NEW Featured eBook: AWS Cloud Cost Allocation: The Complete Guide - Download Now
This Data Processing Addendum (“DPA”) supplements the nOps Terms of Service available at https://www.nops.io/terms-of-service, as updated from time to time , or other agreement between Customer and nOps governing Customer’s use of the Service Offerings (the “Agreement”) when the GDPR applies to your use of the nOps Services to process Customer Data. This DPA is an agreement between you and the entity you represent (“Customer”, “you” or “your”) and nOps and the nOps Contracting Party or nOps Contracting Parties (as applicable) under the Agreement (together “nOps”). Unless otherwise defined in this DPA or in the Agreement, all capitalized terms used in this DPA will have the meanings given to them in this DPA. For the purpose of this addendum nOps is both the controller and processor of data.
1. Background and objective
The terms used in the DPA shall have the same meaning as assigned to them below and in the Data Protection Legislation, which inter alia imply that:
3. Undertaking and instruction
Processor undertakes to process the personal data that it has access to under the Agreement on behalf of Controller, for the purpose of fulfilling the Agreement and during the term of the Agreement. Processor further undertakes:
4. Information security
Processor implements all appropriate technical and organisational measures necessary in order to ensure a level of security, as required pursuant to the Data Protection Legislation (Article 32 of the GDPR (32 § Data Protection Act (523/1999)) and other measures necessary in order for Processor to comply with the security requirements set out in the Agreement or that are otherwise required by Controller with reference to the DPA); Processor undertakes to inform Controller of the technical and organisational measures, which it will implement in order to protect the personal data processed on behalf of Controller. If Processor makes changes that could affect the protection of personal data, Controller shall be informed of this well in advance before such changes are implemented. In the event of data breach or any potential violation of information security, Processor shall notify Controller without delay after becoming aware of the infringement of information security of personal data or any other violation of Data Protection Legislation, this DPA or the instructions of Controller. As a part of the notification, Processor must inform Controller without delay and in writing all the necessary information about the disturbance and the related measures, especially:
6. Engaging sub-processors
7. Damages and compensation
8. Order of validity of contract documents
This DPA is irremovable part of the Agreement. If the terms of the Agreement and terms of this DPA are divergent or otherwise in contradiction, this DPA shall prevail.
When the Agreement expires or terminates, Processor shall, based on Controller’s instructions, delete or return to Controller without any additional cost, in a manner acceptable to Controller, all personal data, and delete existing copies unless storage of personal data is required pursuant to European Union law or the Member State’s national law. Processor undertakes to actively seek instructions from Controller without delay.