Version: 1.5 • Effective Date: March 17, 2026
By ordering, accessing, or using the ITSL SMART AI Agents services (the “Services”), you (“Customer”) agree to these Terms & Conditions (“T&Cs”). Each signed Order Form, online checkout, or statement of work (each, an “Order”) is governed by these T&Cs. If there is a conflict, the Order controls solely for pricing, quantities, and term. “Documentation” means the then-current user and technical materials for the Services. “Confidential Information” has the meaning in Section 10. “ITSL” means Eminent Solutions Integration, Inc. d/b/a IT Support Leaders.
2.1 Services. The Services include configuration, management/maintenance, quality assurance reviews/training, and usage-based voice minutes, as described in your Order.
2.2 Project Phases & Milestones. Where an Order includes implementation or professional services, the parties may define project phases and milestones (e.g., discovery, configuration, testing/UAT, integration, pilot, go-live) in the Order or SOW. Customer will provide timely inputs, access, and decisions required to meet milestones. Delays caused by Customer (including delayed feedback, access, approvals, or incomplete requirements) may extend timelines and may require a change order and/or additional fees.
2.3 Customer Acceptance / Final Sign-Off. For deliverables or go-live readiness items identified in an Order/SOW, Customer will provide written acceptance or rejection with reasonable detail within five (5) business days after delivery (or such other period stated in the Order). If Customer does not provide written rejection within that period, deliverables will be deemed accepted. Use of the Services in production following delivery, pilot, or go-live also constitutes acceptance. Minor defects that do not materially impair the agreed functionality will not prevent acceptance and will be addressed during normal support.
2.4 Order of Precedence. In the event of conflict, the following order of precedence applies: (a) Business Associate Agreement (BAA), if executed; (b) Data Processing Addendum (DPA); (c) these T&Cs; (d) documents referenced herein.
3.1 Fees. Customer will pay the fees in the Order, including any one-time setup, the monthly base subscription fee for the selected package (the “Base Fee”), and usage-based AI minutes and other charges beyond the package’s included amounts, at the then-applicable rates.
3.2 Billing Cycle; Base Fee Timing. The Base Fee is invoiced and due at the beginning of each monthly billing cycle, which begins on the activation date (or such other cycle start date stated in the Order) and repeats monthly.
3.3 Automatic Payments. Customer authorizes ITSL to automatically charge the payment method on file (credit card or ACH) for all invoices and usage charges described in the Agreement, including incremental usage charges during the billing cycle as described in Section 4. Customer will keep payment methods current and funded. The Services may be suspended temporarily for a payment or funding failure.
3.4 Credit-Card Surcharge. Credit-card payments incur a 3.0% card surcharge (credit only; no surcharge on debit/prepaid). The surcharge will be disclosed prior to payment and itemized on receipts.
3.5 Taxes/Regulatory Fees. Prices exclude taxes and regulatory fees, which Customer will pay, excluding taxes on ITSL’s income.
3.6 Late Fees; Suspension. Late amounts accrue the lesser of 1.5% per month or the maximum permitted by Florida law. ITSL may suspend the Services for non-payment and may terminate for continued delinquency or require additional deposits.
3.7 Telecom & Carrier Fees; Spam/Telemarketing Costs. Customer is responsible for all telecommunications carrier fees, messaging/10DLC fees, surcharges, penalties, and other charges that arise from Customer’s calling/messaging practices, content, lists, consent management, or compliance posture. Without limiting the foregoing, ITSL is not responsible for charges, fines, penalties, carrier surcharges, or remediation costs associated with spam, unlawful robocalls/telemarketing, caller-ID reputation degradation, call blocking/labeling, or similar enforcement actions by carriers, regulators, or third parties.
4.1 Packages & Included Amounts. Customer selects a subscription package in the Order. Each package has a Base Fee and includes a defined amount of AI talk time minutes (“Included Minutes”) and a defined amount of monthly agent retraining/updates/modifications (“Included Engineering Time”).
Example Starter Package (illustrative): $500/month Base Fee includes (a) platform hardware/software usage, (b) 500 Included Minutes, and (c) 2 hours of Included Engineering Time. ITSL may offer packages with higher Base Fees and higher Included Minutes.
4.2 Included Engineering Time Overages. Included Engineering Time is available only within the billing cycle and does not roll over. Additional AI Engineering beyond the included amount is billed at the rate stated in the Order (or, if not stated, at ITSL’s then-current standard rate).
