Quick GDPR Information & Highlights

How Polarbackup Can Help Achieve GDPR Compliance

Fast Facts & Highlights on GDPR

Third-Party GDPR Compliance with Amazon AWS

Data Processing Agreement

This Data Processing Agreement (DPA) is between the Company and the Customer, governed by the Terms of the Agreement.

  1. Definitions:
    • Affiliates: Entities controlling or under common control of a party.
    • Agreement: The contract for service provision between the Company and Customer.
    • Controller: The Customer.
    • Data Subject: As defined by Directive 95/46/EC.
    • DPA: This agreement and its exhibits.
    • Notifiable Personal Data Breach: A breach posing a risk to natural persons’ rights.
    • Personal Data: As defined by Directive 95/46/EC.
    • Processor: The Company.
    • Security Policy: The Company’s updated security document.
    • Standard Contractual Clauses: EU model clauses for personal data transfer.
    • Sub-Processor: Entities processing Personal Data on behalf of the Company.
  2. Purpose:
    • The Processor provides Services to the Controller and processes Customer Data, including Personal Data, in accordance with this DPA.
  3. Scope:
    • The Processor processes Personal Data to provide Services per the Agreement and Controller’s instructions.
  4. Processor Obligations:
    • Process Personal Data only as instructed.
    • Ensure confidentiality, security, and appropriate training for personnel.
    • Implement technical and organizational measures for data protection.
    • Report any potential legal breaches of data protection instructions.
    • Allow access to Personal Data only for necessary purposes.
  5. Controller Obligations:
    • Comply with the Agreement, DPA, and data protection laws.
    • Obtain permissions and authorizations for data processing.
    • Implement technical and organizational measures for data protection.
    • Ensure any data processing follows documented instructions.
  6. Sub-Processors:
    • Use Affiliates or third-party Sub-Processors as necessary, complying with DPA obligations.
  7. Liability:
    • Parties are liable for breaches caused by their actions or negligence.
  8. Audit:
    • The Processor provides necessary information and supports audits to demonstrate compliance.
  9. Notification of Breach:
    • The Processor notifies the Controller of any personal data breaches and assists in managing the breach.
  10. Compliance, Cooperation, and Response:
    • The Processor assists with Data Subject requests, DPIAs, and regulatory compliance.
  11. Term and Termination:
    • The DPA remains effective with the Agreement and terminates upon its expiration.
  12. General:
    • The DPA is the complete understanding between parties and governed by the laws of England and Wales.

Exhibit A: Overview of data processing activities, including types of data subjects, categories of data, special categories of data, and processing operations.

Exhibit B: Technical and organizational security measures for data protection, including entrance control, system access control, data access control, transmission control, data entry control, processing control, availability control, and separation control.