Data Processing Agreement
GDPR-compliant Data Processing Agreement for enterprise customers.
Effective Date: January 1, 2025 | Version 2.0
Overview
This Data Processing Agreement ("DPA") forms part of our Terms of Service and applies when we process Personal Data on behalf of our customers. This DPA has been designed to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
Key Features
GDPR Compliance
Fully compliant with GDPR Article 28 requirements for data processing agreements.
International Transfers
Standard Contractual Clauses (SCCs) for international data transfers included.
Subprocessor Management
Comprehensive list of subprocessors with notification of any changes.
Security Measures
Detailed technical and organizational security measures documented.
DPA Terms
1. Definitions
This DPA uses the definitions set out in the GDPR. "Controller," "Processor," "Data Subject," "Personal Data," and "Processing" have the meanings given in the GDPR.
2. Scope and Responsibilities
Customer acts as the Controller and we act as the Processor. We will process Personal Data only on documented instructions from the Customer and for the purposes specified in our Terms of Service.
3. Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security audits.
4. Subprocessors
Customer authorizes the use of subprocessors listed in our Subprocessor Policy. We will provide 30 days' notice before adding or replacing any subprocessor.
5. Data Subject Rights
We will assist Customer in responding to Data Subject requests and provide necessary information to demonstrate compliance with GDPR obligations.
6. Data Breach Notification
We will notify Customer without undue delay upon becoming aware of a Personal Data breach affecting Customer's data.
7. Data Deletion
Upon termination, we will delete or return all Personal Data to Customer within 30 days, unless required by law to retain it.
8. Audits and Compliance
We undergo regular SOC 2 Type II audits. Customer may request audit reports and conduct audits subject to reasonable notice and confidentiality obligations.
Standard Contractual Clauses
We have implemented the following Standard Contractual Clauses for international data transfers:
- EU Standard Contractual Clauses (2021)
- UK International Data Transfer Agreement
- Swiss-US Privacy Framework
How to Execute the DPA
Enterprise customers can execute this DPA in one of the following ways:
1. Online Execution: Sign the DPA electronically through your account dashboard (Enterprise plan required).
2. Download & Sign: Download the DPA PDF, sign it, and return it to legal@example.com.
3. Custom Agreement: For specific requirements, contact our legal team to discuss a custom DPA.
Related Documents
Privacy Policy
How we handle your personal data
Subprocessors
List of third-party processors
Security
Our security measures
Questions About the DPA?
Our legal and compliance team is available to answer your questions.