This Data Processing Addendum ("DPA") forms part of the main agreement ("Agreement") between Formo. ("Formo", "we", "us", or "our") and the customer ("Customer") for the provision of services by Formo (the "Services") as defined in the Agreement.

1. Definitions

Personal Data refers to any information relating to an identified or identifiable natural person, as defined by applicable data protection laws.

Processing means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration, retrieval, use, disclosure, and erasure.

Sub-processor means any third party engaged by Formo that processes Personal Data on behalf of the Customer.

2. Scope and Applicability

This DPA applies when Formo processes Personal Data on behalf of the Customer in connection with the provision of the Services. This DPA is subject to the terms of the Agreement and reflects the parties' agreement about the processing of Personal Data.

3. Customer Responsibilities

The Customer is responsible for ensuring that the processing of Personal Data complies with all applicable data protection laws and regulations.

The Customer must provide clear instructions to Formo for the processing of Personal Data as required by applicable law.

4. Formo's Obligations

Formo will only process Personal Data on behalf of the Customer in accordance with the Customer's documented instructions, including those set forth in the Agreement and this DPA.

Formo will ensure that all personnel authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Formo will implement and maintain appropriate technical and organizational measures to protect Personal Data from unauthorized access, loss, alteration, or disclosure.

5. Sub-processors

Formo may engage Sub-processors to process Personal Data on behalf of the Customer. Formo will ensure that Sub-processors are subject to data protection obligations consistent with those set forth in this DPA.

Formo will remain liable for the actions and omissions of its Sub-processors.

6. Data Subject Rights

Formo will assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws (e.g., rights to access, rectification, erasure, and data portability).

7. Security Breach Management
In the event of a Personal Data breach, Formo will notify the Customer without undue delay after becoming aware of the breach. Formo will provide sufficient information to assist the Customer in meeting any obligations to report or inform data subjects of the breach.

8. Data Transfers

Formo will ensure that Personal Data is not transferred outside the European Economic Area (EEA) or other jurisdictions with similar restrictions unless adequate protections are in place, such as standard contractual clauses or an approved certification mechanism.

9. Audits
The Customer has the right to audit Formo's compliance with the terms of this DPA, including inspecting facilities, systems, and records used to process Personal Data.

10. Termination and Deletion of Data

Upon termination of the Agreement, Formo will, at the Customer's choice, return or delete all Personal Data processed on behalf of the Customer, unless required by applicable law to retain the data.

11. Governing Law

This DPA shall be governed by and construed in accordance with the laws governing the Agreement.

12. Contact Information
For any questions regarding this DPA or Formo's data processing activities, please contact us at support@formo.co