GDRP License Agreement

Data Processing AgreementBetween Your Company and Data Processor
This Data Processing Agreement (“Agreement”) forms part of the Contract for Services (“Principal Agreement”) between Your Company and Data Processor.

1. Definitions and Interpretation1.1 Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meaning:

• Agreement: This Data Processing Agreement and all Schedules.
• Company Personal Data: Any Personal Data Processed by a Contracted Processor on behalf of Company pursuant to or in connection with the Principal Agreement.
• Contracted Processor: A Subprocessor.
• Data Protection Laws: EU Data Protection Laws and, where applicable, the data protection or privacy laws of any other country.
• EEA: European Economic Area.
• EU Data Protection Laws: EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced, or superseded from time to time, including the GDPR and related laws.
• GDPR: EU General Data Protection Regulation 2016/679.
• Data Transfer: Transfer of Company Personal Data from the Company to a Contracted Processor or an onward transfer between Contracted Processors, where such transfer would be prohibited by Data Protection Laws.

2. ServicesThe Company provides the following services: __________________ (specify).
3. ObligationsThe Parties agree to comply with the requirements of the GDPR and lay down their rights and obligations regarding data processing.
4. Data Protection Measures- The Data Processor shall implement appropriate technical and organizational measures to protect Company Personal Data.

• The Data Processor shall assist the Company in fulfilling its obligations under the GDPR.

5. Subprocessing- The Data Processor shall not engage Subprocessors without the Company’s prior written consent.

• If Subprocessors are engaged, the Data Processor shall impose data protection obligations on them.

6. Data Transfers- Data Transfers shall comply with Data Protection Laws.

• The Data Processor shall inform the Company of any Data Transfers.

7. Security Breaches- The Data Processor shall notify the Company promptly of any security breaches.

• The Data Processor shall assist the Company in handling security incidents.

8. Data Subject Rights- The Data Processor shall assist the Company in responding to data subject requests.

• The Data Processor shall not respond directly to data subjects.

9. Audit and Compliance- The Data Processor shall allow audits by the Company or its designated auditor.

• The Data Processor shall provide necessary information to demonstrate compliance.

10. Term and Termination- This Agreement shall remain in effect until termination of the Principal Agreement.

• Upon termination, the Data Processor shall delete or return Company Personal Data.