Data Processing Agreement
linked-mail.com
A product of Linkedin Mail
Registered at https://linked-mail.com
This Data Processing Agreement (“DPA”) forms part of the [Terms of Service] (the “Principal Agreement”) between [Your Company Name] (“Data Processor”) and the customer (“Data Controller”).
1. Subject Matter and Duration
1.1 Subject Matter: This DPA governs the processing of personal data by the Data Processor on behalf of the Data Controller as part of the linked-mail.com services.
1.2 Duration: This DPA will remain in effect for the duration of the Principal Agreement or until the deletion of all personal data processed by the Data Processor on behalf of the Data Controller, whichever is later.
2. Definitions
2.1 Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”).
2.2 Processing: Any operation or set of operations performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.
2.3 Sub-processor: Any third party engaged by the Data Processor that processes Personal Data on behalf of the Data Controller.
3. Obligations of the Data Processor
3.1 Compliance: The Data Processor shall process Personal Data only on documented instructions from the Data Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by law.
3.2 Confidentiality: The Data Processor shall ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.3 Security Measures: The Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the Personal Data being processed.
4. Obligations of the Data Controller
4.1 Legal Basis: The Data Controller shall ensure that the processing of Personal Data has a lawful basis and that Data Subjects have been informed about the processing of their data in accordance with applicable data protection laws.
4.2 Instructions: The Data Controller shall provide documented instructions to the Data Processor regarding the processing of Personal Data.
4.3 Data Subject Rights: The Data Controller is responsible for responding to Data Subject requests to exercise their rights under applicable data protection laws.
5. Sub-processing
5.1 Authorization: The Data Processor shall not engage any Sub-processor without prior specific or general written authorization of the Data Controller.
5.2 Liability: The Data Processor shall be liable for the actions and omissions of its Sub-processors to the same extent the Data Processor would be liable if performing the services of each Sub-processor directly.
6. International Data Transfers
6.1 The Data Processor shall not transfer Personal Data to a country outside of the European Economic Area (EEA) without the prior written consent of the Data Controller and only in compliance with applicable data protection laws.
7. Data Breach Notification
7.1 The Data Processor shall notify the Data Controller without undue delay after becoming aware of a Personal Data breach affecting the Personal Data processed on behalf of the Data Controller.
8. Data Retention and Deletion
8.1 Retention: The Data Processor shall retain Personal Data for the duration specified in the Principal Agreement, unless otherwise required by law.
8.2 Deletion: Upon termination of the Principal Agreement, the Data Processor shall, at the choice of the Data Controller, delete or return all Personal Data to the Data Controller, unless retention of the data is required by law.
9. Audits and Inspections
9.1 The Data Processor shall make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.
10. Limitation of Liability
10.1 The liability of the Data Processor under this DPA shall be limited to the extent provided in the Principal Agreement, except where such limitation would be void under applicable law.
11. Governing Law
11.1 This DPA shall be governed by and construed in accordance with the laws of California.
12. Miscellaneous
12.1 In the event of any conflict or inconsistency between this DPA and the Principal Agreement, this DPA shall prevail.
12.2 This DPA may only be modified by a written amendment signed by both the Data Processor and the Data Controller.
Last updated: 30th August 2024