4.3 Usage Metering; Notification. AI minute usage is metered continuously. When Customer consumes 100% of its Included Minutes for the billing cycle, ITSL will send a usage notification to the contacts designated by Customer.
4.4 Incremental Usage Charges in 1,000-Minute Blocks. After Included Minutes are consumed, Customer authorizes ITSL to run automatic incremental payments each time an additional 1,000 minutes are consumed during the same billing cycle (each, a “Usage Block”), at the applicable per-minute rate for Customer’s then-current volume tier in the Order (e.g., $0.25/minute for 0–10,000 monthly minutes, unless a different tier applies).
4.5 End-of-Cycle True-Up for Partial Blocks. At the end of each billing cycle, ITSL will charge any remaining minutes consumed that do not complete a full 1,000-minute Usage Block (a “Partial Block”) at the applicable per-minute rate.
Illustrative Example. If Customer is on the $500 package with 500 Included Minutes and the applicable rate is $0.25/minute: (i) Customer pays $500 at the start of the cycle covering the first 500 minutes; (ii) when total usage reaches 1,500 minutes (1,000 minutes beyond the Included Minutes), ITSL charges $250; (iii) when total usage reaches 2,500 minutes, ITSL charges another $250; and (iv) if total usage at month-end is 2,750 minutes, ITSL charges the remaining 250 minutes ($62.50) as a Partial Block true-up. The next billing cycle begins with the Base Fee charge for the new month.
4.6 Large-Volume Accounts; Deposits; Prepayment; Credit Limits. For accounts expected or observed to use more than 10,000 minutes per month (or otherwise deemed high-volume by ITSL), ITSL may require one or more of the following: (a) a higher-tier package with a higher Base Fee and more Included Minutes; (b) prepayment of expected usage; (c) a refundable security deposit (including deposits up to two (2) weeks of projected usage); (d) a credit limit; and/or (e) more frequent incremental payments (e.g., weekly usage billing) to maintain service continuity. ITSL will provide written notice of any required deposits, prepayments, or limits prior to enforcement.
4.7 Throttling / Pause for Non-Payment or Limits. If a payment method fails, a credit limit is reached, or required top-ups/prepayments are not made after notice, ITSL may throttle to essential flows or pause new calls until the account is brought current.
5.1 Zero-Retention Default (Recommended for Sensitive Data). By default, conversational payloads are processed transiently to deliver outputs (e.g., email/SMS, call transfers, ticket creation) and then purged from ITSL systems upon successful delivery (“Zero-Retention”). ITSL retains only de-identified operational metadata necessary for billing and call detail verification; such metadata is intended to contain no ePHI or direct PII and is not reasonably linkable to an individual.
5.2 Recommendation for Sensitive Data. ITSL strongly recommends that Customers with sensitive data—especially electronic protected health information (ePHI), personally identifiable information (PII), and financial information—use the Zero-Retention configuration unless and until Customer has completed its own risk assessment and has executed any required addenda (e.g., BAA/DPA) and internal controls.
5.3 Optional Data Retention Features (Customer-Elected). Certain optional features requested by Customer may require ITSL to retain or store limited Customer data (for example, to support audit/history, analytics, custom reporting, conversation review, QA, training datasets, or other features) (“Retention Features”). Retention Features, if enabled, will be described in the Order, SOW, or a written addendum, including the data types, retention period, and access controls.
5.4 Best Efforts – No 100% Security Guarantee;. ITSL will use commercially reasonable safeguards and best efforts to protect Customer data consistent with Section 5.6 and applicable law; however, Customer acknowledges that no system is perfectly secure and that data breaches, unauthorized access, or security incidents are always a possibility, including due to threats outside ITSL’s reasonable control.
5.5 Privacy Laws & Addenda. To the extent applicable, ITSL processes personal data in accordance with applicable privacy laws (e.g., CCPA/CPRA). For EU/UK data, the Parties will execute a DPA with SCCs. For HIPAA workflows involving PHI, the Parties must execute a BAA; absent a BAA, Customer will not transmit PHI to the Services.
5.6 Security Alignment. ITSL aligns safeguards with industry frameworks including HIPAA Security Rule (via BAA), GLBA Safeguards Rule (as applicable), NAIC Insurance Data Security Model Law (as adopted), SOC 2 principles, ISO/IEC 27001 controls, NIST CSF, and PCI DSS for card acceptance. ITSL attests to conformance and does not represent certification unless explicitly stated in an Order.
