Data Processing Addendum (DPA)

Last updated: October 15, 2025

This Data Processing Addendum (“DPA”) is incorporated into the Terms of Service and governs the processing of personal data by ConsultAI LLC, a Wyoming limited liability company (“Processor”), on behalf of the client (“Controller”), in connection with services provided through www.globalconsultai.com and related operations.

This DPA ensures compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar global frameworks.

1. Definitions

Controller: The entity that determines the purposes and means of processing personal data.

Processor: ConsultAI LLC, which processes personal data on behalf of the Controller.

Personal Data: Any information relating to an identified or identifiable individual.

Processing: Any operation performed on personal data, such as collection, storage, access, or deletion.

Subprocessor: Any third party engaged by ConsultAI LLC to assist in processing personal data.

2. Roles and Responsibilities

The Controller determines the nature and purpose of the processing, while ConsultAI acts solely as a Processor and follows the Controller’s lawful instructions.

ConsultAI will not:

  • Sell or share client data with third parties for unrelated purposes.
  • Process personal data outside the documented instructions of the Controller.

3. Nature and Purpose of Processing

ConsultAI processes client data to:

  • Deliver AI consulting, automation design, and implementation services.
  • Maintain and improve system functionality, analytics, and performance.
  • Communicate with clients regarding projects, invoices, and support.

The categories of personal data processed may include business contact information, employee names, and workflow-related data shared voluntarily by the client. ConsultAI does not intentionally collect sensitive personal data (such as health or biometric data).

4. Duration of Processing

Processing continues for as long as the client uses ConsultAI’s services or until termination of the service agreement.

Upon termination, all personal data will be securely deleted or returned to the Controller within 30 days, unless applicable law requires longer retention.

5. Confidentiality

ConsultAI ensures that all personnel authorized to process personal data are bound by strict confidentiality obligations. Access is granted only to employees or contractors who require it for legitimate business purposes.

6. Security Measures

ConsultAI maintains appropriate technical and organizational measures to protect personal data, including:

  • Encrypted data storage and transmission
  • Secure access controls and authentication
  • Regular software updates and vulnerability testing
  • Limited access to personal data based on role and necessity

Detailed documentation of security procedures is available upon request.

7. Subprocessors

ConsultAI may engage trusted Subprocessors (e.g., hosting, analytics, or CRM providers) to perform limited processing tasks.

All Subprocessors:

  • Are vetted for compliance and data protection standards
  • Operate under written agreements that mirror this DPA’s obligations

A list of current Subprocessors may be provided upon written request.

8. International Data Transfers

ConsultAI is based in the United States. Data transferred from the EEA, UK, or Switzerland may be stored or processed in the U.S.

ConsultAI relies on Standard Contractual Clauses (SCCs) or equivalent safeguards approved under GDPR to ensure adequate protection of such data.

9. Data Subject Rights

ConsultAI assists the Controller in responding to data subject requests under GDPR, including:

  • Access, correction, and deletion of data
  • Restriction or objection to processing
  • Data portability requests

Such assistance will be provided promptly and in good faith.

10. Incident Response and Breach Notification

In the event of a personal data breach:

  • ConsultAI will notify the Controller without undue delay
  • The notice will include relevant details (nature of breach, scope, mitigation actions)
  • ConsultAI will fully cooperate to resolve and document the incident

11. Audits and Compliance

Upon reasonable notice, the Controller may audit ConsultAI’s data protection practices or request evidence of compliance (e.g., security policies, certifications, or risk assessments). Audits will not disrupt normal operations and may be limited to once per calendar year unless required by law.

12. Return or Deletion of Data

Upon termination of the service relationship, ConsultAI will:

  • Delete or anonymize all personal data processed on behalf of the Controller, unless required to retain it by law
  • Confirm deletion or anonymization in writing upon request

13. Liability

Each party remains liable for its own compliance with applicable data protection laws. ConsultAI’s liability under this DPA shall not exceed the total amount paid for services under the main agreement during the twelve (12) months preceding the claim.

14. Governing Law

This DPA is governed by the laws of the State of Wyoming, United States, except where GDPR or other international privacy laws apply mandatorily. Disputes shall be resolved in the courts of Sheridan County, Wyoming, unless otherwise required by applicable data protection regulations.

15. Contact

For data protection or privacy-related inquiries, please contact:

ConsultAI LLC
30 N Gould St, Sheridan, WY 82801
United States
miavujovic@globalconsultai.com