ACUERDO DE PROTECCIÓN DE DATOS

1. INTRODUCTION

This Data Protection Agreement ("Agreement") is entered into by and between BloomIQ Technologies Inc. ("BloomIQ"), a company duly registered and operating under the laws of Canada, specifically the Province of Alberta, and any individual or entity accessing, using, or integrating with BloomIQ's services, including but not limited to applications, platforms, and associated technologies ("User").

2. DEFINITIONS

• "Personal Data" means any information relating to an identified or identifiable natural person as defined under applicable data protection laws.
• "Processing" means any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, or destruction.
• "Controller" means the entity that determines the purposes and means of processing Personal Data.
• "Processor" means an entity that processes Personal Data on behalf of the Controller.
• "Sub-Processor" means any third-party processor engaged by the Processor.
• "Applicable Laws" refers to all privacy and data protection laws and regulations applicable to the parties, including but not limited to the Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta's Personal Information Protection Act (PIPA), and regulations set forth by Apple LLC and Google LLC.

3. DATA PROCESSING OBLIGATIONS

3.1. BloomIQ shall process Personal Data in accordance with Applicable Laws, ensuring lawfulness, fairness, transparency, accuracy, integrity, and security.

3.2. BloomIQ shall not use, process, or share Personal Data for purposes beyond those explicitly stated in its Privacy Policy and this Agreement.

3.3. If BloomIQ acts as a Processor on behalf of the User, it shall process Personal Data only upon documented instructions from the User.

4. SECURITY MEASURES

4.1. BloomIQ shall implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of Personal Data, including:

• Data encryption during storage and transmission.
• Restricted access controls and authentication protocols.
• Anonymization and pseudonymization where feasible.

4.2. If a Personal Data breach occurs, BloomIQ shall notify the affected parties without undue delay and provide relevant details regarding mitigation measures.

5. DATA SUBJECT RIGHTS

5.1. BloomIQ shall facilitate the exercise of data subject rights under Applicable Laws, including:

• Right to access, rectify, or erase Personal Data.
• Right to data portability.
• Right to object to processing.
• Right to withdraw consent at any time.

5.2. Requests from data subjects shall be addressed within legally prescribed timeframes.

6. SUB-PROCESSORS

6.1. BloomIQ may engage Sub-Processors to process Personal Data, provided that:

• Such Sub-Processors comply with equivalent data protection obligations.
• BloomIQ remains liable for any breach by its Sub-Processors.

6.2. A list of Sub- Processors shall be made available upon request.

7. CROSS-BORDER DATA TRANSFERS

7.1. BloomIQ shall ensure that any cross-border data transfers comply with Applicable Laws, using:

• Standard contractual clauses (SCCs).
• Binding corporate rules (BCRs).
• Adequacy decisions from relevant authorities.

7.2. Users shall be informed of international data transfers and their associated safeguards.

8. CLOUD SERVICE PROVIDERS

8.1. BloomIQ utilizes Google Cloud Platform (GCP) and may engage other cloud service providers to store, process, and manage Personal Data securely.

8.2. All cloud service providers used by BloomIQ shall adhere to industry best practices for security, including encryption, access controls, and compliance with applicable data protection regulations.

8.3. BloomIQ ensures that any cloud service provider engaged complies with equivalent data protection obligations and remains responsible for any breaches caused by such providers.

9. COMPLIANCE WITH APPLE LLC AND GOOGLE LLC REQUIREMENTS

9.1. BloomIQ's data handling practices shall comply with Apple's App Store Review Guidelines, Google Play Developer Policy, and any other relevant guidelines.

9.2. Where required, BloomIQ shall submit data protection impact assessments and privacy-related disclosures to Apple LLC and Google LLC.

10. RETENTION AND DELETION

10.1. Personal Data shall only be retained for as long as necessary for the purposes stated in this Agreement.

10.2. Upon termination of services, BloomIQ shall either delete or anonymize Personal Data unless retention is required by law.

11. LIABILITY AND INDEMNIFICATION

11.1. Each party shall be liable for any breaches of this Agreement and shall indemnify the other party against claims arising from non- compliance with data protection obligations.

11.2. BloomIQ shall not be liable for indirect, consequential, or incidental damages arising from data processing activities unless caused by gross negligence or willful misconduct.

12. GOVERNING LAW AND DISPUTE RESOLUTION

12.1. This Agreement shall be governed by the laws of the Province of Alberta, Canada.

12.2. Any disputes shall be resolved through arbitration or mediation before resorting to litigation, except where required by law.

13. UPDATES TO THIS AGREEMENT

13.1. BloomIQ reserves the right to update this Agreement as necessary to reflect changes in laws, regulations, or business practices.

13.2. Users shall be notified of significant changes in a timely manner.

14. CONTACT INFORMATION

For any questions regarding this Agreement, Users may contact BloomIQ Technologies Inc. at:

By using BloomIQ's services, the User acknowledges and agrees to the terms of this Data Protection Agreement, effective as of the date of acceptance.