1. Purpose
This policy establishes privacy obligations for third-party vendors that access, process, or store Speak AI Inc.'s data. It ensures compliance with applicable privacy laws and regulatory requirements while protecting sensitive information from unauthorized use or disclosure.
2. Scope
This policy applies to all third-party vendors, contractors, and service providers engaged by Speak AI Inc. that have access to personal, confidential, or proprietary data.
3. Privacy Obligations
3.1 Data Use & Limitation
Third parties may only use Speak AI Inc.'s data for the specific purpose defined in their contractual agreements.
Any secondary use, processing, or transfer of data must receive prior written approval from Speak AI Inc.
Vendors must implement industry-standard security measures to prevent unauthorized data access, processing, or sharing.
3.2 Data Retention & Disposal
Third parties must securely store data only for the duration necessary to fulfill contractual obligations.
Upon contract termination or request, vendors must securely delete all data in accordance with Speak AI Inc.'s Records Retention Policy.
All data disposal processes must comply with industry standards and regulatory requirements.
3.3 Data Disclosure & Sharing
Third parties must not disclose Speak AI Inc.’s data to any unauthorized entity.
If required by law, disclosure of data must be preceded by notifying Speak AI Inc. in writing unless legally prohibited.
Vendors must ensure that any subcontractors handling Speak AI Inc.'s data comply with equivalent privacy and security requirements.
3.4 Compliance with Privacy Laws
Third parties must adhere to applicable data protection regulations, including GDPR, CCPA, and other relevant privacy laws.
Vendors must support Speak AI Inc. in responding to data subject rights requests, including access, correction, and deletion of personal data.
Any security incidents or data breaches must be reported to Speak AI Inc. within 24 hours of detection.
4. Security Controls
Vendors must implement encryption for data in transit and at rest as per Speak AI Inc.'s Encryption Policy.
Multi-factor authentication (MFA) must be enforced for accessing sensitive data.
Vendors must conduct periodic audits to ensure compliance with security and privacy policies.
5. Compliance & Enforcement
Speak AI Inc. reserves the right to audit third-party vendors for compliance with this policy.
Non-compliance may result in contract termination, legal action, or other remedial measures.
Vendors must provide documentation upon request to demonstrate compliance with privacy and security obligations.
6. References & Supporting Documents
Speak AI Privacy Policy: https://speakai.co/privacy-policy/
Speak AI Encryption Policy: https://help.speakai.co/en/articles/9367850-encryption-policy
Speak AI Records Retention Policy: https://help.speakai.co/en/articles/10504174-records-retention-policy
7. Contact Information For inquiries regarding third-party data privacy obligations, contact [email protected].
This policy is subject to periodic review and updates to align with evolving regulatory and security requirements.