Data Processing Agreement

Responsibilities:

1. Data Processor: The entity processing data on behalf of the Data Controller.
2. Data Controller: The entity responsible for the data being processed.

Software & Security:

• The Data Processor’s software is covered by a separate license agreement.
• Data security within the Data Controller’s environment is the Controller’s responsibility.

Customer Responsibility:

• The Data Controller (customer) is responsible for ensuring that any data inputted into the service is compliant with all applicable laws and regulations.

Information Exchange:

• The Data Processor must inform the Data Controller of any data breaches or if any action violates GDPR or other applicable laws.

Fees:

• The Data Processor can request additional fees for special compliance requirements like external audits.

Sub-Processors:

• Data is processed using Microsoft SaaS, PaaS and IaaS.
  • Any other sub-processors must be approved by the Data Controller.

Compliance & Audits:

• The Data Processor must allow for audits by the Data Controller or relevant authorities.

Term and Termination:

• The agreement stands if the Data Processor is handling data, even if the main contract has expired.
• Upon termination, all personal data must either be returned to the Data Controller or deleted, unless legally required to be stored.

Other Provisions:

• The Data Processor is bound to fulfill the agreement even if circumstances make it more difficult.
• Changes can be made to the agreement to stay compliant with applicable laws.

Severability:

• If any term is unenforceable, the rest of the agreement remains in effect.