This Data Processing Addendum ("DPA") is incorporated into and forms part of the agreement between linkbyme and its third-party processors (the "Processor") for the processing of personal data.
1. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Controller: linkbyme, the entity which determines the purposes and means of the processing of personal data.
- Processor: The third-party service provider that processes personal data on behalf of the Controller.
2. Subject Matter and Duration of Processing
The Processor shall process Personal Data as specified in the agreement with the Controller, for the duration of the agreement, and solely for the purposes set out therein.
3. Types of Personal Data and Data Subjects
The types of Personal Data and categories of Data Subjects shall be as specified in the agreement between the Controller and the Processor.
4. Processor's Obligations
- Process Personal Data only on documented instructions from the Controller, unless required by applicable law.
- Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- Take all measures required pursuant to Article 32 of the GDPR.
- Respect the conditions referred to in paragraph 2 of Article 28 of the GDPR when engaging another processor.
- Assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR.
- Assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Processor.
- At the choice of the Controller, delete or return all the Personal Data to the Controller as soon as the processing is completed, and delete existing copies unless applicable law requires storage of the Personal Data.
5. Sub-processing
The Processor shall not subcontract any of its processing operations without the prior written consent of the Controller. Where the Processor engages another processor for carrying out specific processing activities on behalf of the Controller, the same data-protection obligations as set out in this DPA shall be imposed on that other processor by way of a contract.
6. Liability
Each party shall be liable for damages it causes the other party due to any breach of this DPA.
7. Termination
Upon termination of the agreement, the Processor shall, at the choice of the Controller, return or delete the Personal Data. This provision shall survive the termination of the agreement.
Contact Information
For any questions regarding this Data Processing Addendum, please contact us at: [email protected]