This Data Processing Agreement (hereinafter referred to as “Agreement” or “DPA”) by and between [Sender.Company] , a [Sender.State] [type of legal entity] , having its principal place of business at [Sender.StreetAddress] (the “Company” or “Data Controller”), and [Client.Company] , a [Client.State] [type of legal entity] , having its principal place of business at [Client.StreetAddress] (the “Vendor” or “Data Processor” or “Processor”) who agree to be bound by the terms of this Agreement.
This Data Processing Agreement will be supplemental to the Master Service Agreement (or Terms and Conditions) (MSA) between the Parties, and this Agreement will follow the terms of that MSA.
The Company acts as the Data Controller and the Company wishes to subcontract certain Services, which may require the processing of personal data, to the Data Processor. The Parties seek to implement a data processing agreement in compliance with the requirements under the General Data Protection Regulation, and any other applicable Data Protection regulations. The Parties which to operate according to the following terms:
1.1 Maintain ongoing compliance with all applicable Data Protection Laws in the processing of personal data; and
1.2 Agree not to process data other than that which is covered by the Company’s documented instructions.
1.3 Take reasonable measures to ensure that any employee, agent or contractor of any Contracted Processor who may have access to Personal Data, complies with the applicable Data Security laws in the same and equal manner in which the Data Processor complies with such laws.
2.1 Data Processor shall implement the appropriate technical and organizational measures to ensure a level of security appropriate to mitigate security risks.
2.2 Data Processor shall take account of particular risks associated with a Personal Data breach and establish a process by which to address and remedy the breach.