Quick GDPR Information & Highlights
How Polarbackup Can Help Achieve GDPR Compliance
Fast Facts & Highlights on GDPR
Third-Party GDPR Compliance with Amazon AWS
Data Processing Agreement
This Data Processing Agreement (DPA) is between the Company and the Customer, governed by the Terms of the Agreement.
- Definitions:
- Affiliates: Entities controlling or under common control of a party.
- Agreement: The contract for service provision between the Company and Customer.
- Controller: The Customer.
- Data Subject: As defined by Directive 95/46/EC.
- DPA: This agreement and its exhibits.
- Notifiable Personal Data Breach: A breach posing a risk to natural persons’ rights.
- Personal Data: As defined by Directive 95/46/EC.
- Processor: The Company.
- Security Policy: The Company’s updated security document.
- Standard Contractual Clauses: EU model clauses for personal data transfer.
- Sub-Processor: Entities processing Personal Data on behalf of the Company.
- Purpose:
- The Processor provides Services to the Controller and processes Customer Data, including Personal Data, in accordance with this DPA.
- Scope:
- The Processor processes Personal Data to provide Services per the Agreement and Controller’s instructions.
- Processor Obligations:
- Process Personal Data only as instructed.
- Ensure confidentiality, security, and appropriate training for personnel.
- Implement technical and organizational measures for data protection.
- Report any potential legal breaches of data protection instructions.
- Allow access to Personal Data only for necessary purposes.
- Controller Obligations:
- Comply with the Agreement, DPA, and data protection laws.
- Obtain permissions and authorizations for data processing.
- Implement technical and organizational measures for data protection.
- Ensure any data processing follows documented instructions.
- Sub-Processors:
- Use Affiliates or third-party Sub-Processors as necessary, complying with DPA obligations.
- Liability:
- Parties are liable for breaches caused by their actions or negligence.
- Audit:
- The Processor provides necessary information and supports audits to demonstrate compliance.
- Notification of Breach:
- The Processor notifies the Controller of any personal data breaches and assists in managing the breach.
- Compliance, Cooperation, and Response:
- The Processor assists with Data Subject requests, DPIAs, and regulatory compliance.
- Term and Termination:
- The DPA remains effective with the Agreement and terminates upon its expiration.
- General:
- The DPA is the complete understanding between parties and governed by the laws of England and Wales.
Exhibit A: Overview of data processing activities, including types of data subjects, categories of data, special categories of data, and processing operations.
Exhibit B: Technical and organizational security measures for data protection, including entrance control, system access control, data access control, transmission control, data entry control, processing control, availability control, and separation control.