Data Processing Agreement (DPA)

Last Updated:

This Data Processing Agreement ("DPA") forms part of the Terms of Service or other agreement ("Principal Agreement") between Naganewoffers ("Processor" or "Company") and the user or entity ("Controller" or "You") engaging our services.

This DPA applies where and to the extent that Naganewoffers processes Personal Data on behalf of the Controller in the course of providing the Services under the Principal Agreement, and where such Personal Data is subject to Data Protection Laws.

1. Definitions

In this DPA, the following terms shall have the meanings set out below:

• "Data Protection Laws" means all applicable laws and regulations relating to the processing of Personal Data, including without limitation the General Data Protection Regulation (GDPR) and the e-Privacy Directive.
• "Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• "Services" means the services provided by Naganewoffers under the Principal Agreement.

2. Obligations of the Parties

The parties agree to comply with the following obligations:

• The Controller shall ensure that it has obtained all necessary consents and has a lawful basis for the Processing of Personal Data by the Processor.
• The Processor shall process Personal Data only as necessary to provide the Services and in accordance with the instructions of the Controller.
• The Processor shall ensure that all personnel who have access to Personal Data have committed to confidentiality.
• The Processor shall implement and maintain technical and organisational measures to protect Personal Data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

3. Data Subject Rights

The Controller shall be responsible for complying with data subject requests, including without limitation, access, rectification, erasure, restriction of processing, data portability, and objection to processing.

The Processor shall assist the Controller in complying with such requests, where possible.

4. Breach Notification

The Processor shall notify the Controller without undue delay upon becoming aware of a Personal Data breach.

The notification shall include the following information:

• A description of the nature of the breach, including the categories and approximate number of data subjects and personal data records concerned.
• The name and contact details of the data protection officer or other contact point where more information can be obtained.
• A description of the likely consequences of the breach.
• A description of the measures taken or proposed to be taken by the Processor to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.

5. Subprocessors

The Processor may engage subprocessors to process Personal Data on behalf of the Controller.

The Processor shall ensure that any subprocessor is bound by obligations that are at least as protective as those set out in this DPA.

6. Term and Termination

This DPA shall continue in force for as long as the Processor processes Personal Data on behalf of the Controller.

Upon termination of the Principal Agreement, the Processor shall return or delete all Personal Data, at the option of the Controller, unless applicable law requires storage of the Personal Data.

7. Governing Law and Jurisdiction

This DPA shall be governed by and construed in accordance with the laws of Alberta, Canada, without giving effect to any principles of conflicts of law.

Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of Alberta, Canada.

8. Contact Information

For questions regarding this DPA, please contact:

Email: [email protected]

Address: 382 Bloor Street, Marwayne, Alberta T0B 2X0, Canada