Loading...

cpr-enroll

Data Processing Addendum

Data Processing Addendum

Data Processing Addendum | CPR Enroll
Summary: This Data Processing Addendum ("DPA") governs how ResQWare LLC handles Personal Data on behalf of our customers. It is incorporated into the CPR Enroll Terms of Service and supplements our Privacy Policy.

1. Introduction & Definitions

This Data Processing Addendum ("DPA") forms part of the Terms of Service Agreement ("Principal Agreement") between ResQWare LLC. ("Processor", "We") and the User/Customer ("Controller", "You").

This DPA applies to the extent that ResQWare LLC processes Personal Data on your behalf in the course of providing the CPR Enroll Service.

Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person (e.g., student name, email, certification ID).
  • "Data Subject" means the individual to whom Personal Data relates (e.g., your student).
  • "Processing" means any operation performed on Personal Data, such as collection, storage, retrieval, use, disclosure, or erasure.
  • "Sub-processor" means any third-party processor engaged by ResQWare LLC to assist in fulfilling its obligations (e.g., Stripe, AWS).

2. Roles of the Parties

The parties acknowledge and agree that with regard to the Processing of Personal Data:

  • You (The Customer) are the Controller: You determine the purposes and means of the Processing of Personal Data (e.g., you decide which students to enroll and what data to collect).
  • We (ResQWare LLC) are the Processor: We process Personal Data only on your behalf and in accordance with your instructions (e.g., storing the data, generating certificates).

3. Data Processing Obligations

ResQWare LLC shall:

  • Process Personal Data only on documented instructions from You (including instructions granted by your use of the Service), unless required to do so by applicable law.
  • Ensure that persons authorized to process the Personal Data (e.g., employees) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Assist You, insofar as this is possible, in responding to requests for exercising Data Subject's rights (e.g., deletion requests).

4. Use of Sub-Processors

You grant ResQWare LLC a general authorization to engage Sub-processors to provide the Service. Our current Sub-processors include, but are not limited to:

  • Amazon Web Services (AWS): Cloud hosting and storage.
  • Stripe: Payment processing.
  • SendGrid / Twilio: Email and SMS delivery.
  • Google Analytics: Usage analytics.

We shall impose data protection obligations on any Sub-processor that are at least as protective as those set out in this DPA. We remain liable for any breach of this DPA caused by a Sub-processor.

5. Security Measures

Taking into account the state of the art, the costs of implementation, and the nature of the processing, we shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data in transit and at rest where applicable.
  • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems.
  • Regular testing and evaluation of the effectiveness of technical measures.
  • Access controls to limit access to Personal Data to authorized personnel only.

6. Data Subject Rights

If a Data Subject (e.g., a student) contacts us directly with a request to access, correct, or delete their Personal Data:

  • We will not respond to that request directly except to direct the Data Subject to contact You (the Controller).
  • We will provide You with the functionality within the Service to access, correct, or delete the Personal Data, or provide reasonable assistance if such functionality is not available.

7. Data Breach Notification

In the event of a Personal Data Breach affecting your data, ResQWare LLC shall notify You without undue delay after becoming aware of the breach. Such notification shall include, to the extent known:

  • The nature of the breach.
  • The categories and approximate number of Data Subjects concerned.
  • The likely consequences of the breach.
  • Measures taken or proposed to address the breach.

8. Audits & Inspections

Upon written request, we will make available to You all information necessary to demonstrate compliance with this DPA. If you require an audit, we may allow you or an independent auditor to conduct an audit of our data processing practices, subject to confidentiality obligations and reasonable notice.

9. International Transfers

ResQWare LLC processes data primarily in the United States. If you are located in the EEA, UK, or Switzerland, you acknowledge that Personal Data will be transferred to the US. We rely on valid transfer mechanisms, such as Standard Contractual Clauses (SCCs), to ensure adequate protection of such data.

10. Miscellaneous

Termination: This DPA shall continue in force until the termination of the Principal Agreement or the deletion of all Personal Data by You.

Conflict: In the event of any conflict between this DPA and the Principal Agreement (Terms of Service), the provisions of this DPA shall prevail with regard to data protection matters.

Contact Us

If you have any questions about this DPA, please contact:

ResQWare LLC
Email: support@cprenroll.com

A Product of ResQWare LLC

Made with ❤️ by ResQWare LLC

© 2026 ResQWare LLC. All rights reserved.

Scroll to Top
Menu