index
Get Free shipping when cart hits $99.00 Shop now

 


Data Processing Agreement — iamskin.com
This Data Processing Agreement (“Agreement”) is part of the Contract for Services (“Principal Agreement”) between:
iamskin.com
[iamskin Trading
(the “Company”), and
[Data Processor’s Name]
[Data Processor’s Details]
(the “Data Processor”).
(together, the “Parties”)
WHEREAS:
(A) The Company, iamskin.com, acts as a Data Controller, as defined under applicable data protection laws.
(B) The Company wishes to subcontract certain services, which involve the processing of personal data, to the Data Processor.
(C) The Parties intend to establish a data processing agreement that complies with the current legal framework regarding data processing, specifically the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation - “GDPR”).
(D) The Parties wish to clearly outline their respective rights and obligations with respect to the processing of personal data.
NOW, IT IS AGREED AS FOLLOWS:
1. Definitions and Interpretation
1.1 “Agreement” means this Data Processing Agreement and all its schedules.
1.2 “Company Personal Data” means any personal data processed by the Data Processor on behalf of the Company as per the terms of the Principal Agreement.
1.3 “Data Processor” means the party contracted to process personal data on behalf of the Company.
1.4 “Data Protection Laws” means the GDPR, and any relevant privacy laws or regulations in force in the European Economic Area (EEA) or any other jurisdiction applicable to the processing of personal data.
1.5 “EEA” refers to the European Economic Area.
1.6 “GDPR” refers to the General Data Protection Regulation (EU) 2016/679.
1.7 “Subprocessor” means any third party appointed by the Data Processor to process Company Personal Data on its behalf.
2. Processing of Company Personal Data
2.1 The Data Processor shall:
2.1.1 Comply with all applicable Data Protection Laws in its processing of Company Personal Data.
2.1.2 Only process Company Personal Data in accordance with the documented instructions provided by the Company.
2.2 The Company hereby instructs the Data Processor to process Company Personal Data solely for the purpose of providing services outlined in the Principal Agreement.
3. Processor Personnel
3.1 The Data Processor shall ensure that all employees, agents, and subcontractors who have access to Company Personal Data are reliable and subject to confidentiality obligations.
4. Security Measures
4.1 The Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing Company Personal Data, including, where appropriate, measures referred to in Article 32 of the GDPR.
4.2 The Data Processor shall evaluate risks to the rights and freedoms of data subjects and adopt adequate security measures to mitigate those risks, especially in the event of a personal data breach.
5. Subprocessing
5.1 The Data Processor shall not engage any Subprocessor without the prior written consent of the Company. If the Data Processor does engage a Subprocessor, the Data Processor shall ensure that the Subprocessor is bound by the same data protection obligations.
6. Data Subject Rights
6.1 The Data Processor shall assist the Company, taking into account the nature of the processing, in fulfilling its obligations to respond to requests to exercise rights under Data Protection Laws (e.g., access, rectification, deletion).
6.2 The Data Processor shall promptly notify the Company if it receives a request from a data subject under any Data Protection Law in respect of Company Personal Data.
7. Personal Data Breach
7.1 The Data Processor shall notify the Company without undue delay upon becoming aware of any personal data breach affecting Company Personal Data, providing the Company with sufficient information to allow the Company to comply with its obligations to report or inform data subjects.
7.2 The Data Processor shall cooperate with the Company and take reasonable steps to assist in the investigation, mitigation, and remediation of the breach.
8. Data Protection Impact Assessment (DPIA) and Consultation
8.1 The Data Processor shall assist the Company in conducting any necessary Data Protection Impact Assessments (DPIAs) and cooperating with any consultations with supervisory authorities, as required by the GDPR or other applicable Data Protection Laws.
9. Deletion or Return of Personal Data
9.1 Upon termination or expiration of the Principal Agreement, the Data Processor shall promptly delete or return all Company Personal Data, as requested by the Company, in accordance with Article 28 of the GDPR.
10. Audit Rights
10.1 The Company has the right to audit the Data Processor’s compliance with this Agreement and the applicable Data Protection Laws.
10.2 The Data Processor shall make available to the Company all necessary information and provide reasonable access for audits.
11. Data Transfer
11.1 The Data Processor may not transfer Company Personal Data to any third party outside the European Economic Area (EEA) without the prior written consent of the Company.
11.2 If the Data Processor transfers personal data to a country outside the EEA, the Parties will ensure that the transfer complies with Data Protection Laws, including the use of EU-approved standard contractual clauses, as necessary.
12. Confidentiality
12.1 Both Parties agree to maintain the confidentiality of the information exchanged in connection with this Agreement. Neither Party shall disclose Confidential Information to any third party without the other Party’s written consent, unless required by law.
13. Notices
13.1 All notices and communications under this Agreement shall be in writing and delivered to the contact details provided by each Party.
14. Governing Law and Jurisdiction
14.1 This Agreement shall be governed by the laws of [Insert Jurisdiction].
14.2 Any disputes arising from or related to this Agreement shall be resolved in the courts of [Insert Jurisdiction], subject to the possibility of appeal.
IN WITNESS WHEREOF, the Parties have executed this Agreement as of the date set below:
For iamskin.com iamskin Trading
Signature: _______________________
Name: __________________________
Date: ___________________________
For [Data Processor]:
Signature: _______________________
Name: __________________________
Date: ___________________________

 

Verified