OneDPA
PARTIES AND EXECUTION
>- First Party
>- Entity details:
{P1.EntityDetails.Cl} - Signature:
_________________________ - Name:
{P1.Signer.Name.Full} - Date:
{P1.SignDate.YMD}
> - Second Party
>- Entity details:
{P2.EntityDetails.Cl} - Signature:
__________________________ - Name:
{P2.Signer.Name.Full} - Date:
{P2.SignDate.YMD}
>
>
VARIABLES
>- Parties’ relationship
Relationship: Select one (copy)- "Variables.1.sec={Variables.1.AltX.sec}" where X is 1-3:- Controller to Processor
- Processor to Sub-Processor
- Independent Controller to Controller
- Parties’ roles
>- {P1.Name.Full} will act as the [Controller/Processor] [and Business] (as defined in Section 1 of the Terms)
- {P2.Name.Full} will act as the [Processor [and Service Provider]/Sub-Processor/Controller] (as defined in Section 1 of the Terms)
> - Contacts
>- [Controller/Processor]
- Name: {P1.Name.Full}
- Email: {P1.Email}
- [INSERT ADDITIONAL DETAILS]
> - [Processor/Sub-Processor/Controller]
- Name: {P1.Name.Full}
- Email: {P1.Email}
- [INSERT ADDITIONAL DETAILS]
>
> - Main Agreement
{MainAgreement.Identification.cl} - Term
This DPA will commence on the final date of signature and will continue for {DPA.Life.Duration} - Breach Notification Period
[Without undue delay] [24 hours] [48 hours] [72 hours] after becoming aware of a personal data breach - Sub-processor Notification Period
[A reasonable timeframe] [14 days] [30 days] before the new sub-processor is granted access to Personal Data - Liability Cap
Each party’s aggregate liability under this DPA will not exceed [INSERT] / [the liability caps as per the Main Agreement] - Governing Law and Jurisdiction
[INSERT] [As per the Main Agreement] - Data Protection Laws
All laws, regulations and court orders which apply to the processing of Personal Data in:- the European Economic Area (EEA)
- the United Kingdom (UK)
- the United States (US)
- Australia
- [INSERT]
This includes the [European Union Regulation (EU) 2016/679,] [the Data Protection Act 2018], [California Consumer Privacy Act of 2018 (CCPA)/California Privacy Rights Act of 2020 (CPRA)], [the Privacy Act 1998] and [INSERT], [each] as amended from time to time. - Services related to processing
[INSERT] [As described in the Main Agreement] - Duration of processing
[For the Term of this DPA] [INSERT] - Nature and purpose of processing
[INSERT] - Personal Data
The types of personal data processed are [INSERT] - Data subjects
The individuals whose Personal Data will be processed are [INSERT] - Special provisions
[INSERT] - Transfer Mechanism
Transfer Mechanism: (copy)- "Variable.17.sec={Variable.17.AltX.sec}" where X is 1-5:- N/A
- Standard Contractual Clauses approved by the European Commission Decision of 4 June 2021 (as amended from time to time), for the transfer of personal data from the EEA or adequate country to a third country
- International Data Transfer Agreement issued by the Information Commissioner’s Office under Section 119A of the Data Protection Act 2018, effective from 21 March 2022
- International Data Transfer Addendum issued by the Information Commissioner’s Office under Section 119A of the Data Protection Act 2018, effective from 21 March 2022
- The Binding Corporate Rules of [INSERT DETAILS]
>
Annexes
Annex 1
Security measures
Technical and organisational measures to ensure the security of Personal Data- [Insert Processor’s/Sub-Processor’s security measures, either in full or as a link to relevant webpage]
>
Annex 2
Sub-processors
Current sub-processors- [Insert Processor’s/Sub-Processor’s list of sub-processors, either in full or as a link to relevant webpage]
>
{Terms.Sec}