Data Processing Agreement
Last updated: TODO — set when drafted text is pasted in.
1. Roles
TODO: paste drafted roles section — Customer as controller, OwnMoat as processor, scope of processing.
2. Nature and purpose of processing
TODO: paste drafted processing description — categories of data, categories of data subjects, retention.
3. Sub-processors
TODO: paste drafted sub-processor list. Should match the Privacy Policy Section 6 sub-processor list exactly. State the change-notification process (X days notice) and Customer's right to object.
4. Security measures
TODO: paste drafted security measures — encryption in transit and at rest, access control, audit logging, incident response, business continuity.
5. International data transfers
TODO: paste drafted transfers section — SCC references, transfer impact assessment posture, any UK / EU-specific commitments.
6. Data subject request assistance
TODO: paste drafted DSR assistance clauses — how OwnMoat helps Customer respond to access, deletion, portability, and rectification requests.
7. Breach notification
TODO: paste drafted breach notification clauses — timeline (typically within 72 hours), content of the notification, coordination with Customer.
8. Audit rights
TODO: paste drafted audit rights section.
9. Term and termination
TODO: paste drafted term / termination language.
10. Return and deletion
TODO: paste drafted return-and-delete-on-termination clauses — timeline, format, certification.
11. Contact
DPA questions: hello@ownmoat.com.