This Data Processing Agreement ("DPA") forms part of the Terms of Service between Kontaible SRL ("Kontaible," "Processor") and the customer ("Customer," "Controller"). It governs Kontaible's processing of personal data on the Customer's behalf and is intended to comply with Ley No. 172-13 on the Protection of Personal Data of the Dominican Republic.
In case of conflict with the Terms of Service regarding personal-data processing, this DPA controls.
The Customer is the Controller and the Customer's clients/their employees are the Data Subjects. Kontaible is the Processor. The Customer is responsible for the lawfulness of the data it submits, including having a valid legal basis and providing required notices under Ley 172-13.
3.1 Kontaible will process Personal Data only on documented instructions from the Customer (as set out in the Terms and this DPA). If Kontaible must process for a legal obligation, it will inform the Customer unless prohibited by law.
3.2 Kontaible will ensure that persons authorized to process Personal Data are bound by confidentiality obligations.
Kontaible implements appropriate technical and organizational measures to protect Personal Data, including:
5.1 The Customer grants general authorization for Kontaible to engage subprocessors listed at kontaible.com/legal/subprocessors.
5.2 Kontaible will notify the Customer of any new subprocessor at least 14 days before engagement, giving the Customer opportunity to object on reasonable data-protection grounds.
5.3 Kontaible requires subprocessors to be bound by data-protection obligations consistent with this DPA.
Kontaible will promptly notify the Customer of data subject requests relating to Customer Data and will assist the Customer in responding, to the extent reasonably possible given the nature of processing. The Customer (as Controller) remains responsible for responding to data subjects.
Kontaible will notify the Customer without undue delay — and no later than 72 hours after becoming aware — of a Personal Data breach affecting Customer Data, providing sufficient information for the Customer to fulfill its own notification obligations under Ley 172-13.
Kontaible will provide the Customer, upon reasonable written request (no more than once per year absent cause), with information reasonably necessary to demonstrate compliance with this DPA, including completion of security questionnaires or third-party audit reports where available.
Upon termination of the Terms of Service, Kontaible will make Customer Data available for export for 30 days, then securely delete or anonymize it, unless retention is required by law. Kontaible will certify deletion upon request.
Each party's liability under this DPA is subject to the limitations set out in the Terms of Service. Kontaible's liability to the Customer is limited to damages caused by processing in breach of this DPA or Ley 172-13 where Kontaible failed to comply with its processor obligations.
This DPA terminates automatically on termination of the Terms of Service. Obligations regarding deletion and confidentiality survive termination.
Kontaible SRL · Ave. República de Colombia #69, Arroyo Hondo, Santo Domingo, Rep. Dom.
RNC: 132-14212-8 · info@kontaible.com