5.7 Subprocessors. ITSL may use vetted subprocessors for hosting, telephony, messaging, and AI components. Subprocessors are responsible for adhering to their representations and responsibilities to safeguard sensitive information. In the event of a subprocessor breach involving Customer’s sensitive information, ITSL will coordinate incident response with Customer consistent with law.
5.8 Security Incidents. ITSL will notify Customer without undue delay upon confirming a security incident impacting Customer data and will cooperate as required by applicable law.
5.9 Customer Choice; Hold Harmless for Retention Features. If Customer requests and enables Retention Features that store data beyond the Zero-Retention default, Customer acknowledges that such retention increases risk exposure. TO THE FULLEST EXTENT PERMITTED BY LAW, Customer agrees to defend, indemnify, and hold harmless ITSL from third-party claims, regulatory actions, fines, penalties, and damages arising from Customer’s decision to enable Retention Features, the categories of data Customer elects to store (including ePHI/PII/financial data), Customer’s retention instructions, or Customer’s failure to obtain required consents/authorizations—except to the extent caused by ITSL’s gross negligence or willful misconduct.
6.1 General. Customer will provide accurate configuration inputs, escalation rules, and notification recipients; ensure it has a lawful basis to share any personal data; and provide end-user notices as required. Customer will not use the Services to transmit unlawful content, spam, or malicious code; to infringe rights; or in violation of telemarketing/TCPA, privacy, or other applicable laws.
6.2 Outbound Calling/Messaging & Consent Warranty. If Customer uses the Services for outbound calling or messaging (including appointment confirmations, reminders, collections, outreach, or marketing), Customer represents and warrants that: (a) each telephone number provided or targeted by Customer has been obtained lawfully and is accurate; (b) Customer has obtained and will maintain all consents, permissions, and opt-ins required by applicable law and carrier policies for the type of communication (including, where applicable, consent for prerecorded/artificial voice or automated dialing, SMS/MMS, and similar outreach); (c) Customer will honor all opt-outs and “do not contact” requests immediately and maintain suppression lists; (d) Customer will ensure numbers are screened/scrubbed against applicable do-not-call registries and other restrictions to the extent required for its use case, and will not contact any person who has asked not to be called or messaged; and (e) Customer will not initiate outreach that is unlawful, misleading, or that violates carrier policies.
6.3 Telemarketing, Consent, and Do-Not-Call Compliance. Customer is solely responsible for compliance with the Telephone Consumer Protection Act (TCPA), Telemarketing Sales Rule (TSR), CAN-SPAM (as applicable), state telemarketing laws, healthcare communications rules (as applicable), and applicable carrier policies. Customer is responsible for registering and managing its numbers and/or campaigns with applicable federal, state, and industry do-not-call registries and related compliance programs where required for Customer’s use case.
6.4 Carrier Policies; A2P/10DLC; Call Authentication; Spoofing. Customer acknowledges that telecommunications carriers and messaging providers impose requirements that may include, without limitation: (a) A2P registration requirements for messaging programs (including A2P 10DLC, brand/campaign registration, content vetting, opt-in/opt-out keywords, and throughput limits); (b) call authentication and caller-ID integrity requirements (including STIR/SHAKEN attestations, CNAM/caller-name listings, and restrictions on caller-ID spoofing); and (c) reputation management practices (labeling, analytics, blocking, and remediation processes). Customer will provide accurate business identity information and documentation reasonably requested by ITSL or carriers to satisfy such requirements. Customer will not spoof caller ID, misrepresent identity, or attempt to bypass carrier controls.
6.5 Prohibited Uses. Customer will not use the Services for unlawful robocalling, spam, spoofing, deceptive calling practices, prohibited content, or any activity that could reasonably be expected to result in carrier blocking/labeling, regulatory enforcement, or third-party claims.
6.6 Customer Indemnity for Telecom/Telemarketing/Spam. Customer will defend, indemnify, and hold harmless ITSL from any third-party claim, investigation, fine, penalty, surcharge, remediation cost, chargeback, or enforcement action arising from Customer’s calling/messaging practices, consent management, scripts/content, lead lists, number sourcing, or non-compliance with laws or carrier policies (including claims under TCPA/TSR or similar statutes, and carrier actions related to A2P/10DLC, call authentication, labeling, or blocking).
