Free Data Processing Agreement Creator - Create Online



Data Processing Agreement template
Data Processing Agreement sample


What is Data Processing Agreement?

Data Processing Agreement A Data Processing Agreement governs the processing of personal data, specifying data protection obligations, processing purposes, and data transfer terms.



Sample template:



Data Processing Agreement

This Data Processing Agreement ("Agreement") is entered into as of [Effective Date], by and between Elite Analytics Inc ("Data Controller") and Secure Data Services LLC ("Data Processor") (collectively, the "Parties") and sets out the obligations and requirements of the Parties relating to the processing of Personal Data (as defined below) in accordance with the applicable United States data protection laws and regulations.



1. Definitions and Interpretation

1.1. Definitions


In this Agreement, unless the context otherwise requires, the following terms shall have the following meanings:


"Data Subject" means an identified or identifiable natural person whose Personal Data is processed under this Agreement;


"Personal Data" means any information relating to a Data Subject that is processed under this Agreement;


"Processing" means any operation or set of operations performed upon Personal Data, whether or not by automatic means, such as collecting, recording, organizing, storing, adapting, altering, retrieving, consulting, disclosing, disseminating, erasing, or destroying;


"Services" means the data processing services to be provided by Data Processor to Data Controller as specified in the Services Agreement;


"Services Agreement" means the agreement between the Parties setting out the scope, purpose, and duration of the data processing services to be provided by Data Processor to Data Controller under this Agreement;


"Applicable Law" means all applicable United States federal, state, and local laws, regulations, and rules relating to data protection and privacy, including, without limitation, the California Consumer Privacy Act of 2018, as amended from time to time.



2. Data Processing

2.1. Purpose of Processing


Data Processor shall process Personal Data on behalf of Data Controller only for the purpose of providing the Services, in accordance with the terms of the Services Agreement, and only in accordance with the instructions of Data Controller, unless otherwise required by Applicable Law.



2.2. Confidentiality


Data Processor shall ensure that its personnel engaged in the Processing of Personal Data under this Agreement are subject to appropriate obligations of confidentiality.



2.3. Security Measures


Data Processor shall implement appropriate technical and organizational security measures designed to protect Personal Data against unauthorized or unlawful Processing, accidental loss, destruction, or damage.



2.4. Subprocessing


Data Processor shall not engage any subprocessor for the Processing of Personal Data under this Agreement without the prior written consent of Data Controller. Any approved subprocessor shall be bound by written agreement imposing data protection obligations no less stringent than those set out in this Agreement.



3. Data Subjects' Rights

Data Processor shall, to the extent legally permissible, promptly notify Data Controller if it receives a request from a Data Subject to exercise any rights under Applicable Law and shall cooperate with Data Controller in fulfilling such request as required by Applicable Law.



4. Security Breaches

Data Processor shall notify Data Controller without undue delay upon becoming aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data. Data Processor shall cooperate with Data Controller in addressing and remedying such breach in accordance with Applicable Law.



5. Data Transfers

Data Processor shall not transfer Personal Data outside of the United States without the prior written consent of Data Controller, unless such transfer is required or authorized by Applicable Law.



6. Data Retention

Data Processor shall retain Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, as set out in the Services Agreement, or as required by Applicable Law. Upon termination or expiration of the Services Agreement, Data Processor shall, at the option of Data Controller, return or securely delete all Personal Data in its possession.



7. Audits

Data Processor shall, upon the reasonable request of Data Controller, make available all relevant information and records necessary for Data Controller to verify Data Processor's compliance with its obligations under this Agreement. Data Processor shall cooperate with Data Controller and any independent auditor appointed by Data Controller in connection with any audit conducted pursuant to this clause.



8. Liability

Each Party shall be liable for its own acts and omissions under this Agreement, and nothing in this Agreement relieves either Party from liability for its violation of any Applicable Law.



9. Termination

This Agreement shall terminate automatically upon the termination of the Services Agreement, unless otherwise agreed by the Parties in writing.



10. Governing Law

This Agreement and any disputes or claims arising out of or in connection with it shall be governed by and construed in accordance with the laws of the United States, without reference to its conflicts of law principles.



11. Miscellaneous

This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.


In the event of any inconsistency between this Agreement and the Services Agreement, the terms of this Agreement shall prevail to the extent necessary to resolve such inconsistency.


Nothing in this Agreement is intended, nor shall be interpreted or construed, to create or confer any rights or remedies, by implication or otherwise, on any person or entity other than the Parties to this Agreement.



IN WITNESS WHEREOF, the Parties hereto have executed this Data Processing Agreement as of the Effective Date.



Elite Analytics Inc


__________________________


[Authorized Signature]


[Name and Title]



Secure Data Services LLC


__________________________


[Authorized Signature]


[Name and Title]

Ready to Create your own Data Processing Agreement?

Create my first draft



Sections of a Data Processing Agreement


In this Data Processing Agreement, you will see the following sections:

  1. Definitions and Interpretation
  2. Data Processing
  3. Data Subjects' Rights
  4. Security Breaches
  5. Data Transfers
  6. Data Retention
  7. Audits
  8. Liability
  9. Termination
  10. Governing Law
  11. Miscellaneous


Summary of the sections:

  1. Definitions and Interpretation : This section explains the key terms used in the agreement, such as "Data Subject," "Personal Data," "Processing," "Services," "Services Agreement," and "Applicable Law." Think of this section as a glossary for the rest of the agreement.

  2. Data Processing : This section outlines the purpose, confidentiality, security measures, and subprocessors involved in processing personal data. It's like a set of rules for how the Data Processor will handle the Data Controller's data.

  3. Data Subjects' Rights : This section explains how the Data Processor will handle requests from Data Subjects (people whose data is being processed) to exercise their rights under data protection laws. It's like a customer service policy for handling data-related requests.

  4. Security Breaches : This section describes what the Data Processor must do if there's a security breach involving personal data. It's like an emergency plan for dealing with data leaks or hacks.

  5. Data Transfers : This section sets out the rules for transferring personal data outside of the United States. It's like a travel policy for data, ensuring it doesn't go somewhere it shouldn't without permission.

  6. Data Retention : This section explains how long the Data Processor can keep personal data and what they must do with it when the agreement ends. It's like a storage policy for data, making sure it doesn't stick around longer than necessary.

  7. Audits : This section outlines the Data Processor's obligations to provide information and cooperate with audits to verify their compliance with the agreement. It's like a check-up to make sure the Data Processor is following the rules.

  8. Liability : This section explains that each party is responsible for its own actions and violations of the law. It's like a reminder that both parties need to follow the rules and can't blame each other for their own mistakes.

  9. Termination : This section states that the agreement will end automatically when the Services Agreement between the parties ends. It's like a built-in expiration date for the agreement.

  10. Governing Law : This section specifies that the agreement is governed by United States law. It's like a rulebook for resolving any disputes or legal issues that might come up.

  11. Miscellaneous : This section covers various other topics, such as how the agreement can be signed, how to resolve inconsistencies between this agreement and the Services Agreement, and that the agreement only applies to the parties involved. It's like a catch-all for any loose ends not covered elsewhere in the agreement.

Ready to get started?

Create your Data Processing Agreement now