Data processing agreement
This Data Processing Agreement (DPA) complies with the EU's General Data Protection Regulation (GDPR). It forms part of the contract between the data controller and the data processor, and it lays out the responsibilities and obligations of the data processor.
Understanding the terms
The data controller ("Controller") refers to the entity determining the purpose and means of processing personal data.
The data processor ("Processor") refers to the entity processing personal data on behalf of the Controller.
Roles and responsibilities
The Processor shall process the personal data only on documented instructions from the Controller, including transferring data outside of the EU, unless legally required to do so.
The Processor agrees to:
- Ensure that individuals processing the data are committed to confidentiality
- Implement appropriate security measures
- Assist with data subject's rights
- Assist the Controller in ensuring compliance with the GDPR
- Delete or return all personal data after the end of the services
Data breach
In the event of a data breach, the Processor shall notify the Controller without undue delay upon becoming aware of the breach.
Sub-processing
The Processor should not engage with another Processor without prior specific consent of the Controller.
Termination of contract
Upon termination of the contract, the Processor agrees to delete all personal data unless legal requirements dictate otherwise.