You agree to indemnify us from third‑party claims arising from your breach of GDPR or misuse of the Service.
10. Termination
Either party may terminate for material breach with 30 days’ notice. Upon termination, we will delete or return Personal Data per Section 8.
11. Governing Law and Dispute Resolution
These Terms are governed by the laws of Ireland (where OpenAI’s EEA entity is based), excluding conflict‑of‑law rules. Disputes go to arbitration in Dublin.
12. Amendments
We may update these Terms (e.g., to reflect GDPR changes) with 30 days’ notice. Continued use constitutes acceptance.
References