Data Processing Agreement

This Data Processing Agreement (the "DPA") is incorporated into the agreement pursuant to which the Customer obtains the right to use the Services (the "Terms of Service") (collectively, the "Agreement").
Definitions
  • “Data Protection Law” means any and all data protection laws and regulations that apply to the Processing of Personal Data by Form Approvals under the Agreement.
  • “Data Subject” means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • “Personal Data” means any data that: (a) is deemed “personal data” or “personal information” (or other analogous variations of such terms) under Data Protection Law; and (b) that Customer submits using the Services for Form Approvals to Process on Customer’s behalf.
  • “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
  • “Process” or “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Services” means any of the following services provided by Form Approvals pursuant to the Agreement: (a) Form Approvals-branded product offerings made available via the Internet, (b) consulting or training services provided by Form Approvals either remotely via the Internet or in person, and (c) any support services provided by Form Approvals, including access to Form Approvals’ help desk.
  • “Standard Contractual Clauses” means the standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the transfer of personal data to processors established in third countries, the text of which is available at: https://eurlex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087.
Processing of Company Personal Data
The Company instructs Processor to process Company Personal Data.
The Processor will comply with applicable laws and process data only for the purpose of providing the service, including troubleshooting, and diagnosing errors.
Data Processing and Protection
This DPA applies when Form Approvals processes Customer’s data for which Form Approvals will act as “processor” or “service provider” (or other analogous variations of such terms) under Data Protection Law.
Limitations on Use. Form Approvals will process Personal Data only: (a) in a manner consistent with documented instructions from Customer, including (i) to provide the Services, (ii) as permitted under the Agreement, and (iii) consistent with other reasonable instructions of Customer; and (b) with prior notice (unless notice is legally prohibited), as required by applicable law. Without limiting the foregoing, Form Approvals will not collect, retain, use, or disclose the Personal Data for any purpose other than as necessary for the specific purpose of performing the Services, including not collecting, retaining, using, or disclosing the Personal Data for a commercial purpose other than providing the Services.
Confidentiality. Form Approvals will ensure that persons authorized by Form Approvals to Process any Personal Data are subject to appropriate confidentiality obligations.
Security. Form Approvals will protect Personal Data in accordance with requirements under Data Protection Law, including by implementing appropriate technical and organizational measures designed to protect Personal Data against Personal Data Breach per Form Approvals’ Security Overview.
Return or Disposal. At the choice of Customer, delete or return (or will enable Customer to delete or retrieve) all Personal Data after the end of the provision of Services (unless applicable law requires Form Approvals to store any Personal Data). To request the return or disposal of your data refer to our Privacy Policy.
Customer Obligations. Customer will not instruct Form Approvals to perform any Processing of Personal Data that violates any Data Protection Law. Form Approvals may suspend Processing based upon any Customer instructions that Form Approvals reasonably suspects violate Data Protection Law. Subject to the cooperation of Form Approvals as specified in this DPA, Customer will be solely responsible for safeguarding the rights of Data Subjects. Customer will promptly notify Form Approvals about any faults or irregularities in the Processing by Form Approvals discovered by Customer.
Subprocessors
Customer authorizes Form Approvals to use third-party subprocessors to Process Personal Data in connection with the provision of Services to Customer (“Subprocessor”). Customer may request a list of current Subprocessors at any time. If Customer objects to any Subprocessor, Form Approvals may terminate the Agreement immediately upon notice to Customer without liability.
Data transfers
Form Approvals stores data in the region selected by the user when they first use the Service. Subprocessors may store data in any region.
Miscellaneous
If there is a conflict the Terms of Service will prevail over this DPA. Except for the matters covered by this DPA, all terms of the Terms of Service, remain in effect. Capitalized terms not defined in this DPA have the same meaning as in the Terms of Service. Except as otherwise stated in the Terms of Service, this DPA and the Standard Contractual Clauses will automatically terminate upon the termination or expiration of the Terms of Service.
Types and categories of data
Other than in connection with configuration and subscription related data stored by the Service, Customer controls the types of Personal Data and categories of Data Subjects uploaded via the Services for Processing.