BeyondBrain Incorp. Subprocessors Policy

1. What Are Subprocessors?

A Subprocessor is a third-party entity that BeyondBrain Incorp. ("the Processor") engages to process personal data on behalf of the hotel operator ("the Controller") as part of delivering the FifthKeys platform and related services. Examples include cloud hosting providers, data analytics tools, or AI technology partners that support the platform's functionality, maintenance, or enhancement.

2. Transparency and Consent

BeyondBrain Incorp. prioritizes transparency in its use of Subprocessors. Here's how we handle this:

• Notification: We provide the Controller with a list of current Subprocessors upon request and notify them in writing of any planned additions or changes to this list.
• Objection Period: The Controller has 14 days from the notification date to object to a new or replaced Subprocessor. If an objection is raised, we'll collaborate to resolve the issue or allow the Controller to terminate the agreement per the DPA's termination clause.
• Availability: An updated Subprocessor list is always accessible to the Controller upon request.

3. Security and Compliance

We ensure all Subprocessors adhere to the same data protection standards as outlined in our DPA. Our approach includes:

• Due Diligence: Before engaging a Subprocessor, we assess their security practices, certifications (e.g., ISO 27001, SOC 2), and compliance with relevant data protection laws.
• Contractual Safeguards: Each Subprocessor signs a written agreement mirroring the DPA's obligations, including:
  • Processing data only as instructed by BeyondBrain Incorp.
  • Implementing robust technical and organizational security measures.
  • Supporting data subject requests and breach notifications.
  • Deleting or returning data upon agreement termination.
• Monitoring: We conduct regular reviews and audits to confirm ongoing compliance.

4. Liability

BeyondBrain Incorp. remains fully accountable for its Subprocessors' actions or failures. If a Subprocessor causes a breach or non-compliance, we will act swiftly to correct the issue and work with the Controller to minimize any impact.

5. Current Subprocessors

Below is a sample list of Subprocessors currently supporting the FifthKeys platform. This list may evolve, with changes communicated per Section 2.

The Controller will be informed of updates to this list as outlined in Section 2.

6. International Data Transfers

For Subprocessors outside the European Economic Area (EEA) or Japan, we ensure proper safeguards, such as:

• Standard Contractual Clauses (SCCs): Used for transfers outside the EEA, as approved by the European Commission.
• Adequacy Decisions: Transfers only occur to jurisdictions recognized as offering adequate protection by the EU or Japanese authorities.

No transfers to non-adequate jurisdictions happen without the Controller's prior written consent.

7. Controller's Rights

The Controller can:

• Request Details: Access information about Subprocessors' activities, security, and compliance.
• Audit: Include Subprocessors in audits of BeyondBrain Incorp.'s data processing, per the DPA.
• Object: Challenge the use of specific Subprocessors within the 14-day period.

8. Changes to Subprocessors

We may update Subprocessors to enhance our services, but we'll always notify the Controller in advance, respecting the objection process. If no resolution is found after an objection, the Controller may terminate the agreement.

9. Contact Us

For questions about Subprocessors, reach out to: