Updated June 2022
This Data Processing Agreement (“DPA”) is an agreement between you and the entity you represent (Customer, “You or “Your”) and the phData Contracting Party (together, “phData”). This DPA also supplements any agreement between Customer and phData governing the Services when the GDPR applies to the Services to process Customer Data (the “Agreement”). Unless otherwise defined in this DPA or in the Agreement, all capitalized terms used in this DPA have the meanings given to them in Section 16 of this DPA.
2. phData’s Obligations
3. Provider’s Employees
5. Security Breaches and Customer Data Loss
6. Cross-Border Transfers of Customer Data
8. Complaints, Data Subject Requests, and Third Party Rights
9. Term and Termination
10. Data Return and Destruction
16. Definitions and Interpretation
“Data Subject” means an individual who is the subject of Customer Data.
“Customer Data” means the “personal data” (as defined in GDPR) that enters phData’s Network.
“GDPR”means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“phData Contracting Party Subject” means the applicable phData entity providing Services to Customer.
“phData Network” means phData’s host software systems that are within phData’s control and are used to provide the Services.
“Processing“ has the meaning given to it in the GDPR.
“Processor” has the meaning given to it in the GDPR.
“Privacy and Data Protection Requirements” means all applicable federal, state, and foreign laws and regulations relating to the processing, protection, or privacy of Customer Data, including where applicable, the guidance and codes of practice issued by regulatory bodies in any relevant jurisdiction.
“Security Breach” means a breach of phData’s Network leading to the accidental or unlawful destruction, loss, unauthorized disclosure of, or access to, Customer Data.
“Services” means the professional services or products provided by the phData Contracting Party to Customer.
“Standard Contractual Clauses (SCC)”means the European Commission’s standard contractual clauses for the transfer of personal data from the European Union to third countries (Module One, Two, Three, and Four), as set out in the Annex to Commission Decision (EU) 2021/914, a completed copy of which comprises Appendix A.
Standard Contractual Clauses
The Standard Contractual Clauses, available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en, as may be amended from time to time.
phData Security Standards
phData implements and maintains appropriate technical and organizational measures to protect against unlawful destruction, loss, alteration, disclosure of, or access to, Customer Data. These measures comply with the requirements set forth in ISO/IEC 27001, ISO/IEC 27701, and SOC 2 Type 2.
Controller consents to the use of the following sub-processors:
|Subprocessor||Address/County||Description of Services Provided by Subprocessors|
|Amazon Web Services, Inc||Worldwide||Infrastructure-as-a-Service|
|Atlassian Corporation Plc||Worldwide||Software-as-a-Service|
Data Coach is our premium analytics training program with one-on-one coaching from renowned experts.