THE UNDERSIGNED:

[Name of Controller], having its registered office at [address], [city], registered with the Dutch Chamber of Commerce under number [KvK-number], duly represented by [name and position], hereinafter referred to as the "Controller";

and

Pamela AI Holding B.V., having its registered office at Concertgebouwplein 15, 1071 LL in Amsterdam, The Netherlands, duly represented by its managing director, Samuel Ehren, hereinafter referred to as the "Processor";

Hereinafter collectively referred to as the "Parties" and individually as a "Party".

WHEREAS:

(a) Processor provides services to the Controller under a Main Agreement, of which this Data Processing Agreement forms a part; (b) These services involve the processing of personal data, including health data (Article 9 GDPR); (c) Processor shall only process such data on behalf of the Controller and not for its own purposes; (d) The processing falls within the scope of the General Data Protection Regulation (GDPR); (e) The Parties wish to lay down their arrangements regarding the processing of personal data in this Agreement; (f) If applicable, this Agreement replaces any previous data processing agreements between the Parties.

Article 1. Definitions

The definitions used in this Agreement shall have the same meaning as set forth in Article 4 of the GDPR.

Article 2. Subject of the Agreement

This Agreement governs the processing of personal data by the Processor on behalf of the Controller in the performance of the Main Agreement.

The following annexes form an integral part of this Agreement:

Annex 1: Description of the Processing

Annex 2: Security Measures

Annex 3: Contact Details

In the event of conflict between this Agreement and the Main Agreement, the provisions of this Agreement shall prevail.

Article 3. Obligations of the Processor

Processor shall only process personal data to the extent that:

it is necessary for the performance of the Main Agreement as described in Annex 1; or

Controller has provided further written instructions, as set out in Annex 1.

Processor shall comply with all reasonable instructions issued by Controller regarding the processing of personal data. Processor shall inform the Controller immediately if it believes that an instruction infringes applicable data protection law.

Processor may process personal data pursuant to a legal obligation. Where possible, the Processor shall inform the Controller of the legal requirement prior to processing unless prohibited by law. The Processor shall enable the Controller to object where applicable.

Processor guarantees proper, careful, and lawful processing of the personal data in accordance with the GDPR and other applicable laws.

Processor shall ensure its employees are bound by confidentiality obligations. All personnel with access to personal data undergo background screening, including VOG (Certificate of Good Conduct) verification.

Processor acknowledges that data processed via Pamela will contain health data (Article 9 GDPR) as part of clinical consultations. Processor processes such data under appropriate technical and organizational safeguards as described in Annex 2.

Pamela is a documentation assistant, not a medical device. Processor shall not be liable for clinical decisions made based on software-generated outputs. All outputs must be reviewed by a qualified healthcare professional before use.

Article 4. Use of Sub-processors

Processor may use sub-processors as specified in Annex 1 without further consent.

Any changes to sub-processors will be notified to the Controller in advance. Controller may object within 14 days. Parties will cooperate in good faith to resolve any objections.

Sub-processors are bound by the same obligations as set forth in this Agreement.

Processor remains fully liable for actions of sub-processors.

All sub-processors hold appropriate security certifications such as ISO 27001 and/or SOC 2. Pamela is ISO 27001 and NEN 7510 compliant, currently in the process of getting certified. An up-to-date list of sub-processors is available upon request.

Article 5. Security

Processor shall implement appropriate technical and organisational measures in accordance with Article 32 GDPR, as further described in Annex 2.

While Processor cannot guarantee absolute security, it shall maintain a level of security appropriate to the risk and data sensitivity, with particular regard to the healthcare nature of the data processed.

Article 6. Breach Notification

Processor shall notify the Controller of any data breach within 48 hours, including the nature, scope, consequences, affected individuals and data categories, and remedial measures taken.

Processor shall take reasonable steps to contain and prevent future incidents.

Article 7. Rights of Data Subjects

Processor shall assist the Controller in fulfilling its obligations regarding data subject rights (Articles 15–22 GDPR).

If Processor receives a request directly, it shall forward it to the Controller. Processor may inform the data subject of this redirection.

Article 8. Audit

Controller may audit Processor's compliance with this Agreement once annually, or more frequently in case of substantiated suspicion of misuse.

If an independent audit was recently conducted, a copy of the relevant report may suffice.

Parties will agree in advance on the scope and timing of the audit. Processor shall cooperate fully and provide access to relevant systems and documentation.

Findings will be discussed with Processor and are confidential.

If breaches or non-compliance are found, audit costs shall be borne by Processor. Otherwise, costs shall be borne by the Controller.

Article 9. Liability

Any liability limitations in the Main Agreement also apply to this Agreement.

Processor shall not be liable for damages arising from clinical decisions made based on software-generated outputs (e.g., transcripts, enhanced clinical notes), nor for the nature or sensitivity of data processed through clinical consultations.

Article 10. Duration and Termination

This Agreement enters into force on the date of signing and shall remain in force as long as the Main Agreement is valid.

Termination of the Main Agreement shall automatically terminate this Agreement, unless otherwise agreed.

Obligations which by nature survive termination (e.g., confidentiality, liability, security) shall remain in force.

Upon termination, Processor shall, at Controller's discretion, return or securely delete all personal data and any copies.

Article 11. Miscellaneous

In case of conflict, the terms of this Agreement take precedence over the Main Agreement.

If any provision is declared void, the remainder shall remain in force.

This Agreement is governed by Dutch law. Disputes shall be submitted to the competent court as specified in the Main Agreement.

Annex 1 – Description of the Processing

Purpose: AI-powered clinical documentation services, including ambient listening, transcription, and note enhancement for healthcare professionals via the Pamela platform.

Personal data: audio recordings, transcripts, AI-enhanced clinical notes, clinician identification data, pseudonymized patient identifiers, consultation metadata.

Data subjects: healthcare professionals (clinicians) using the service, and patients whose consultations are processed through the service.

Special categories: health data (Article 9 GDPR) as part of clinical consultations.

Legal basis: performance of a contract; where applicable, explicit consent or compliance with a legal obligation.

Sub-processors:

AWS (EU regions) — hosting and infrastructure (GDPR, ISO/IEC 27001, SOC 1, SOC 2, SOC 3, BSI C5)

AWS Bedrock — AI model hosting and inference (same certifications as AWS)

Anthropic (Claude) — AI-powered note enhancement, accessed via AWS Bedrock (SOC 2 Type II)

Deepgram — transcription (ISO 27001, SOC 2 Type II)

AssemblyAI — transcription (SOC 2 Type II)

ElevenLabs — voice processing (SOC 2 Type II)

Proprietary models — Pamela's own models for audio processing and voice

Additional sub-processors may be engaged from time to time. An up-to-date list is available upon request.

International transfers: only where covered by adequacy decision or Standard Contractual Clauses (SCCs).

Audio retention: audio recordings are stored securely and encrypted on EU-based infrastructure with strict access controls.

Deletion: automated after retention period or upon request via privacy@trypamela.ai.

Annex 2 – Security Measures

Pamela is ISO 27001 and NEN 7510 compliant, currently in the process of getting certified. Security measures include:

Encryption at rest (AES-256) and in transit (TLS)

Role-based access control and full audit logging

Hosting exclusively in EU-based AWS data centers

Background screening for all personnel with data access, including VOG (Certificate of Good Conduct) verification

Monitoring, backup, and incident response protocols

Quarterly access reviews and annual comprehensive security audits

Confidentiality obligations for all staff and contractors

Security awareness training for all personnel

A TPM or internal security documentation is available upon request.