Data Processing Agreement (DPA)
Data Processing Agreement (DPA) for THEJOINTZ.COM
1. Introduction
This Data Processing Agreement (“DPA”) forms part of the Contract between THEJOINTZ.COM (“Data Controller”) and [Third-Party Service Provider] (“Data Processor”) to reflect the parties’ agreement with regard to the Processing of Personal Data in compliance with the requirements of Data Protection Laws and Regulations.
2. Definitions
- “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Processing”, and “Data Protection Laws” shall have the same meaning as in the GDPR.
- “GDPR” means the General Data Protection Regulation.
3. Processing of Personal Data
3.1 Roles and Regulatory Compliance
The Data Controller appoints the Data Processor to process the Personal Data. The Data Processor agrees to comply with any and all applicable Data Protection Laws in the Processing of Personal Data.
3.2 Purpose Limitation
The Data Processor shall only Process Personal Data on behalf of and in accordance with the Data Controller’s instructions and for the purposes described in the Contract or as otherwise agreed within the scope of the Data Controller’s legitimate instructions.
4. Data Processor Obligations
4.1 Security
The Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the Processing.
4.2 Confidentiality
The Data Processor shall ensure that any personnel involved in the Processing of Personal Data are subject to confidentiality obligations.
4.3 Data Subject Rights
The Data Processor shall assist the Data Controller in responding to requests from Data Subjects under Data Protection Laws.
5. Data Breach
5.1 Breach Notification
The Data Processor shall notify the Data Controller without undue delay after becoming aware of a Personal Data Breach.
5.2 Assistance
The Data Processor shall assist the Data Controller in any required data breach notifications and investigations.
6. Subprocessing
6.1 Consent
The Data Processor shall not engage another processor without prior specific or general written authorization from the Data Controller.
7. Audit Rights
The Data Controller shall have the right to conduct audits to ensure compliance with this DPA.
8. Termination
Upon termination of the Contract, the Data Processor shall, at the choice of the Data Controller, delete or return all the Personal Data to the Data Controller and delete existing copies unless required to retain the data by law.
9. Jurisdiction
This DPA shall be governed by and construed in accordance with the laws of California, USA.
10. Modification
The parties may modify this DPA by mutual agreement in writing.
11. Contact Information
For inquiries related to this DPA, please contact support@thejointz.com.