Data Processing Addendum (DPA)
This Data Processing Addendum (“DPA”) forms part of the agreement between Nanoschool (knowledge platfrom) hereby refered to as "data controller" and IT Break.Com (website owner) hereby refered to as "data processor". The purpose of this DPA is to set out the parties' obligations with respect to the processing of personal data in accordance with the General Data Protection Regulation (“GDPR”) and other applicable data protection laws.
- Definitions in this DPA, the following terms shall have the meanings set out below:
1.1 “Data Controller” means the entity which determines the purposes and means of the processing of Personal Data.
1.2 “Data Processor” means the entity which processes Personal Data on behalf of the Data Controller.
1.3 “Data Protection Laws” means all laws and regulations, including the GDPR, that apply to the processing of Personal Data.
1.4 “Personal Data” means any information relating to an identified or identifiable natural person.
1.5 “Processing” means any operation or set of operations which is performed on Personal Data.
1.6 “Sub-processor” means any Data Processor engaged by the Service Provider to assist in fulfilling its obligations under this DPA.
- ScopeThis DPA applies to the processing of Personal Data by the Service Provider on behalf of data controller in connection with the provision of the services under the Agreement.
- Obligations of the Service Provider The Service Provider shall process Personal Data in accordance with the following obligations:
3.1 Process Personal Data only in accordance with data controller's documented instructions, except where required to do otherwise by Data Protection Laws to which the Service Provider is subject. If the Service Provider is required to process Personal Data other than in accordance with data controller’s instructions, the Service Provider shall inform data controller of the legal requirement before processing, unless prohibited by law.
3.2 Ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.3 Implement appropriate technical and organizational measures to ensure the security of the Personal Data.
3.4 Not engage any Sub-processor without data controller’s prior written consent. If data controller consents to a Sub-processor, the Service Provider shall ensure that the Sub-processor is subject to the same obligations as the Service Provider.
3.5 Assist data controller in responding to requests from data subjects exercising their rights under Data Protection Laws.
3.6 Assist data controller in ensuring compliance with its obligations under Data Protection Laws, taking into account the nature of the processing and the information available to the Service Provider.
3.7 Notify data controller without undue delay of any Personal Data breach.
3.8 Make available to data controller all information necessary to demonstrate compliance with the obligations laid down in this DPA.
- Obligations of data controller shall:
4.1 Ensure that it has obtained all necessary consents and has provided all necessary notices required under Data Protection Laws to permit the Service Provider to process Personal Data in accordance with this DPA and the Agreement.
4.2 Ensure that its instructions for the processing of Personal Data are lawful and that the processing of Personal Data in accordance with those instructions will not breach Data Protection Laws.
- Term and Termination
This DPA shall remain in effect until the termination of the Agreement.
- General Provisions
This DPA is governed by the laws of the jurisdiction in which the Service Provider is located. Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of that jurisdiction.
This DPA may be amended by the mutual written agreement of the parties from time to time.