Data Processing Agreement (DPA) for THEJOINTZ.COM

1. Introduction

This Data Processing Agreement (“DPA”) forms part of the Contract between THEJOINTZ.COM (“Data Controller”) and [Third-Party Service Provider] (“Data Processor”) to reflect the parties’ agreement with regard to the Processing of Personal Data in compliance with the requirements of Data Protection Laws and Regulations.

2. Definitions

• “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Processing”, and “Data Protection Laws” shall have the same meaning as in the GDPR.
• “GDPR” means the General Data Protection Regulation.

3. Processing of Personal Data

3.1 Roles and Regulatory Compliance

The Data Controller appoints the Data Processor to process the Personal Data. The Data Processor agrees to comply with any and all applicable Data Protection Laws in the Processing of Personal Data.

3.2 Purpose Limitation

The Data Processor shall only Process Personal Data on behalf of and in accordance with the Data Controller’s instructions and for the purposes described in the Contract or as otherwise agreed within the scope of the Data Controller’s legitimate instructions.

4. Data Processor Obligations

4.1 Security

The Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the Processing.

4.2 Confidentiality

The Data Processor shall ensure that any personnel involved in the Processing of Personal Data are subject to confidentiality obligations.

4.3 Data Subject Rights

The Data Processor shall assist the Data Controller in responding to requests from Data Subjects under Data Protection Laws.

5. Data Breach

5.1 Breach Notification

The Data Processor shall notify the Data Controller without undue delay after becoming aware of a Personal Data Breach.

5.2 Assistance

The Data Processor shall assist the Data Controller in any required data breach notifications and investigations.

6. Subprocessing

6.1 Consent

The Data Processor shall not engage another processor without prior specific or general written authorization from the Data Controller.

7. Audit Rights

The Data Controller shall have the right to conduct audits to ensure compliance with this DPA.

8. Termination

Upon termination of the Contract, the Data Processor shall, at the choice of the Data Controller, delete or return all the Personal Data to the Data Controller and delete existing copies unless required to retain the data by law.

9. Jurisdiction

This DPA shall be governed by and construed in accordance with the laws of California, USA.

10. Modification

The parties may modify this DPA by mutual agreement in writing.

11. Contact Information

For inquiries related to this DPA, please contact support@thejointz.com.