Data Processing Agreement (DPA)

Last updated: September 30, 2025

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (“Agreement”) between Responsive Advisors, Inc (“Processor,” “we,” “us,” or “our”) and the customer of the Service (“Controller,” “you,” or “your”).

1. Purpose

This DPA governs our processing of personal data on your behalf when you use our Training Management System (“Service”). The terms ensure compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, deletion).
  • Controller: The entity that determines the purposes and means of processing Personal Data.
  • Processor: The entity that processes Personal Data on behalf of the Controller.
  • Sub-Processor: A third party engaged by the Processor to process Personal Data.

3. Roles and Responsibilities

  • Controller: You are responsible for ensuring you have a legal basis for collecting and sharing Personal Data with us.
  • Processor: We process Personal Data only on documented instructions from you, unless required by law.

4. Processing Instructions

We process Personal Data only to:

  • Provide and maintain the Service.
  • Support, troubleshoot, and secure the Service.
  • Comply with applicable law.

5. Confidentiality

We ensure that persons authorized to process Personal Data are bound by confidentiality obligations.

6. Security

We implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, alteration, or disclosure.

7. Sub-Processors

  • We may engage third parties (e.g. hosting providers, payment processors, email services) as Sub-Processors.
  • We remain responsible for their performance.
  • A current list of Sub-Processors is available upon request.

8. International Transfers

If Personal Data is transferred outside the United States, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

9. Data Subject Rights

We assist you in responding to requests from data subjects, including rights of access, correction, deletion, and portability.

10. Data Breach Notification

We will notify you without undue delay after becoming aware of a data breach affecting Personal Data.

11. Data Retention and Deletion

Upon termination of the Agreement, we will delete or return Personal Data unless retention is required by law.

12. Audit Rights

Upon reasonable notice, you may audit our compliance with this DPA. Audits may be subject to confidentiality restrictions and conducted no more than once per year.

13. Governing Law

This DPA is governed by the laws of the State of Illinois, United States.

14. Miscellaneous

If any provision of this DPA is invalid, the remaining provisions remain in effect. This DPA prevails over conflicting provisions of the Agreement regarding data protection.

Contact Information for Data Protection Matters
Responsive Advisors, Inc
Chicago, Illinois, USA
info@coursemanager.net