Data Processing Agreement
Data Processing Agreement (DPA)
This Data Processing Agreement ("DPA") is entered into as of [Effective Date] by and between Addteq, Inc., located at [Company Address], ("Data Processor") and [Customer/Client Name] with a principal place of business at [Customer Address] ("Data Controller"). Collectively, the "Parties" agree as follows:
1. Definitions
1.1 "Applicable Data Protection Law" means any applicable law relating to the processing, privacy, and use of Personal Data including, where applicable, the EU General Data Protection Regulation (GDPR) and any national laws, regulations, and secondary legislation implementing or supplementing the GDPR.
1.2 "Personal Data" means any information relating to an identified or identifiable natural person processed by the Data Processor on behalf of the Data Controller under the Agreement.
1.3 "Services" means the services provided by Addteq, including but not limited to the use of the Excellentable software product.
1.4 "Sub-Processor" means any third party engaged by the Data Processor who agrees to receive from the Data Processor any Personal Data for processing activities to be carried out on behalf of the Data Controller.
2. Scope and Application
2.1 This DPA applies to the processing of Personal Data by Addteq while providing the Excellentable software and related services as agreed to in the [Main Service Agreement/Terms of Service].
2.2 The Data Controller instructs and authorizes the Data Processor to process Personal Data solely for the purposes defined in the Agreement.
3. Data Processing Roles and Activities
3.1 Data Processor’s Obligations: The Data Processor shall:
Process Personal Data only in accordance with the Data Controller’s documented instructions.
Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.
3.2 Data Controller’s Obligations: The Data Controller shall:
Ensure that it has the necessary rights and consents to process and transfer Personal Data to the Data Processor.
Provide documented instructions for the Data Processor to process Personal Data.
4. Sub-Processors
4.1 The Data Processor shall not engage any Sub-Processor without the prior written consent of the Data Controller.
4.2 When engaging a Sub-Processor, the Data Processor will:
Ensure that the Sub-Processor is bound by data protection obligations no less protective than those contained in this DPA.
Remain liable to the Data Controller for the performance of the Sub-Processor’s obligations.
5. Data Subject Rights
5.1 The Data Processor shall, to the extent legally permitted, promptly notify the Data Controller if it receives a request from a data subject to exercise their rights under the Applicable Data Protection Law.
5.2 The Data Processor shall assist the Data Controller in responding to such requests to the extent possible.
6. Security and Incident Response
6.1 The Data Processor shall implement and maintain appropriate technical and organizational security measures.
6.2 In the event of a personal data breach, the Data Processor shall notify the Data Controller without undue delay upon becoming aware of the breach.
7. Data Transfers
7.1 The Data Processor shall only transfer Personal Data outside of the [European Economic Area (EEA)] with adequate safeguards in accordance with Applicable Data Protection Law.
8. Audit Rights
8.1 The Data Controller shall have the right to audit the Data Processor’s compliance with this DPA, subject to reasonable terms.
9. Term and Termination
9.1 This DPA shall continue for as long as the Data Processor processes Personal Data under the Agreement.
9.2 Upon termination, the Data Processor shall, at the choice of the Data Controller, return or delete all Personal Data in its possession unless otherwise required by law.
10. Miscellaneous
10.1 In the event of any conflict between this DPA and other agreements between the Parties, the terms of this DPA shall prevail with regard to the processing of Personal Data.
10.2 This DPA shall be governed by and construed in accordance with the laws of [Applicable Jurisdiction].
IN WITNESS WHEREOF, the Parties have executed this Data Processing Agreement as of the Effective Date.
Addteq, Inc. (Data Processor)
Signature: ________________________
Name: ___________________________
Title: ____________________________
Date: ____________________________
[Customer Name] (Data Controller)
Signature: ________________________
Name: ___________________________
Title: ____________________________
Date: ____________________________