Data Processing Agreement
- Version
- 1.0
- Last updated
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Seodapop, Inc. ("Processor") and the customer ("Controller") for the provision of the Seodapop website builder service.
Definitions: "Personal Data", "Processing", "Data Subject", and "Supervisory Authority" have the meanings given in the General Data Protection Regulation (EU) 2016/679 ("GDPR").
Processing Instructions: Processor shall process Personal Data only on documented instructions from Controller, including the transfers of Personal Data to a third country, unless required by Union or Member State law.
Confidentiality: Processor ensures that persons authorised to process Personal Data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
Security Measures: Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including pseudonymisation and encryption of Personal Data; ongoing confidentiality, integrity, availability, and resilience of systems; and regular testing and evaluation of security measures.
Sub-processors: Controller authorises Processor to engage the sub-processors listed at seodapop.com/sub-processors. Processor shall inform Controller of intended changes and give Controller the opportunity to object.
Data Subject Rights: Processor shall assist Controller in fulfilling obligations to respond to requests by Data Subjects exercising their rights under Chapter III of the GDPR.
Data Breach Notification: Processor shall notify Controller without undue delay after becoming aware of a Personal Data breach, and in any event within 72 hours.
Termination: Upon termination of the Services, Processor shall delete or return all Personal Data and existing copies, unless Union or Member State law requires further storage.