The Services are provided on a best-efforts basis. Given the probabilistic nature of AI systems and dependencies on third-party carriers/platforms and Customer inputs, ITSL does not guarantee any particular outcome or metric (including accuracy, error-free operation, response times, conversion rates, revenue, or compliance outcomes). Service level targets are objectives and not warranties or guarantees. Customer must review outputs and make final decisions.
ITSL may modify pricing and/or per-minute tier tables on a prospective basis upon notice. Changes do not apply retroactively to invoices already issued or payments already received. Any discounts or special pricing must be expressly approved by ITSL in writing; unauthorized pricing is non-binding.
ITSL retains all right, title, and interest in and to the Services, Documentation, and underlying intellectual property. During the subscription term, ITSL grants Customer a non-exclusive, non-transferable right to use the Services for its internal business purposes, subject to these T&Cs and the Order. ITSL may use feedback without restriction.
Each party may disclose non-public information that is marked or reasonably understood as confidential (“Confidential Information”). The receiving party will use such Confidential Information only to perform under these T&Cs and will protect it with at least reasonable care. Standard exclusions and required disclosure obligations apply.
EXCEPT AS EXPRESSLY PROVIDED IN AN ORDER, THE SERVICES ARE PROVIDED “AS IS.” ITSL DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY ARISING FROM COURSE OF DEALING OR USAGE. THE SERVICES AND OUTPUTS ARE NOT LEGAL, MEDICAL, ACCOUNTING, OR OTHER PROFESSIONAL ADVICE.
Defense & Payment. ITSL will defend, indemnify, and hold harmless Customer from any third-party claim alleging that the Services, as provided by ITSL and used by Customer in accordance with the Documentation and these T&Cs, infringe a U.S. patent, copyright, or trade secret, and will pay damages and reasonable attorneys’ fees finally awarded by a court of competent jurisdiction or agreed in a settlement approved by ITSL, subject to: (i) Customer’s prompt written notice; (ii) ITSL’s sole control of the defense and settlement (no settlement may admit Customer fault or impose non-monetary obligations on Customer without Customer’s consent, not to be unreasonably withheld); and (iii) Customer’s reasonable cooperation.
Exclusions. ITSL has no obligation to the extent a claim arises from: (a) Customer Content or Customer instructions; (b) combinations of the Services with items not provided by ITSL; (c) modifications not made by ITSL; or (d) use of the Services not in accordance with the Documentation or these T&Cs.
Exclusive Remedies. If the Services are, or in ITSL’s opinion are likely to be, enjoined for infringement, ITSL may, at its option and expense: (1) procure the right for Customer to continue using the Services; (2) modify the Services to be non-infringing; (3) replace the Services with a non-infringing alternative of substantially equivalent functionality; or (4) if (1)–(3) are not commercially reasonable, terminate the affected Services and refund prepaid fees for the unused remainder of the term for the affected Services. This Section 12 sets forth Customer’s sole and exclusive remedies for any third-party IP infringement claim regarding the Services.
Sole Monetary Recourse to Insurance. TO THE FULLEST EXTENT PERMITTED BY LAW, CUSTOMER’S SOLE AND EXCLUSIVE MONETARY RECOURSE FOR CLAIMS INDEMNIFIED UNDER THIS SECTION 12 IS LIMITED TO THE PROCEEDS OF ITSL’S APPLICABLE INSURANCE POLICIES, AND ITSL WILL HAVE NO DIRECT MONETARY LIABILITY BEYOND SUCH PROCEEDS. ITSL WILL MAINTAIN PROFESSIONAL LIABILITY / TECHNOLOGY E&O COVERAGE OF USD $1,000,000 PER CLAIM AND USD $3,000,000 AGGREGATE, AND MAY MAINTAIN CYBER LIABILITY COVERAGE AT COMMERCIALLY REASONABLE LIMITS. UPON REASONABLE REQUEST, ITSL WILL PROVIDE CERTIFICATES OF INSURANCE.
Customer Indemnity / Hold Harmless. Customer will defend, indemnify, and hold harmless ITSL (including its officers, directors, employees, agents, and affiliates) from third-party claims to the extent arising from Customer Content, Customer instructions, Customer systems/integrations, or use of the Services in violation of the Documentation, these T&Cs, or applicable law.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY IS LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR LOST PROFITS/REVENUE/GOODWILL/DATA, EVEN IF ADVISED OF THE POSSIBILITY. EXCEPT FOR (i) breaches of Confidentiality (Section 10); (ii) obligations under Section 5 (Data Security) to the extent resulting from a party’s failure to comply with its security obligations; and (iii) indemnity obligations under Section 12 (which are subject to the Sole Monetary Recourse to Insurance stated in Section 12), EACH PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE T&Cs WILL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO ITSL IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. MULTIPLE CLAIMS WILL NOT ENLARGE THIS CAP. THE EXCLUSIONS AND CAPS IN THIS SECTION APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY.
