Data Processing Agreement Sample
Sure, here's a sample Data Processing Agreement (DPA) template:
DATA PROCESSING AGREEMENT
This Data Processing Agreement ("Agreement") is entered into as of [Date] ("Effective Date"), by and between:
[Controller Name], a company registered in [Country], with its principal place of business at [Address] ("Controller"),
and
[Processor Name], a company registered in [Country], with its principal place of business at [Address] ("Processor").
1. Definitions
1.1 "Data Protection Laws" means all applicable laws and regulations relating to the processing of personal data and privacy, including but not limited to [relevant laws, e.g., GDPR, CCPA].
1.2 "Personal Data" means any information relating to an identified or identifiable natural person.
1.3 "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means.
2. Subject Matter
2.1 This Agreement governs the Processing of Personal Data by the Processor on behalf of the Controller in accordance with the terms and conditions set out herein.
3. Duration
3.1 This Agreement shall commence on the Effective Date and continue until [end date] or until terminated in accordance with Section 10 of this Agreement.
4. Obligations of the Controller
4.1 The Controller shall ensure that it has the necessary rights and consents for the Processing of Personal Data by the Processor.
4.2 The Controller shall provide clear instructions to the Processor regarding the Processing of Personal Data.
5. Obligations of the Processor
5.1 The Processor shall only process Personal Data on behalf of the Controller and in compliance with the Controller's documented instructions.
5.2 The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
6. Sub-processing
6.1 The Processor shall not engage another processor without the prior written authorization of the Controller.
6.2 In the event of engaging a sub-processor, the Processor shall ensure that the sub-processor is bound by obligations no less protective than those set out in this Agreement.
7. Data Subject Rights
7.1 The Processor shall assist the Controller in fulfilling its obligation to respond to requests by data subjects to exercise their rights under Data Protection Laws.
8. Data Breach
8.1 The Processor shall notify the Controller without undue delay upon becoming aware of a Personal Data Breach.
8.2 The Processor shall cooperate with the Controller to investigate and mitigate the effects of any such breach.
9. Audit Rights
9.1 The Controller shall have the right to audit the Processor's compliance with this Agreement and applicable Data Protection Laws.
9.2 The Processor shall provide all necessary information to demonstrate compliance and allow for audits and inspections.
10. Termination
10.1 Either party may terminate this Agreement upon [number] days' written notice if the other party is in material breach of this Agreement.
10.2 Upon termination, the Processor shall, at the Controller's choice, return or delete all Personal Data.
11. Governing Law and Jurisdiction
11.1 This Agreement shall be governed by and construed in accordance with the laws of [Country].
11.2 The parties agree to submit to the exclusive jurisdiction of the courts of [City, Country].
IN WITNESS WHEREOF, the parties hereto have executed this Data Processing Agreement as of the Effective Date.
[Controller Name]
Authorized Signature
Name:
Title:
[Processor Name]
Authorized Signature
Name:
Title:
Note: This is a template and should be customized to fit specific legal requirements and the nature of the relationship between the Controller and Processor. Always consult with a legal professional when drafting legal documents.