Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between DAVNS INDUSTRIES ("Processor") and users of our Services ("Controller") regarding the processing of personal data.

1. Definitions

For the purposes of this DPA, the terms "Controller", "Processor", "Data Subject", "Personal Data", "Processing", "Personal Data Breach" shall have the same meaning as in the applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Processing of Personal Data

2.1 The Processor shall process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by law; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless the law prohibits such information on important grounds of public interest.

2.2 The Processor shall ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

2.3 The Processor shall take all measures required pursuant to Article 32 of the GDPR (Security of Processing).

2.4 The Processor shall respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another processor.

2.5 The Processor shall, taking into account the nature of the processing, assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller's obligation to respond to requests for exercising the Data Subject's rights.

2.6 The Processor shall assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the Processor.

2.7 At the choice of the Controller, the Processor shall delete or return all the Personal Data to the Controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data.

2.8 The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

3. Sub-processors

3.1 The Controller hereby provides general authorization for the Processor to engage sub-processors for the processing of Personal Data.

3.2 The Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Controller the opportunity to object to such changes.

3.3 Where the Processor engages a sub-processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in this DPA shall be imposed on that sub-processor by way of a contract, providing sufficient guarantees to implement appropriate technical and organizational measures.

4. Data Transfers

4.1 The Processor shall not transfer Personal Data to a third country or an international organization unless such transfer is based on a legal ground under applicable data protection laws. Where required, the Processor shall implement appropriate safeguards, such as Standard Contractual Clauses, to ensure the protection of Personal Data.

4.2 The Processor shall inform the Controller of any legally binding request for disclosure of the Personal Data by a law enforcement authority unless otherwise prohibited.

5. Personal Data Breach

5.1 The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data Breach.

5.2 The notification shall at least describe the nature of the Personal Data Breach, the categories and approximate number of Data Subjects concerned, the categories and approximate number of Personal Data records concerned, the likely consequences of the Personal Data Breach, and the measures taken or proposed to be taken to address the Personal Data Breach.

6. Term and Termination

6.1 This DPA shall remain in effect for as long as the Processor processes Personal Data on behalf of the Controller.

6.2 Upon termination of the processing services, the Processor shall, at the choice of the Controller, delete or return all the Personal Data to the Controller, and delete existing copies unless applicable law requires storage of the Personal Data.

7. Governing Law

7.1 This DPA shall be governed by the laws specified in the Terms of Service between the parties.

Contact Us

If you have any questions about this Data Processing Agreement, please contact us at: legal@davns.com