data processing Agreement

Last updated: October 23
Table of contents


Data Processor: The entity processing data on behalf of the Data Controller.Data Controller: The entity responsible for the data being processed.

Software & Security

- The Data Processor’s software is covered by a separate license agreement.- Data security within the Data Controller’s environment is the Controller’s responsibility.

Customer Responsibility

The Data Controller (customer) is responsible for ensuring that any data inputted into the service is compliant with all applicable laws and regulations.

Information Exchange

The Data Processor must inform the Data Controller of any data breaches or if any action violates GDPR or other applicable laws.


The Data Processor can request additional fees for special compliance requirements like external audits.

Sub Processors

- Data is processed using Microsoft SaaS, PaaS and IaaS.

<- Any other sub-processors must be approved by the Data Controller.

Compliance & Audits

The Data Processor must allow for audits by the Data Controller or relevant authorities.

Term & Termination

- The agreement stands if the Data Processor is handling data, even if the main contract has expired.- Upon termination, all personal data must either be returned to the Data Controller or deleted, unless legally required to be stored.

Other Provisions

- The Data Processor is bound to fulfill the agreement even if circumstances make it more difficult.- Changes can be made to the agreement to stay compliant with applicable laws.


If any term is unenforceable, the rest of the agreement remains in effect.