appendix 6

Data Processing Agreement

Jan 24, 2025

L

LEXA

Introduction

This Data Processing Agreement ("Agreement") is entered into by PT Inovasi Kolektif Digital ("LEXA", "Data Processor") and the user ("Client", "Data Controller") to ensure comprehensive protection of personal data in compliance with applicable data protection regulations.

Definitions

For the purposes of this Agreement:

  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Data Processing" includes collection, recording, organization, structuring, storage, adaptation, and other data handling activities
  • "Data Subject" refers to the individual to whom personal data relates

Scope and Purpose of Data Processing

LEXA will process personal data solely for the following purposes:

  • Providing legal research platform services
  • User account management
  • Platform functionality and improvement
  • Customer support and communication

Client Responsibilities

The Client shall ensure:

  • Lawful basis for data processing
  • Obtaining necessary consents from data subjects
  • Accuracy and currency of personal data
  • Compliance with data protection regulations

LEXA's Obligations

LEXA commits to:

  • Process personal data only on documented instructions from the Client
  • Ensure confidentiality of processed data
  • Implement appropriate technical and organizational security measures
  • Assist the Client in responding to data subject requests
  • Notify the Client of any data breaches within 24 hours

Security Measures

LEXA will implement comprehensive security protocols, including:

  • AES-256 encryption for data at rest and in transit
  • Multi-factor authentication
  • Regular security audits and vulnerability assessments
  • Access controls and user authentication protocols
  • Secure data storage and transmission practices

International Data Transfers

Personal data may be transferred to and processed in countries where LEXA operates, with appropriate safeguards to protect data subject rights and comply with international data protection standards.

Subprocessors

LEXA may engage subprocessors, including:

  • Cloud service providers (Cloudflare, Vercel)
  • AI technology providers (OpenAI, Anthropic Claude, Google Gemini)

LEXA ensures these subprocessors meet equivalent data protection standards.

Data Retention and Deletion

LEXA will:

  • Retain personal data only while necessary for service provision
  • Delete or anonymize data upon Client request or service termination
  • Comply with legal data retention requirements

Regulatory Compliance

This Agreement ensures compliance with:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Southeast Asian data protection regulations

Termination and Data Handling

Upon termination of services, LEXA will:

  • Cease data processing activities
  • Delete or return personal data to the Client
  • Provide confirmation of data deletion

Contact Information

If you have any questions or concerns about our Data Processing Agreement or data processing inquiries, please contact us at:

PT Inovasi Kolektif Digital
Address: SIM Square, Semarang, ID 50134
Email: lexa@lazuardy.tech