ITSL may suspend the Services for non-payment, security threats, or material breach after notice (except immediate suspension as needed to protect the Services or third parties). Either party may terminate for material breach not cured within fifteen (15) days after written notice. Upon termination, Customer will cease use and pay all amounts due. Sections 5, 9–13, and 15–17 survive.
15.1 Governing Law. These T&Cs are governed by the laws of Florida, without regard to conflicts rules.
15.2 Executive Escalation. The parties will first seek resolution through good-faith executive escalation. If unresolved after thirty (30) days, the dispute will proceed to binding arbitration as set forth below.
15.3 Binding Mandatory Arbitration. Except for claims seeking temporary or preliminary injunctive relief to prevent unauthorized use, disclosure, or misuse of a party’s Confidential Information or intellectual property, any dispute, claim, or controversy arising out of or relating to these T&Cs, the Services, or an Order will be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration will be conducted in Miami-Dade County, Florida, by a single arbitrator. Judgment on the award may be entered in any court of competent jurisdiction. EACH PARTY WAIVES THE RIGHT TO A JURY TRIAL AND TO PARTICIPATE IN A CLASS ACTION.
15.4 Venue for Injunctive Relief. For permitted injunctive relief actions, the parties consent to the exclusive jurisdiction and venue of the state and federal courts located in Miami-Dade County, Florida.
15.5 Attorneys’ Fees. The prevailing party in any arbitration or court proceeding is entitled to recover its reasonable attorneys’ fees and costs, unless prohibited by law or otherwise stated in an Order.
16.1 Notices. Notices may be sent to the addresses in the Order (or as updated) by email with confirmation, courier, or certified mail.
16.2 Updates to T&Cs. ITSL may update these T&Cs prospectively by posting a new version with a new version/date identifier. The version referenced in the Order applies to that Order term unless otherwise agreed. Any new version with significant material changes will apply if Customer continues to use the Services.
16.3 Entire Agreement. These T&Cs, together with the Order and any executed BAA/DPA, constitute the entire agreement for the Services and supersede prior discussions.
16.4 Contact and Notices. IT Support Leaders (“ITSL”) is a DBA for Eminent Solutions Integration, Inc. Mailing Address: IT Support Leaders, 13378 SW 128th ST, Miami, FL 33186. Email Notices: assist@itsupportleaders.com.
ITSL will maintain during the subscription term: (a) commercial general liability at commercially reasonable limits; (b) professional liability / technology errors & omissions insurance with limits of USD $1,000,000 per claim and USD $3,000,000 aggregate; and (c) cyber liability insurance at commercially reasonable limits. Upon reasonable request, ITSL will provide a certificate of insurance evidencing such coverage. Customer acknowledges that, pursuant to Section 12, for indemnified IP claims Customer’s monetary recourse is limited to insurance proceeds.
Version: 1.1 • Effective Date: February 27, 2026
This Acceptable Use Policy (“AUP”) applies to all use of the ITSL SMART AI Agents services (the “Services”). Capitalized terms have the meanings in the ITSL SMART AI Agents Terms & Conditions (“T&Cs”).
Carriers and messaging providers impose requirements that can change over time. Customer is solely responsible for complying with all applicable laws, regulations, and carrier policies for voice and messaging, including without limitation TCPA, TSR, applicable state telemarketing laws, and any carrier registration and reputation programs.
ITSL may investigate suspected violations and suspend or terminate access for breaches of this AUP or applicable law/carrier policy. Where required by law or carrier policy, ITSL may block abusive traffic and cooperate with relevant providers or authorities. Customer is responsible for all costs, penalties, and charges arising from violations.
Version: 1.0 • Effective Date: Enero 1, 2025
This page summarizes the security practices for the ITSL SMART AI Agents platform. For detailed assessments or questionnaires, contact assist@itsupportleaders.com.
Our security program aligns to SOC 2 principles, ISO/IEC 27001 controls, and NIST CSF. For HIPAA workflows, controls align to the HIPAA Security Rule under an executed BAA. We continuously improve based on risk assessments and audits.
