Data Processing Agreement (DPA)
The document regulates the processing of personal data between ArentDA and a partner in scenarios where the service acts as a data processor.
1. Roles of the parties
Under the DPA, the partner can act as a Controller, and ArentDA can act as a Processor in terms of technical processing of data uploaded by the partner to the service.
For certain transactions, the parties may act as independent controllers, if this follows from the nature of the processing.
2. Subject and duration of processing
Subject of processing: storage, systematization, transfer and other operations with data necessary to provide the functionality of the platform.
The processing period corresponds to the duration of the contractual relationship and/or the periods required by law.
3. Categories of subjects and data
- Data subjects: partner's clients, partner's representatives, potential customers, other users within the service.
- Data categories: contact details, booking details, technical and communication metadata.
4. Controller's instructions
ArentDA processes data only on documented instructions from the partner, unless otherwise required by applicable law.
5. Processing safety
ArentDA applies technical and organizational security measures: access control, logging, segmentation, redundancy, encryption of communication channels and other relevant measures.
6. Subprocessors
ArentDA has the right to engage subprocessors to provide infrastructure and technical services, subject to contractual data protection obligations.
Upon request of the partner, up-to-date information on significant categories of subprocessors is provided.
7. Security incidents
In the event of a confirmed security incident, ArentDA notifies the partner without undue delay and provides accessible information for risk assessment and compliance with subject/regulator notification obligations.
8. Assistance to the controller
ArentDA provides reasonable assistance to the partner in responding to data subject requests, impact assessments, audits and incident investigations.
9. Return and deletion of data
Upon termination of the relationship, ArentDA, at the partner's option, deletes or returns personal data, unless otherwise required by applicable law or retention obligations.
10. Audit
The Partner has the right to request reasonable evidence of compliance with the obligations under the DPA. Full-length audits are agreed upon in advance, taking into account the security and privacy requirements of other users.