This Data Processing Agreement (“Agreement” or “DPA”) forms part of the Main Services Agreement between you (the “Customer”) and Example Inc. (the “Processor”, “we”, or “us”), and governs our processing of personal data on your behalf in connection with the Services.

This DPA ensures compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, and other relevant data protection legislation.

1. Definitions

For the purposes of this DPA:

TermDefinitionData ControllerThe party that determines the purpose and means of processing personal dataData ProcessorThe party that processes data on behalf of the controllerData SubjectAn identifiable natural person whose personal data is processedProcessingAny operation performed on personal data (collection, use, storage, etc.)Personal DataAny information relating to an identified or identifiable natural personSub-processorA third party engaged by the Processor to process data on behalf of the Controller

2. Scope and Purpose of Processing

2.1 Nature and Purpose

The Processor shall process personal data only as necessary to provide the Services as described in the Main Services Agreement and in accordance with the Controller’s documented instructions.

2.2 Categories of Data

We may process the following categories of personal data:

  • Contact details (e.g., names, email addresses)

  • Account identifiers

  • Billing information

  • Usage data

  • IP addresses

2.3 Categories of Data Subjects

Data subjects may include:

  • Your customers

  • Your employees or collaborators

  • Website visitors

  • Platform users

3. Obligations of the Processor

We agree to:

  • Process data solely in accordance with documented instructions from the Controller

  • Ensure personnel are subject to confidentiality obligations

  • Implement appropriate technical and organizational security measures

  • Notify the Controller of any data breach without undue delay

  • Assist with data subject rights and regulatory inquiries

  • Delete or return all personal data at the end of the processing relationship

4. Sub-processors

4.1 Authorized Sub-processors

We may engage third-party sub-processors to assist in delivering the Services. A current list is available at:

https://www.example.com/subprocessors

4.2 Sub-processor Agreements

We ensure that each sub-processor is bound by written obligations that provide at least the same level of data protection as this DPA.

4.3 Notification of Changes

We will notify the Controller in advance of any changes to our sub-processor list. The Controller may object on reasonable grounds within 10 business days.

5. Data Subject Rights

We will assist the Controller in responding to requests from data subjects under applicable laws, including:

  • Access to personal data

  • Correction or deletion

  • Restriction or objection to processing

  • Data portability

All requests received directly by us will be referred to the Controller.

6. Security Measures

We maintain appropriate security measures in accordance with Article 32 of the GDPR. These include:

  • Encryption of personal data in transit

  • Access controls and authentication

  • Redundancy and backup systems

  • Regular security assessments

A detailed description of our security measures can be found here:

https://www.example.com/security

7. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the Controller without undue delay (no later than 48 hours)

  • Provide all available details, including scope and impact

  • Assist in mitigation and notification to authorities/data subjects (if required)

8. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure that:

  • The transfer is made to countries deemed to have adequate protection, or

  • We implement Standard Contractual Clauses (SCCs) or other lawful mechanisms

9. Audit and Compliance

Upon reasonable written request, the Controller may:

  • Receive documentation to demonstrate our compliance

  • Conduct audits (directly or via a third-party auditor), subject to reasonable scheduling and confidentiality

We reserve the right to charge for any audit that exceeds a reasonable scope or frequency.

10. Term and Termination

This DPA remains in effect for as long as we process personal data on your behalf.

Upon termination:

  • All personal data will be returned or deleted, unless retention is required by law

  • Certification of deletion will be provided upon request

11. Contact Information

If you have questions regarding this DPA, please contact:

Data Protection Officer (DPO)
Email: dpo@example.com
Address: 1234 Platform St., Suite 100, Pasadena, CA 91101

OTHER DOCUMENTS

Terms of Service
Terms of Service
Terms of Service
Privacy Policy
Privacy Policy
Privacy Policy
Cookie Policy
Cookie Policy
Cookie Policy
Data Processing Agreement
Data Processing Agreement
Data Processing Agreement
Back To Top
Back To Top
Back To Top
Homepage
Homepage
Homepage
PAGES
INNER PAGES
PRICING PAGES
CMS PAGES
ASSISTANCE
FOLLOW US

© Roi — 2025-2026. All Rights Reserved.

Made with ❤️ by Driss Chelouati

PAGES
INNER PAGES
PRICING PAGES
CMS PAGES
ASSISTANCE
FOLLOW US

© Roi — 2025-2026. All Rights Reserved.

Made with ❤️ by Driss Chelouati

PAGES
INNER PAGES
PRICING PAGES
CMS PAGES
ASSISTANCE
FOLLOW US

© Roi — 2025-2026. All Rights Reserved.

Made with ❤️ by Driss Chelouati

Create a free website with Framer, the website builder loved by startups, designers and agencies.