Industrial IQ Inc. — Data Processing Agreement
Version 1.0 | Effective upon countersignature | Governed by GDPR Article 28
1. Parties
Data Controller: The entity identified in the engagement intake form or purchase order (hereinafter “Client”).
Data Processor: Industrial IQ Inc., a company registered in the United States (hereinafter “Industrial IQ”).
2. Purpose and scope of processing
Industrial IQ processes catalog data on behalf of the Client solely to perform MRO spare-parts catalog deduplication diagnostics using the PartsCleanse AI engine. Processing is limited to: (a) reading the uploaded catalog CSV into the analysis engine; (b) generating diagnostic report artifacts; and (c) purging the source catalog file after report generation. No catalog row data is written to Industrial IQ's production database.
3. Categories of data subjects and data
The catalog CSV uploaded by the Client may contain commercially sensitive information including part descriptions, manufacturer part numbers, vendor codes, plant codes, unit-of-measure designations, and item master identifiers. It is the Client's responsibility to ensure that the catalog extract does not contain personal data of natural persons unless required for catalog governance purposes and covered by the Client's own legal basis for processing.
4. Industrial IQ's obligations
Industrial IQ shall: (a) process catalog data only on documented instructions from the Client; (b) ensure that persons authorized to process the data have committed to confidentiality; (c) implement appropriate technical and organizational security measures as described in Schedule A; (d) not engage sub-processors for catalog data processing without prior written Client consent; (e) assist the Client in fulfilling data subject rights requests insofar as they relate to data processed under this DPA; (f) delete the uploaded catalog source file upon completion of processing; (g) provide all information necessary to demonstrate compliance with GDPR Article 28 obligations; and (h) notify the Client without undue delay upon becoming aware of a personal data breach affecting data covered by this DPA.
5. Client's obligations
The Client shall: (a) ensure it has a lawful basis for sharing catalog data with Industrial IQ; (b) provide catalog data only in the formats described in the engagement intake form; (c) promptly notify Industrial IQ of any instruction that would conflict with applicable data protection law.
6. Security measures (Schedule A)
Industrial IQ implements the following technical and organizational measures: encrypted data transmission (TLS 1.2 minimum); isolated session-specific run folders for each catalog upload; immediate deletion of source catalog files after report generation; access controls restricting catalog folder access to the processing engine only; authentication-gated report artifact access; and audit logging of report access, downloads, and administrative actions.
7. Sub-processors
Industrial IQ does not currently engage sub-processors for catalog data processing. Cloud infrastructure used for application hosting processes encrypted application traffic only and does not receive catalog row data. A list of approved infrastructure sub-processors is available on request.
8. Data transfers
Processing occurs in the United States. For Client entities in the European Economic Area, United Kingdom, or Gulf Cooperation Council jurisdictions, standard contractual clauses or appropriate transfer mechanisms shall be incorporated by addendum upon written request.
9. Term and termination
This DPA remains in force for the duration of the engagement. Upon termination or completion, Industrial IQ shall confirm in writing that uploaded source catalog files have been deleted and that no catalog row data is retained in its systems.
10. Governing law
This DPA is governed by the laws of the State of Delaware, United States, without regard to conflict-of-law principles, unless the Client is an EU, UK, or GCC entity, in which case GDPR, UK GDPR, or applicable local law governs data protection obligations.
Signature block
Industrial IQ Inc.
Authorized signatory: R. Santhana Krishnan, Founder
Email: support@ai2coe.com
Date: _______________
Client (Data Controller)
Company name: _______________
Authorized signatory: _______________
Title: _______________
Email: _______________
Date: _______________
