Interactive32 - Data Processing Agreement

Data Processing Agreement

DATA PROCESSING AGREEMENT

This Data Processing Agreement (Agreement) explains how we (Data Processor) process personal data on behalf of the customer (Data Controller).

1. Purpose of Processing
The Processor shall process personal data on behalf of the Controller solely for the purpose of providing the services described in the Main Agreement and in accordance with the Controller's documented instructions.

2. Type of Personal Data and Data Subjects
Types of Personal Data: name, email address, IP address, browser type, operating system
Categories of Data Subjects: customers

3. Obligations of the Processor
The Processor shall:
- Process personal data only for the purpose of providing the services
- Ensure confidentiality of persons authorized to process personal data
- Implement appropriate technical and organizational security measures
- Assist the Controller in fulfilling data subject rights (e.g., access, erasure)
- Delete or return personal data upon termination of the services

4. Sub-processors
The Processor may engage the following sub-processors: Paddle (payment processing provider) and any other sub-processors necessary for the provision of the services. The Processor shall ensure that any sub-processor is bound by data protection obligations that are at least as protective as those set out in this Agreement.

5. Data Transfers
Any further transfers of personal data shall be made in compliance with applicable data protection laws and subject to appropriate safeguards (e.g., Standard Contractual Clauses).

6. Security Measures
The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including (where appropriate):
- Pseudonymization and encryption
- Regular testing and evaluation of security measures
- Backup and disaster recovery procedures

7. Data Breach Notification
The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach.

8. Term and Termination
This Agreement remains in effect as long as the Processor processes personal data on behalf of the Controller, or until the Main Agreement is terminated.

Effective: 2024-12-20

If you have any questions, please contact us at [email protected]