This Third-Party Data Processing Agreement (DPA) is made between Collars Inc. Ltd ("Data Controller" or "Collars") and the third-party service provider ("Data Processor"), collectively referred to as the "Parties."
This DPA governs the terms under which the Data Processor will process personal data on behalf of Collars. It is intended to comply with applicable data protection laws, including GDPR, CCPA, and LGPD.
1. Definitions
- "Personal Data": Any information relating to an identified or identifiable individual.
- "Processing": Any operation or set of operations performed on Personal Data, including but not limited to collection, storage, use, disclosure, and deletion.
- "Data Controller": The entity that determines the purposes and means of processing Personal Data (Collars).
- "Data Processor": The entity that processes Personal Data on behalf of the Data Controller (the third-party vendor).
- "Sub-Processor": Any third party that processes Personal Data on behalf of the Data Processor, under the authorization of the Data Controller.
- "Data Subject": The identified or identifiable individual to whom the Personal Data relates.
2. Data Processing Scope
2.1 Subject Matter:
The Data Processor will process Personal Data on behalf of the Data Controller to provide the services outlined in the main service agreement between the Parties. These services include [specify the type of services provided by the Data Processor, e.g., marketing services, cloud storage, analytics, payment processing].
The Data Processor will process Personal Data on behalf of the Data Controller to provide the services outlined in the main service agreement between the Parties. These services include [specify the type of services provided by the Data Processor, e.g., marketing services, cloud storage, analytics, payment processing].
2.2 Types of Personal Data:
The Data Processor will process the following categories of Personal Data provided by the Data Controller:
The Data Processor will process the following categories of Personal Data provided by the Data Controller:
- Contact Information (e.g., name, email, phone number)
- Transactional Data (e.g., purchase details, billing information)
- Behavioral Data (e.g., browsing activity, analytics data)
- Other data as necessary for providing the services.
2.3 Purpose of Processing:
The Personal Data will be processed for the following purposes:
The Personal Data will be processed for the following purposes:
- To provide services to Collars (as outlined in the service agreement).
- To improve services and analyze user behavior.
- To communicate with Data Subjects on behalf of Collars, as necessary for the service.
3. Obligations of the Data Processor
3.1 Processing Only on Instructions:
The Data Processor shall only process Personal Data on the documented instructions of the Data Controller, unless required to do so by applicable law. The Data Processor will notify the Data Controller if any instruction is deemed to violate applicable data protection laws.
The Data Processor shall only process Personal Data on the documented instructions of the Data Controller, unless required to do so by applicable law. The Data Processor will notify the Data Controller if any instruction is deemed to violate applicable data protection laws.
3.2 Data Security:
The Data Processor will implement appropriate technical and organizational measures to ensure the security and confidentiality of Personal Data. These measures should be in line with industry standards and applicable legal requirements, including encryption, access control, and regular security audits.
The Data Processor will implement appropriate technical and organizational measures to ensure the security and confidentiality of Personal Data. These measures should be in line with industry standards and applicable legal requirements, including encryption, access control, and regular security audits.
3.3 Confidentiality:
The Data Processor shall ensure that any personnel or subcontractors who have access to Personal Data are subject to confidentiality obligations. The Data Processor shall not disclose or transfer Personal Data to any unauthorized party.
The Data Processor shall ensure that any personnel or subcontractors who have access to Personal Data are subject to confidentiality obligations. The Data Processor shall not disclose or transfer Personal Data to any unauthorized party.
3.4 Sub-Processors:
The Data Processor may engage sub-processors to assist in processing Personal Data, provided that:
The Data Processor may engage sub-processors to assist in processing Personal Data, provided that:
- The Data Processor notifies the Data Controller of any new sub-processors it intends to use.
- The Data Processor enters into a written agreement with each sub-processor ensuring that they comply with the terms of this DPA, including the same data protection obligations as set forth in this agreement.
- The Data Controller has the right to object to the use of a sub-processor if reasonable concerns arise regarding the sub-processor's ability to meet the terms of this agreement.
3.5 Data Breach Notification:
In the event of a data breach that compromises Personal Data, the Data Processor will notify the Data Controller without undue delay, and in any event, no later than 72 hours after becoming aware of the breach. The Data Processor will assist the Data Controller in investigating and managing the breach, including notification to affected Data Subjects if required.
