1. Definitions
For the purposes of this DPA: Personal DataAny information relating to an identified or identifiable natural person. Processing
Any operation performed on personal data, including collection, storage, use, disclosure, or deletion. Controller
The entity that determines the purposes and means of processing personal data. Processor
The entity that processes personal data on behalf of the Controller. Data Subject
An identified or identifiable individual whose personal data is processed.
2. Scope of Processing
This DPA applies when the Customer uploads, stores, or processes personal data using the Service. The Company acts as a Data Processor and processes personal data solely on behalf of the Customer. The Customer acts as the Data Controller.3. Processing Instructions
The Processor shall process personal data only:- in accordance with the Customer’s documented instructions
- as necessary to provide the Service
- as required by applicable law
4. Categories of Data Subjects
Personal data processed under this DPA may include:- users of the Customer’s services
- employees or contractors
- customers or clients
- other individuals whose data is submitted to the Service
5. Types of Personal Data
Depending on how the Service is used, personal data may include:- names
- email addresses
- user identifiers
- communication content
- IP addresses
- metadata and usage information
6. Security Measures
The Processor implements appropriate technical and organizational measures to protect personal data. These measures may include:- encryption in transit
- access control systems
- monitoring and logging
- infrastructure security practices
- vulnerability management
- unauthorized access
- accidental loss
- alteration
- disclosure of personal data
7. Confidentiality
The Processor ensures that personnel authorized to process personal data:- are bound by confidentiality obligations
- receive appropriate data protection training
8. Subprocessors
The Processor may engage third-party subprocessors to operate the Service. Subprocessors may provide services such as:- cloud hosting
- infrastructure
- monitoring
- analytics
- email delivery
9. International Data Transfers
Personal data may be transferred to countries outside the European Economic Area (EEA). When such transfers occur, the Processor ensures appropriate safeguards, such as:- Standard Contractual Clauses (SCCs)
- adequacy decisions by the European Commission
- other legally approved mechanisms
10. Data Subject Rights
The Processor shall assist the Controller in fulfilling data subject requests, including:- access requests
- correction requests
- deletion requests
- data portability requests
- restriction or objection requests
11. Data Breach Notification
In the event of a personal data breach, the Processor shall:- notify the Controller without undue delay
- provide relevant information about the breach
- cooperate in investigating and mitigating the breach
12. Data Retention and Deletion
Upon termination of the Service or upon Customer request, the Processor shall:- delete personal data
- or return personal data to the Customer
13. Audits
The Controller may request reasonable information to verify the Processor’s compliance with this DPA. Such requests must:- be reasonable in scope
- not compromise the security of other customers
- occur with reasonable notice