03300 554196 Login
Logo

GDPR Data Processing Agreement

1. Introduction

  1. This Data Processing Agreement ("DPA") is entered into by and between you, hereinafter referred to as the "Data Controller," and Acorn Media, hereinafter referred to as the "Data Processor."

2. Definitions

  1. "Personal Data" means any information relating to an identified or identifiable natural person.
  2. "Data Controller" means the entity that determines the purposes and means of the processing of Personal Data.
  3. "Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.
  4. "GDPR" means the General Data Protection Regulation (Regulation (EU) 2016/679).

3. Scope and Purpose

  1. The Data Processor agrees to process Personal Data on behalf of the Data Controller for the purposes and in the manner outlined in the Data Controller's instructions.
  2. The Data Processor will not process Personal Data for any purposes other than those specified in this DPA, unless required by applicable law.

4. Data Processing Details

  1. The Data Processor agrees to process Personal Data in accordance with the Data Controller's documented instructions, ensuring compliance with the principles of GDPR.
  2. The Data Processor shall implement and maintain appropriate technical and organizational measures to ensure the security of Personal Data.

5. Confidentiality

  1. The Data Processor shall ensure that persons authorized to process Personal Data on behalf of the Data Controller have committed themselves to confidentiality.

6. Data Subject Rights

  1. The Data Processor shall assist the Data Controller in responding to data subject requests, including requests for access, rectification, erasure, and data portability.

7. Sub-processing

  1. The Data Processor shall not subcontract the processing of Personal Data to a third party without the prior written consent of the Data Controller.

8. Security Measures

  1. The Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

9. Data Breach Notification

  1. The Data Processor shall notify the Data Controller without undue delay upon becoming aware of a Personal Data breach.

10. Data Protection Impact Assessment and Prior Consultation

  1. The Data Processor shall assist the Data Controller in carrying out data protection impact assessments and, where necessary, prior consultation with the supervisory authority.

11. Term and Termination

  1. This DPA shall remain in effect for the duration of the Data Processing activities and shall terminate upon completion of the agreed-upon services.

12. Governing Law

  1. This DPA is governed by and shall be construed in accordance with the laws of the United Kingdom.

13. Amendment

  1. Any amendments or modifications to this DPA must be in writing and mutually agreed upon by both parties