In the event of a data breach that compromises Personal Data, the Data Processor will notify the Data Controller without undue delay, and in any event, no later than 72 hours after becoming aware of the breach. The Data Processor will assist the Data Controller in investigating and managing the breach, including notification to affected Data Subjects if required.
3.6 Data Subject Requests:
The Data Processor will assist the Data Controller in fulfilling Data Subject requests for access, correction, deletion, and other rights under applicable data protection laws. The Data Processor will promptly inform the Data Controller of any requests received directly from Data Subjects.
The Data Processor will assist the Data Controller in fulfilling Data Subject requests for access, correction, deletion, and other rights under applicable data protection laws. The Data Processor will promptly inform the Data Controller of any requests received directly from Data Subjects.
3.7 Data Retention:
The Data Processor will retain Personal Data only for as long as necessary to provide the contracted services, after which the data will be deleted or returned to the Data Controller, as specified in the agreement.
The Data Processor will retain Personal Data only for as long as necessary to provide the contracted services, after which the data will be deleted or returned to the Data Controller, as specified in the agreement.
4. Obligations of the Data Controller
4.1 Lawful Processing:
The Data Controller shall ensure that all Personal Data provided to the Data Processor is collected and processed in accordance with applicable data protection laws and regulations. The Data Controller is responsible for obtaining the necessary consents or lawful basis for processing Personal Data where required.
The Data Controller shall ensure that all Personal Data provided to the Data Processor is collected and processed in accordance with applicable data protection laws and regulations. The Data Controller is responsible for obtaining the necessary consents or lawful basis for processing Personal Data where required.
4.2 Data Subject Rights:
The Data Controller is responsible for handling requests from Data Subjects regarding access, modification, or deletion of their Personal Data. The Data Controller will notify the Data Processor of any such requests so that the Data Processor can assist, as necessary.
The Data Controller is responsible for handling requests from Data Subjects regarding access, modification, or deletion of their Personal Data. The Data Controller will notify the Data Processor of any such requests so that the Data Processor can assist, as necessary.
5. Data Transfers
5.1 International Data Transfers:
If Personal Data is transferred outside the jurisdiction of the Data Controller (e.g., from the EU to the US), the Data Processor will ensure that such transfers are conducted in compliance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) or other approved mechanisms to safeguard the data.
If Personal Data is transferred outside the jurisdiction of the Data Controller (e.g., from the EU to the US), the Data Processor will ensure that such transfers are conducted in compliance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) or other approved mechanisms to safeguard the data.
6. Audits and Inspections
6.1 Right to Audit:
The Data Controller has the right to conduct audits or inspections of the Data Processor’s data processing activities to ensure compliance with this agreement and applicable data protection laws. The Data Processor agrees to cooperate with any audits and provide necessary records and documentation.
The Data Controller has the right to conduct audits or inspections of the Data Processor’s data processing activities to ensure compliance with this agreement and applicable data protection laws. The Data Processor agrees to cooperate with any audits and provide necessary records and documentation.
7. Liability and Indemnity
7.1 Data Processor Liability:
The Data Processor will be liable for any damages resulting from its breach of this DPA, including failure to comply with applicable data protection laws or failure to implement appropriate security measures.
The Data Processor will be liable for any damages resulting from its breach of this DPA, including failure to comply with applicable data protection laws or failure to implement appropriate security measures.
7.2 Indemnification:
The Data Processor agrees to indemnify and hold harmless the Data Controller from any claims, losses, or damages arising from the Data Processor’s breach of this agreement, including any failure to comply with data protection laws or security obligations.
The Data Processor agrees to indemnify and hold harmless the Data Controller from any claims, losses, or damages arising from the Data Processor’s breach of this agreement, including any failure to comply with data protection laws or security obligations.
8. Governing Law and Dispute Resolution
This DPA shall be governed by and construed in accordance with the laws of the United Kingdom. Any disputes arising under or in connection with this agreement will be resolved in the jurisdiction of the courts of the United Kingdom.
9. Contact Information
For any questions regarding this agreement or data processing practices, please contact:
Collars Data Officer
Email: dataofficer@joincollars.com
Email: dataofficer@joincollars.com
Acceptance:
By signing this agreement, the Data Processor agrees to the terms and conditions set forth in this Data Processing Agreement.
By signing this agreement, the Data Processor agrees to the terms and conditions set forth in this Data Processing Agreement.