MField MEA Data Processing Agreement (DPA)
This Data Processing Agreement ("Agreement") is made between:
Data Controller:
- Name: [Client Company Name]
- Address: [Client Company Address]
- Contact Person: [Client Contact Person]
- Email: [Client Contact Email]
Data Processor:
- Name: MField MEA
- Address: [MField MEA Company Address]
- Contact Person: Jane Doe
- Email: [email protected]
Recitals:
- The Data Controller and Data Processor have entered into an agreement for the provision of services by the Data Processor to the Data Controller (the "Service Agreement").
- In the course of providing the services, the Data Processor may process personal data on behalf of the Data Controller.
- The parties wish to lay down their rights and obligations regarding the processing of personal data in this Agreement, in compliance with applicable data protection laws.
Definitions:
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation or set of operations which is performed on Personal Data, whether or not by automated means.
- "Sub-processor" means any processor engaged by the Data Processor to assist in fulfilling its obligations with respect to processing Personal Data.
1. Subject Matter and Duration:
- The subject matter of this Agreement is the processing of Personal Data as described in the Service Agreement.
- This Agreement shall remain in effect for the duration of the Service Agreement.
2. Nature and Purpose of Processing:
The Data Processor shall process Personal Data only as necessary to perform the services under the Service Agreement and in accordance with the instructions of the Data Controller.
3. Types of Personal Data and Categories of Data Subjects:
The types of Personal Data processed and the categories of Data Subjects are defined in the Service Agreement.
4. Data Processor Obligations:
- Process Personal Data only on documented instructions from the Data Controller.
- Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.
- Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
- Assist the Data Controller in ensuring compliance with obligations concerning data subject rights and data protection impact assessments.
- Delete or return all Personal Data to the Data Controller at the end of the provision of services.
- Make available to the Data Controller all information necessary to demonstrate compliance with obligations and allow for and contribute to audits.
5. Sub-processors:
- The Data Processor shall not engage any Sub-processor without the prior specific or general written authorization of the Data Controller.
- The Data Processor shall ensure that any Sub-processor is bound by data protection obligations compatible with those of this Agreement.
6. International Transfers:
The Data Processor shall not transfer Personal Data to a third country or an international organization without the Data Controller's prior written consent.
7. Data Breach Notification:
In the event of a data breach, the Data Processor shall notify the Data Controller without undue delay and provide all necessary information to support the Data Controller in fulfilling its data breach reporting obligations.
8. Liability and Indemnity:
- The Data Processor shall be liable for any damage caused by processing where it has not complied with its obligations under this Agreement or applicable data protection laws.
- The Data Processor shall indemnify and hold harmless the Data Controller against all claims, damages, losses, and expenses arising from any breach of this Agreement by the Data Processor.
9. Governing Law and Jurisdiction:
- This Agreement shall be governed by and construed in accordance with the laws of [Governing Law].
- Any disputes arising from or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of [Jurisdiction].
10. Miscellaneous:
- Any amendments to this Agreement shall be in writing and signed by both parties.
- If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
IN WITNESS WHEREOF, the parties hereto have executed this Data Processing Agreement as of the date first above written.
Data Controller:
Signature: _______________________
Name: ___________________________
Title: ____________________________
Date: ____________________________
Data Processor:
Signature: _______________________
Name: ___________________________
Title: ____________________________
Date: ____________________________