Data Processing Agreement

Last Updated: 12/07/2024

This Data Processing Agreement (“DPA”) is designed to help you understand how we process personal data on your behalf, in compliance with applicable data protection laws. By accessing or using our services, you consent to the practices described in this agreement.

Scope and Roles

  • The Processor will process personal data on behalf of the Controller as described in the agreement.
  • The Controller determines the purposes and means of the processing of personal data.

Processing of Personal Data

  • Subject Matter and Duration: The subject matter and duration of the processing are outlined in the agreement.
  • Nature and Purpose: The nature and purpose of the processing are to provide the agreed services.
  • Type of Personal Data: Personal data includes, but is not limited to, names, email addresses, billing information, and IP addresses.
  • Categories of Data Subjects: Data subjects include the Controller’s customers, employees, and other end users.

Processor’s Obligations

  • Compliance: The Processor will comply with all applicable data protection laws.
  • Confidentiality: The Processor ensures that persons authorized to process personal data have committed to confidentiality.
  • Security Measures: The Processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Sub-processors: The Processor may engage sub-processors with the prior consent of the Controller. The Processor will ensure sub-processors are bound by data protection obligations similar to those in this DPA.

Data Subject Rights

The Processor will assist the Controller in responding to requests from data subjects exercising their rights under data protection laws, including access, rectification, erasure, restriction, and data portability.

Data Breach Notification

The Processor will notify the Controller without undue delay after becoming aware of a personal data breach.

Return or Deletion of Data

Upon termination of the agreement, the Processor will, at the choice of the Controller, return or delete all personal data, unless otherwise required by law.

Audits

The Processor will make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

International Data Transfers

The Processor will not transfer personal data outside the European Economic Area (EEA) unless it ensures that such transfers comply with applicable data protection laws and appropriate safeguards are in place.

Liability

The Processor’s liability towards the Controller for breaches of this DPA is limited to the same extent as the Processor’s liability under the main agreement, except where mandatory laws require otherwise.

Governing Law

This DPA is governed by the laws of the United Kingdom, and any disputes will be subject to the jurisdiction of the courts of the United Kingdom.

Contact Us

If you have any questions about this Data Processing Agreement (DPA), please contact us at info@digitium.co.uk.