This data processing agreement forms an integral part of the terms of the legal contract between Data Graphs and you for the services provided, and regulates the relationship between us.
Data Processing Agreement (DPA) in Accordance with Article 28 of the General Data Protection Regulation (GDPR) Agreement
Between you,
Client/Customer name
Client Address
- the Controller - hereafter named the "Client" -
and
Data Language (UK) Ltd, Riverbridge House, Guildford Road, Leatherhead, UK
info@datalanguage.com
- the Processor - hereafter named "Data Language" -
1) This contract defines the rights and obligations of the Client and Data Language in the context of Data Language processing personal data on behalf of the Client. The terms used in this contract are to be understood in accordance with their respective definitions in the EU General Data Protection Regulation (GDPR). Data Language shall process personal data for the Client on the basis of this Agreement.
2) Both parties agree that this Data Processing Agreement (DPA) will replace any existing DPA the parties may have previously entered into. Except for the changes made by this DPA, the existing agreement remains unchanged and in full effect. If there is any conflict between this DPA and the agreement, this DPA shall prevail to the extent of that conflict.
3) The subject matter and duration of the Data Processing Agreement shall be determined entirely according to the information provided in the respective contractual relationship.
4) Should any parts of this data processing agreement be invalid, this will not affect the validity of the remainder of the agreement.
1) The Client will act as the data controller and Data Language as the processor of customer data. Data Language will process customer data only as a data processor acting at the Client's direction or for the purposes described in this Data Processing Agreement. Data Language shall carry out the following processes: Processing of user information necessary for the provision, improved security, optimization, control and troubleshooting of the service.
2) The provision of the contractually agreed upon data processing will begin on [acceptance date] or at the point of commencement of services provided by Data Language to the Client and be carried out for an unspecified period until the services provided to the Client are terminated and the correlating service account is deleted by Data Language.
3) The type of data that will be processed includes but is not limited to: network connection data, IP addresses, user agent, URL referrer information as well as any kind of personal data contained in the files or file names that the Client is holding on Data Language.
4) Processing the data consists of the following: collecting, saving, modifying, using, transferring, distributing or any other form of provision, replication, restricting, deleting, collating or destroying data.
1) Data Language shall notify the Client in writing if it intends to add or replace Sub-processors and will ensure with reasonable measures that any Sub-processor has the requisite capabilities to Process Customer Data in accordance with this Data Processing Agreement and the GDPR data protection regulations.
2) Data Language shall notify the Client in writing if it intends to add or replace Sub-processors. The Client may object in writing within 5 days of such notice provided that the objection is based on reasonable, documented grounds related to data protection. In the event of an objection, Data Language will attempt to discuss in good faith with the Client in an attempt to achieve a mutual resolution. A Client's failure to respond or reasonably document the basis of the objection will constitute as the Client's authorization of the proposed changes.
1) Data Language will only process personal data as contractually agreed and as instructed by the Client, unless Data Language is legally obliged to do otherwise. Should Data Language be bound by such obligations, Data Language will inform the Client prior to processing the data, unless informing him/her is illegal.
2) The Client is responsible and agrees to maintain a confidential and secure use of services provided by Data Language and protect access to customer data to the best of their ability. Data Language and the Client can, upon request, cooperate with the performance of their duties.
3) The Client is aware that Data Language can from time to time update it's security measures, provided that such updates and modifications do not result in the degradation of the overall security of the services purchased by the Client.
4) Data Language shall ensure that any person authorized to access the customer data has been made aware of the relevant data protection provisions as well as this contract before starting to process the data and will carry out corresponding training on a regular basis.
5) Data Language must support the Client when updating the list of processing activities and implementing the data protection assessment. All data and documentation required need to be provided and made available to the Client upon request.
6) Due to the global nature of the service, Data Language may process customer data from anywhere in the world, where Data Language operates. Data Language and all of its Sub-processors will at all times provide appropriate measures for secure customer data processing in accordance with the requirements of data protection laws.
7) Data Language will strictly limit access to any customer data to persons specifically trained and tasked with processing the data and adequately instructed and supervised on an ongoing basis in terms of fulfilling data protection requirements.
1) It is the sole responsibility of the Client to assess and ensure the admissibility of any processing requested. The Client will ensure any data processing requested is in line with privacy and data regulations and to assure the rights of affected parties.
2) The Client will immediately notify Data Language if any irregularities or errors are discovered as a result of the processing.
3) Data Language will allow the Client to appoint an auditor of the required professional qualification, bound by a duty of confidentiality to perform an inspection of the data security that is reasonably necessary to confirm Data Language's compliance with this Data Processing Agreement. The Client shall not exercise this right more than once per year, including with respect to any support required to perform a data protection impact assessment. Inspections must be carried out without any avoidable disturbances to the operation of Data Language's services.
4) With respect to all personal data, Data Language warrants that it will only process personal data in order to provide and improve the service and only in accordance with this Data Processing Agreement.
1) Data Language will implement and maintain appropriate technical, organizational and security measures designed to maintain strict confidentiality and protect customer data from any kind of data breaches and to ensure the confidentiality and availability to the best of its technical abilities. Any individuals who could have access to the data processed on behalf of Data Language must be obliged in writing to maintain confidentiality, unless legally obliged to do otherwise.
2) Data Language will notify and offer support to the Client without any unjustifiable delay and, where feasible, no later than 48 hours after becoming aware of any breach of personal data stored or processed by Data Language.
3) Data Language will immediately inform the Client of any inspections, law enforcement requests or measures carried out by supervisory authorities or other third parties if they relate to the commissioned data processing unless legally prohibited from doing so.
1) The Client reserves the right of full authority to issue instructions concerning data processing on his/her behalf.
2) If Data Language determines that an instruction carried out by the client violates the legal requirements, Data Language will inform the Client immediately. Data Language will then be entitled to suspend the execution of the relevant instructions until the Client confirms or alters said instructions.
1) When terminating the Data Processing Agreement or at any time upon the Client's request, Data Language will either destroy the data or submit the data to the Client at the Client's discretion. The data must be destroyed in such a way that restoring or recreating the remaining information will no longer be possible, even with considerable effort.
2) Data Language can temporarily contain older data archived on backup systems. In all such cases, Data Language shall maintain the customer data securely and protect it from any further processing until deleted.
3) The terms of this Data Processing Agreement shall remain in effect for so long as Data Language continues to retain any customer data.
4) Cancellation of the agreement by the Client or deleting the Client's user account provided by Data Language will simultaneously terminate and invalidate this agreement.
1) Confidentiality. Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
(a) disclosure is required by law;
(b) the relevant information is already in the public domain.
2) Notices. All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this Agreement at such other address as notified from time to time by the Parties changing address.
1) This Agreement is governed by the laws of England and Wales.
2) Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of England and Wales.
