top of page

Data Processing Agreement (DPA)

Effective Date: March 13, 2026

Parties

This Data Processing Agreement ("Agreement") is entered into by and between:

Controller: The customer, individual or organization, who subscribes to and uses the IICS platform (“Customer”)


Processor: Insurance Innovation Consulting Services, LLC (“IICS”, “we”, “our”, or “us”)

This Agreement forms part of the Terms of Use and governs the processing of Personal Data by IICS on behalf of the Customer in connection with the use of the platform and related services.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person

  • Processing: Any operation or set of operations performed on Personal Data, such as collection, use, storage, or deletion

  • Data Subject: The individual whose data is processed

  • Controller: The party that determines the purposes and means of processing Personal Data

  • Processor: The party that processes data on behalf of the Controller

  • Sub-Processor: Any third party engaged by IICS to process data on behalf of the Customer

  • Applicable Law: All applicable data protection and privacy laws, including GDPR (EU) 2016/679

2. Scope and Purpose

IICS agrees to process Personal Data solely to provide the services described in the Terms of Use, including subscription access, coaching delivery, platform support, billing, and performance tracking.

We do not process Personal Data for any other purpose, including marketing, resale, or profiling, unless explicitly authorized in writing by the Customer.

3. Customer Obligations

The Customer, as the Data Controller, represents and warrants that:

  • They have obtained all necessary rights, consents, and legal bases to provide Personal Data to IICS

  • They are responsible for the accuracy, quality, and legality of the data they submit

  • They will not upload or process any sensitive data, such as health, biometric, or children’s data, without prior written agreement with IICS

4. IICS Responsibilities

As a Data Processor, IICS agrees to:

  • Process Personal Data only on documented instructions from the Customer

  • Implement appropriate technical and organizational measures to protect the data

  • Ensure staff are bound by confidentiality

  • Promptly notify the Customer in the event of a data breach

  • Assist the Customer in fulfilling data subject rights, such as access, deletion, and correction

  • Make available all necessary documentation to demonstrate compliance

5. Sub-Processors

IICS may use trusted third-party service providers to support service delivery, such as payment processors, video hosting, and analytics tools. A list of current sub-processors is available upon request. IICS ensures that all sub-processors are subject to written agreements containing data protection obligations no less protective than those in this Agreement.

The Customer authorizes the use of such sub-processors, subject to IICS notifying the Customer of any intended changes and allowing for reasonable objection.

6. International Transfers

Personal Data may be transferred to and processed in the United States or other jurisdictions outside of the EEA. IICS will ensure that such transfers are conducted in compliance with applicable data transfer mechanisms, including Standard Contractual Clauses where required.

7. Security

IICS implements and maintains reasonable and appropriate technical and organizational safeguards, including:

  • Data encryption in transit and at rest

  • Role-based access control

  • Secure user authentication

  • Regular system monitoring and audit logging

  • Incident response protocols

8. Data Subject Requests

IICS shall assist the Customer, to the extent reasonably possible, in responding to any requests from data subjects, including requests to access, rectify, or delete their Personal Data. IICS will not respond directly to such requests unless instructed in writing by the Customer.

9. Data Retention and Deletion

Upon termination of the Customer’s account, IICS will retain Personal Data only as required by law or contractual necessity. After that period, data will be securely deleted. Upon written request, IICS will delete Customer data in accordance with documented procedures.

10. Audits and Inspections

Upon reasonable notice, IICS shall provide the Customer with all information necessary to demonstrate compliance with this Agreement and allow for audits or inspections by the Customer or an appointed auditor, provided such activity does not unreasonably disrupt platform operations.

11. Liability

Liability for any breach of this DPA will be subject to the limitations of liability set forth in the main Terms of Use, unless otherwise required by applicable law.

12. Governing Law and Jurisdiction

This Agreement is governed by and construed in accordance with the laws of the State of [Insert State] and any applicable federal laws of the United States, unless otherwise required by applicable data protection laws.

13. Term and Termination

This DPA remains in effect for as long as IICS processes Personal Data on behalf of the Customer or until the termination of the Terms of Use. Termination of this DPA does not relieve either party of its obligations under applicable law.

bottom of page