Data Processing Agreement
This Data Processing Agreement (“DPA”) is entered into between HOME OF DW LTD (“Data Processor”) and you, the Client or User (“Data Controller”), and is an addendum to the Terms of Service for dwsender.com. This DPA reflects the parties’ agreement regarding the processing of personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
Data Processing Agreement
This Data Processing Agreement (“DPA”) is entered into between HOME OF DW LTD (“Data Processor”) and you, the Client or User (“Data Controller”), and is an addendum to the Terms of Service for dwsender.com. This DPA reflects the parties’ agreement regarding the processing of personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
1. Definitions
- Data Controller: The party that determines the purposes and means of processing personal data.
- Data Processor: The party that processes personal data on behalf of the Data Controller.
- Personal Data: Any information relating to an identified or identifiable person, as defined in GDPR Article 4.
- Data Subject: An individual whose personal data is processed.
- Processing: Any operation or set of operations performed on personal data, such as collection, storage, or deletion.
2. Subject Matter and Duration of Processing
- Subject Matter: This DPA governs the processing of personal data as necessary for HOME OF DW LTD to provide the email marketing services of dwsender.com to the Client.
- Duration: This DPA is effective as long as the Client uses the Service, or until termination as stipulated under the Terms of Service.
3. Scope and Purpose of Processing
The Data Processor agrees to process personal data strictly for the following purposes:
- To deliver, support, and improve the Service.
- To perform services as instructed by the Data Controller and as outlined in the Terms of Service.
- To ensure compliance with applicable legal and regulatory requirements.
4. Data Controller Responsibilities
The Data Controller is responsible for:
- Ensuring that personal data provided to the Data Processor complies with applicable data protection laws.
- Obtaining all necessary consents and authorizations from Data Subjects for processing personal data through the Service.
- Informing the Data Processor promptly if any personal data processed under this DPA is no longer required.
5. Data Processor Responsibilities
The Data Processor agrees to:
- Process personal data only on documented instructions from the Data Controller.
- Implement appropriate technical and organizational measures to safeguard personal data.
- Ensure that employees and contractors authorized to process personal data are subject to confidentiality obligations.
- Cooperate with the Data Controller to fulfill Data Subject rights requests, such as access, rectification, and deletion, as required under GDPR.
6. Security Measures
The Data Processor implements appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:
- Access Controls: Ensuring only authorized personnel access personal data.
- Encryption: Encrypting personal data during transmission and at rest, where applicable.
- Incident Response: Promptly responding to and mitigating security incidents.
- Regular Audits: Conducting periodic assessments to monitor security practices and identify improvements.
8. Data Subject Rights
The Data Processor agrees to assist the Data Controller in fulfilling Data Subject rights requests in accordance with GDPR requirements, including:
- Right to Access: Enabling Data Subjects to access their personal data upon request.
- Right to Rectification: Correcting inaccurate or incomplete data.
- Right to Deletion: Deleting personal data as requested by the Data Controller.
- Right to Restrict Processing: Limiting processing of personal data as directed.
The Data Controller shall be responsible for handling Data Subject requests directly unless agreed otherwise.
9. Data Breach Notification
In the event of a personal data breach, the Data Processor will notify the Data Controller without undue delay. The notification will include:
- A description of the breach, including categories and approximate numbers of Data Subjects and personal data records affected.
- The likely consequences of the breach.
- Measures taken or proposed to mitigate the breach and minimize any harm.
The Data Processor will cooperate fully with the Data Controller to address any legal and regulatory obligations arising from the breach.
10. Data Transfers
The Data Processor will only transfer personal data outside the European Economic Area (EEA) in compliance with GDPR requirements, using one or more of the following mechanisms:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Binding Corporate Rules (BCRs), if applicable.
- Adequacy Decisions: Only transferring data to countries that the European Commission has deemed provide adequate protection.
The Data Processor will cooperate fully with the Data Controller to address any legal and regulatory obligations arising from the breach.
11. Return or Deletion of Data
Upon termination of the Services, the Data Processor will, at the Data Controller’s request:
- Return: Return all personal data to the Data Controller.
- Delete: Permanently delete all personal data, except where retention is required by applicable law.
The Data Processor will confirm the completion of data deletion in writing.
12. Audit and Inspection
The Data Controller has the right to audit and inspect the Data Processor’s data processing practices to ensure compliance with this DPA:
- Audit Requests: The Data Controller may request an audit, which will be conducted during regular business hours with reasonable advance notice.
- Independent Auditor: Audits may be performed by an independent auditor appointed by the Data Controller, subject to confidentiality obligations.
- Scope and Frequency: Audits shall be limited in scope and frequency to minimize disruption to the Data Processor’s operations and must comply with the Data Processor’s security requirements.
The Data Processor will confirm the completion of data deletion in writing.
13. Limitation of Liability
Both parties agree to limit their liability arising out of or related to this DPA, consistent with the limitations outlined in the Terms of Service.
14. Governing Law
This DPA is governed by and construed in accordance with the laws of the United Kingdom. Any disputes arising out of or related to this DPA shall be subject to the exclusive jurisdiction of the courts of the United Kingdom.
10. Contact Information
For questions or concerns regarding this DPA or data protection practices, please contact:
- Data Protection Officer (DPO) : dpo@dwsender.com
- General Support : support@dwsender.com
- Phone : +44 7878 983554
- Address : 128 City Road, London, United Kingdom, EC1V 2NX
Signatures
By using our Service, you, the Data Controller, acknowledge that you have read, understood, and agreed to the terms of this Data Processing Agreement.
