This Data Processing Agreement (the “DPA”) is entered into as of [Effective Date] by and between [Controller Name] (“Controller”) and [Processor Name] (“Processor”).
1. Scope and Roles
Processor will process personal data on behalf of Controller as described in Exhibit A. Controller is the data controller and Processor acts as a data processor.
2. Processing Instructions
Processor will process personal data only on documented instructions from Controller, including with respect to transfers.
3. Security Measures
Processor will implement appropriate technical and organizational measures described in Exhibit B to protect personal data.
4. Sub-Processors
Processor may engage sub-processors listed in Exhibit C and will notify Controller of changes. Processor remains responsible for sub-processor compliance.
5. Data Subject Requests
Processor will assist Controller with data subject requests and compliance obligations within reasonable timeframes.
6. Breach Notification
Processor will notify Controller without undue delay of any personal data breach and provide information to support required notifications.
7. Audits
Controller may audit Processor’s compliance [Frequency], subject to reasonable notice and confidentiality.
8. Term and Termination
This DPA remains in effect for the term of the underlying agreement. Upon termination, Processor will return or delete personal data as instructed.
9. Governing Law
This DPA is governed by the laws of [Governing Law Jurisdiction].
10. Severability
If any provision of this DPA is held to be invalid, illegal, or unenforceable, the remaining provisions will continue in full force and effect. The Parties will negotiate in good faith to replace any invalid provision with a valid provision that achieves the original intent.
11. Entire Agreement
This DPA, together with the underlying agreement, constitutes the entire understanding between the Parties regarding data processing and supersedes all prior negotiations, understandings, and agreements.
12. Amendment
This DPA may only be amended or modified by a written document signed by both Parties.
13. Waiver
No waiver of any provision of this DPA will be deemed or will constitute a waiver of any other provision, nor will any waiver constitute a continuing waiver unless otherwise expressly stated.
14. Assignment
Neither Party may assign this DPA without the prior written consent of the other Party, except as permitted under the underlying agreement.
Controller:
Name: [Name]
Title: [Title]
Date: [Date]
Processor:
Name: [Name]
Title: [Title]
Date: [Date]
Disclaimer
This template is provided for informational purposes only and does not constitute legal advice. Contraxly is not a law firm and does not provide legal services. You should consult a qualified attorney to obtain advice tailored to your situation. Use of this template is at your own risk, and no liability is accepted for its use.
