Data Processing Agreement
Created on 30 August, 2024 • 31 views • 2 minutes read
Data Processing Agreement
This Data Processing Agreement ("DPA") is part of the Terms of Service between CrownLytics ("Data Processor") and the customer ("Data Controller") who uses CrownLytics’ services ("Services"). This DPA reflects the parties’ agreement with respect to the processing of Personal Data in accordance with the requirements of applicable data protection laws, including the General Data Protection Regulation ("GDPR").
1. Definitions
For the purposes of this DPA:
- "Personal Data" means any information relating to an identified or identifiable natural person that is processed by CrownLytics as part of the Services.
- "Processing" means any operation or set of operations which is performed on Personal Data, including collection, storage, use, transfer, or deletion.
- "Data Controller" means the entity that determines the purposes and means of processing Personal Data.
- "Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.
2. Roles and Responsibilities
The Data Controller determines the purposes and means of the processing of Personal Data. The Data Processor processes Personal Data only on documented instructions from the Data Controller, unless required to do so by law.
3. Processing of Personal Data
CrownLytics will process Personal Data only for the following purposes:
- To provide the Services in accordance with the Terms of Service.
- To comply with other reasonable instructions provided by the Data Controller that are consistent with the Terms of Service.
4. Data Security
CrownLytics will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing Personal Data. These measures include, but are not limited to, encryption, access controls, and regular security assessments.
5. Sub-processors
The Data Controller authorizes CrownLytics to use sub-processors to process Personal Data. CrownLytics will ensure that sub-processors provide sufficient guarantees to implement appropriate technical and organizational measures that meet the requirements of this DPA.
6. Data Subject Rights
CrownLytics will assist the Data Controller, where possible, in responding to requests from data subjects to exercise their rights under applicable data protection laws, including rights of access, correction, and deletion.
7. Data Breach Notification
CrownLytics will notify the Data Controller without undue delay upon becoming aware of a Personal Data breach. The notification will include, where possible, information about the nature of the breach, the categories and approximate number of data subjects affected, and the measures taken to address the breach.
8. Data Retention and Deletion
Upon termination of the Services, CrownLytics will, at the choice of the Data Controller, delete or return all Personal Data in its possession, unless further retention of the data is required by law.
9. Audits and Inspections
The Data Controller has the right to audit CrownLytics' compliance with this DPA. CrownLytics will provide the Data Controller with all necessary information to demonstrate compliance and allow for audits, including inspections, conducted by the Data Controller or an auditor mandated by the Data Controller.
10. Liability
The liability of each party under this DPA shall be subject to the exclusions and limitations of liability set out in the Terms of Service. Nothing in this DPA limits liability for any breach of obligations under this DPA.
11. Governing Law
This DPA shall be governed by and construed in accordance with the laws of the Commonwealth of Virginia, USA, without regard to its conflict of law provisions.
12. Contact Us
If you have any questions about this DPA, please contact us:
- By email: contact@crownthrive.com
- By visiting this page on our website: https://crownlytics.com
- By mail: P.O. Box 201, Gretna, VA 24557, Pittsylvania County, USA