Data Processing Agreement
The contractual terms for how we process data on your behalf.
- You are the Controller of your data; we are the Processor acting on your instructions.
- Your data is processed for one purpose only: delivering BIQc services to you.
- Sub-processors are bound to equivalent protections; the current list is available on request.
- On termination, your data is permanently deleted within 30 days unless the law requires otherwise.
1. Scope
This Data Processing Agreement ("DPA") forms part of the Terms & Conditions between Business Intelligence Quotient Centre Pty Ltd ("Processor") and the customer ("Controller") and governs the processing of business data through the BIQc platform.
2. Roles
- Data Controller: the customer, who determines the purpose and means of processing.
- Data Processor: Business Intelligence Quotient Centre Pty Ltd, processing data on the Controller's behalf.
3. Processing purpose
Data is processed solely for the purpose of providing governed business intelligence services as described in the BIQc service agreement.
4. Data categories
- Financial data.
- CRM data.
- Operational data.
- Communication metadata.
5. Sub-processors
We maintain a current list of sub-processors used in data processing, including AI model providers operating under training restrictions. Some sub-processors, including AI model providers, may process data outside Australia; cross-border handling is managed in line with Australian Privacy Principle 8. All sub-processors are subject to equivalent data protection obligations. The current list is available on request via support@biqc.ai.
6. Data retention
Data is retained for the duration of the service agreement plus 30 days. Upon termination, all data is permanently deleted within 30 days unless a legal retention obligation applies.
7. Security measures
- AES-256 encryption at rest.
- TLS 1.2+ encryption in transit (TLS 1.3 preferred).
- Role-based access controls.
- Regular security audits.
- Incident response within 72 hours.