Data Processing Addendum

1. Introduction

This Data Processing Addendum ("DPA") forms part of the Agreement between [FedX]change ("Processor") and the Customer ("Controller") and reflects the parties' agreement with regard to the Processing of Personal Data.

2. Definitions

• "GDPR" means the General Data Protection Regulation (EU) 2016/679
• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on Personal Data
• "Data Subject" means the individual to whom Personal Data relates

3. Data Processing

3.1 Scope and Purpose

The Processor shall process Personal Data only on documented instructions from the Controller and in accordance with applicable data protection laws.

3.2 Duration

This DPA shall remain in effect for as long as the Processor processes Personal Data on behalf of the Controller under the Agreement.

4. Obligations of the Processor

• Process Personal Data only on documented instructions from the Controller
• Ensure that persons authorized to process Personal Data have committed themselves to confidentiality
• Implement appropriate technical and organizational measures to ensure security of processing
• Assist the Controller in responding to requests from Data Subjects
• Assist the Controller in ensuring compliance with security obligations

5. Sub-processing

The Processor shall not engage another processor without prior specific or general written authorization of the Controller.

6. Data Transfers

Any transfer of Personal Data to a third country or an international organization shall be done in accordance with Chapter V of the GDPR.

7. Audit Rights

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR.

Contact Information

For matters related to data processing:
Email: [email protected]
Address: [Your Business Address]