Legal Hub >> Data Processing Agreement

Data Processing Agreement

Last Updated: 5th December 2024

This Data Processing Agreement (“DPA”) forms part of the Terms of Service or other written or electronic agreement between Postwiser (“Controller”) and the user or customer (“Processor”) who uses our services and involves the processing of personal data. This DPA ensures compliance with data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Definitions

For the purposes of this DPA:

  • “Controller” means the entity that determines the purposes and means of processing personal data.
  • “Processor” means the entity that processes personal data on behalf of the Controller.
  • “Personal Data” means any information relating to an identified or identifiable natural person as defined by applicable data protection laws.
  • “Processing” means any operation or set of operations performed on personal data, including collection, storage, use, disclosure, or deletion.
  • “Sub-Processor” means any third party engaged by the Processor to process personal data on behalf of the Controller.

2. Roles and Responsibilities

2.1 Controller’s Obligations

  • Ensure that the processing of personal data complies with applicable data protection laws.
  • Provide the Processor with clear, documented instructions for processing personal data.

2.2 Processor’s Obligations

  • Process personal data only on the Controller’s documented instructions.
  • Implement appropriate technical and organizational measures to ensure data security.
  • Notify the Controller promptly if it cannot comply with instructions or applicable laws.

3. Nature and Purpose of Processing

The Processor will process personal data for the following purposes:

  • To provide services as outlined in the Terms of Service.
  • To comply with legal and regulatory requirements.

The types of personal data and categories of data subjects processed under this agreement will be specified in an appendix or as part of the main service agreement.

4. Sub-Processors

The Processor may engage Sub-Processors to assist in the processing of personal data. The Processor will:

  • Ensure Sub-Processors comply with the terms of this DPA.
  • Provide the Controller with a list of Sub-Processors upon request.
  • Notify the Controller of any changes to Sub-Processors and allow the Controller to object to the appointment of a Sub-Processor.

5. Data Security

The Processor will implement and maintain appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data during storage and transmission.
  • Regular monitoring and testing of security measures.
  • Access controls to restrict data access to authorized personnel.

6. Data Subject Rights

The Processor will assist the Controller in fulfilling data subject requests as required under applicable laws, including:

  • Access, rectification, and deletion of personal data.
  • Restriction of processing or data portability requests.

The Processor will promptly notify the Controller of any data subject requests received directly.

7. Data Breaches

In the event of a personal data breach, the Processor will:

  • Notify the Controller without undue delay, providing sufficient information to assess the impact of the breach.
  • Assist the Controller in fulfilling its obligations to notify authorities and data subjects under applicable laws.

8. Data Retention and Deletion

Upon termination of the services or at the Controller’s request, the Processor will:

  • Delete or return all personal data to the Controller.
  • Delete existing copies unless applicable law requires retention.

9. Compliance and Audits

The Processor will:

  • Provide the Controller with documentation or certifications demonstrating compliance with this DPA.
  • Allow the Controller or its authorized representatives to audit the Processor’s practices, subject to reasonable notice and confidentiality obligations.

10. Cross-Border Data Transfers

The Processor will ensure that any transfers of personal data outside the EEA or other jurisdictions comply with applicable data protection laws, including the use of:

  • Standard Contractual Clauses approved by the European Commission.
  • Other lawful mechanisms for international data transfers.

11. Liability

The Processor is liable for breaches of this DPA caused by its failure to comply with its obligations. The extent of liability will be governed by the Terms of Service or service agreement between the parties.

12. Term and Termination

This DPA will remain in effect for as long as the Processor processes personal data on behalf of the Controller or until terminated by mutual agreement.

13. Governing Law and Dispute Resolution

This DPA is governed by the laws of the United Kingdom, and any disputes will be resolved in accordance with the dispute resolution process outlined in the Terms of Service.

14. Contact Information

For questions regarding this DPA, please contact:

  • Email: support@postwiser.social

By using our services, you agree to this Data Processing Agreement.

Scroll to Top