We provide the latest version of AeriCast DPA for you to review here. If you would like to get it signed and executed with us, please contact us at email@example.com
Signing a DPA does not change our practices regarding the protection of your privacy and your data. Every customer gets the same high standards of privacy and security.
Data Processing Addendum
(a) Definitions. (i) In this Addendum: Controller Has the meaning given in applicable Data Protection Laws from time to time. Data Protection Laws Means, as binding on either party or the services:
The Directive 95/46/EC (Data Protection Directive) and/or Data Protection Act 1998 or the GDPR;
Any laws which implement any such laws or regulations; and
Any laws that replace, extend, re-enact, consolidate, or amend any of the foregoing.
(d) Security. Taking into account the state of technical development and the nature of Processing, we shall implement and maintain the technical and organizational measures set out in Section 2(b) of this Addendum to protect the Protected Data against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, or access.
(A) that alternative Processing instructions are agreed between the parties in writing; or
(B) otherwise required by applicable law (and shall inform you of that legal requirement before Processing, unless applicable law prevents us doing so on important grounds of public interest).
(ii) Without prejudice to Section 1(e)(i), if we believe that any instruction received by us from you is likely to infringe the Data Protection Laws, we shall promptly inform you and be entitled to cease to provide the relevant Services until the parties have agreed appropriate amended instructions which are not infringing.
(f) Sub-processing and Personnel. (i) We shall:
(A) not permit any processing of Protected Data by any agent, subcontractor, or other third party (except its or its Sub-Processors’ own employees in the course of their employment that are subject to an enforceable obligation of confidence with regards to the Protected Data) without your authorization;
(B) prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing materially the same obligations as under this Schedule (including those relating to sufficient guarantees to implement appropriate technical and organizational measures) that is enforceable by us and ensure each such Sub- Processor complies with all such obligations;
(C) remain fully liable to you under this Addendum for all the acts and omissions of each Sub-Processor as if they were our own; and
(D) ensure that all persons authorized by us or any Sub-Processor to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential.
(g) List of Authorized Sub-Processors. (i) You expressly authorize the appointment of the Sub-Processors listed below.
(h) Assistance. (i) We shall (at your cost) assist you in ensuring compliance with your obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under applicable Data Protection Laws) taking into account the nature of the Processing and the information available. (ii) We shall (at your cost) taking into account the nature of the Processing, assist you (by appropriate technical and organizational measures), insofar as this is possible, for the fulfilment of your obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under applicable Data Protection Laws) in respect of any Protected Data.
(i) Audits and Processing. We shall, in accordance with Data Protection Laws, make available to you such information that is in our possession or control as is necessary to demonstrate our compliance with the obligations placed on us under this Addendum and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR (and under any equivalent Data Protection Laws equivalent to that Article 28), and allow for and contribute to your audits, including inspections, (or another auditor mandated by you) for this purpose (subject to a maximum of one audit request in any 12 month period under this paragraph).
(j) Breach. We shall notify you without undue delay and in writing on becoming aware of any Personal Data breach in respect of any Protected Data.
2.Data Processing and Security Details.
(a) Data Processing Details.
(i) Subject-matter of Processing: Orders, requests, and related software use and access requested through the Company’s platform.