Calls and messages are processed through redundant carriers and AI components. Conversational payloads are handled transiently (zero‑retention) to produce outputs (e.g., email/SMS, ticket creation), then purged. Minimal de‑identified operational metadata is retained for billing and service integrity.
Encryption in transit and at rest where data persists; secure key management; secrets rotation; hardened configurations; least‑privilege access with MFA.
Role‑based access control, SSO/MFA for administrative access, periodic access reviews, and logging with audit trails.
Secure SDLC, code review, dependency scanning, secret scanning, and environment separation. Penetration testing may be performed periodically; summaries available upon request under NDA.
Segmentation, firewalls, WAF, DDoS protections, vulnerability scanning, and hardened baselines.
Centralized logging, alerting, anomaly detection, and a documented incident response plan with executive escalation and customer notification consistent with law.
High‑availability architecture with redundancy for telephony/messaging; disaster recovery tested periodically; backups for persistent systems.
Risk‑based due diligence, contractual data protection requirements, and ongoing monitoring; current subprocessor list available upon request.
Maintain accurate configurations, escalation paths, and lawful sources; review outputs; secure your endpoints and identities; promptly notify us of suspected compromise.
We welcome good‑faith security reports at assist@itsupportleaders.com. Do not perform testing that could impact service availability without written authorization.
Version: 1.0 • Effective Date: Enero 1, 2025
This DPA forms part of the Agreement between Customer (controller) and ITSL (processor) for the provision of the Services. In case of conflict, this DPA prevails over the T&Cs with respect to Personal Data processing.
Subject Matter: processing of Personal Data submitted to or generated by the Services to provide AI‑assisted intake, routing, and task automation.
Duration: the term of the Agreement and any wind‑down period required by law.
Nature & Purpose: hosting and transient processing of conversational payloads and related operational metadata to provide, secure, and support the Services.
Customer is the controller; ITSL is the processor. ITSL will process Personal Data only on documented instructions from Customer, including as set out in the Agreement and this DPA.
ITSL ensures personnel are bound by confidentiality obligations and receive appropriate data protection and security training.
ITSL implements appropriate technical and organizational measures aligned to SOC 2 principles, ISO/IEC 27001 controls, NIST CSF, and HIPAA Security Rule (where applicable). See Annex II (Security Measures).
Customer authorizes ITSL to use subprocessors for hosting, telephony, messaging, and AI components. ITSL will enter into written agreements with subprocessors imposing data protection obligations no less protective than this DPA. ITSL will provide a list of subprocessors upon request and notify Customer of material changes where required.
Where ITSL or its subprocessors transfer Personal Data outside the originating jurisdiction, ITSL will implement appropriate transfer mechanisms (e.g., EU/UK SCCs). For EU/EEA transfers, the parties agree the SCCs (Module 2: Controller→Processor) are incorporated by reference, with ITSL as the data importer.
Taking into account the nature of processing, ITSL will reasonably assist Customer with data subject requests, DPIAs, and consultations with supervisory authorities, at Customer’s expense where permitted.
ITSL will notify Customer without undue delay after becoming aware of a Personal Data Breach and provide information reasonably available to assist Customer in meeting breach‑reporting obligations.
Upon termination or at Customer’s written request, ITSL will delete or return Personal Data, unless retention is required by law. Transient payloads are purged per the zero‑retention model.
Upon reasonable written request, ITSL will make available information necessary to demonstrate compliance with this DPA (e.g., summaries of third‑party assessments) and allow audits by Customer or an appointed auditor no more than annually, subject to confidentiality and reasonable scheduling.
Where workflows involve PHI, the parties will execute a Business Associate Agreement. In case of conflict between this DPA and a BAA regarding PHI, the BAA prevails.
Liability is as set out in the Agreement Terms and Conditions. In case of conflict between this DPA and the Agreement T&C’s on Personal Data processing, this DPA controls.
Data Subjects: customers, patients/clients of Customer, end users, Customer personnel.
Categories of Data: contact details, scheduling information, policy/account identifiers, interaction transcripts (transient), and any data provided by Customer in the course of using the Services.
Special Categories: not intended; Customer must not submit special‑category data unless required by workflow and covered by applicable law and this DPA/BAA.
Frequency: continuous as determined by Customer’s use.
Retention: transient for payloads; minimal operational records retained as required for billing and legal obligations.
A current list will be provided upon request from Client on a need-to-know basis.
