Scope
This DPA applies where Adviser IQ processes personal data on the customer's behalf in the course of providing the platform. It is incorporated into the Terms of Service by reference.
Roles
The customer is the data controller. Adviser IQ is the data processor. Adviser IQ acts only on documented instructions from the customer, except where required by law.
Subject matter
Processing of personal data relating to the customer's clients, advisers, and staff for the purpose of providing the CRM, case management, compliance, and communications services described in the Terms.
Sub-processors
Adviser IQ uses the sub-processors listed at /sub-processors. We will provide at least 30 days' notice before adding or replacing sub-processors; customers may object on reasonable grounds.
Security measures
Adviser IQ implements technical and organisational measures appropriate to the risk, including encryption in transit and at rest, role-based access control, logging, monitoring, staff training, and periodic testing. Full detail at /security.
Breach notification
Adviser IQ will notify customers of a personal-data breach without undue delay, and in any case within 48 hours of becoming aware. See /data-breach.
Assistance with data-subject rights
Adviser IQ will assist the customer to respond to data-subject requests through appropriate technical and organisational measures.
Return and deletion
On termination, Adviser IQ will return customer data in a machine-readable format and delete remaining copies within 90 days, save where retention is required by law.
Audit
Adviser IQ will make available information necessary to demonstrate compliance with Art. 28 and allow for audits conducted by the customer or a mandated auditor, subject to reasonable notice.