This Data Processing Agreement (“DPA”) is entered into by and between Shaostoul.com, Project Universe (“Controller”), and the user of our services (“Processor”). This DPA is incorporated into and forms part of our Terms of Service and Privacy Policy.
1. Definitions
- Controller: The entity that determines the purposes and means of processing personal data.
- Processor: The entity that processes personal data on behalf of the Controller.
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation or set of operations performed on personal data, whether or not by automated means.
2. Scope and Purpose
The Processor agrees to process personal data on behalf of the Controller in accordance with the terms and conditions set forth in this DPA. The purpose of processing personal data is to provide the services described in our Terms of Service.
3. Processing Instructions
The Processor shall process personal data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by law.
4. Confidentiality
The Processor shall ensure that any person authorized to process personal data is subject to a duty of confidentiality and complies with this DPA.
5. Security Measures
The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to:
- Encryption: Encrypting personal data during transmission and storage.
- Access Controls: Implementing access controls to limit access to personal data to authorized personnel only.
- Regular Audits: Conducting regular security audits and assessments.
6. Sub-Processors
The Processor shall not engage another processor without prior specific or general written authorization from the Controller. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the opportunity to object.
7. Data Subject Rights
Taking into account the nature of the processing, the Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights.
8. Data Breach Notification
The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach. The notification shall include, at a minimum:
- Description: A description of the nature of the breach, including the categories and approximate number of data subjects and data records concerned.
- Consequences: The likely consequences of the breach.
- Measures: The measures taken or proposed to be taken to address the breach.
9. Data Deletion and Return
Upon termination of the services, the Processor shall, at the choice of the Controller, delete or return all personal data to the Controller and delete existing copies unless applicable law requires storage of the personal data.
10. Audits and Inspections
The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.
11. Governing Law and Jurisdiction
This DPA shall be governed by and construed in accordance with the laws of [Jurisdiction]. Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of [Jurisdiction].
12. Contact Information
For any questions or concerns about this DPA, please contact us at [contact@shaostoul.com].
By using our services, you agree to the terms and conditions set forth in this Data Processing Agreement. Thank you for your trust in Shaostoul.com and Project Universe.