Key points for customers

.1Instructions: You provide instructions for data processing. We follow them unless they violate laws.
.2Data Subject Rights: You're responsible for responding to data subject requests. We'll assist within our capabilities.
.3Security: We implement appropriate security measures to protect your data.
.4Subprocessors: We may use subprocessors. We'll notify you of changes and give you the right to object.
.5Data Transfers: We may transfer data outside the EU/EEA using appropriate safeguards.
.6Audits: You can audit our compliance once per year, at your expense.
.7Data Breach: We'll notify you of any confirmed data breaches within 72 hours.
.8Termination: Upon termination, we'll return or delete your data as you instruct.

Key points for Vaam

.1Compliance: We process data in compliance with your instructions and applicable laws.
.2Subprocessors: We're responsible for our subprocessors' compliance.
.3Security: We implement and maintain appropriate technical and organizational security measures.
.4Assistance: We'll assist with data subject requests, impact assessments, and audits within reason.
.5Confidentiality: Our staff are bound by confidentiality obligations.
.6Breach Notification: We'll promptly notify you of any confirmed data breaches.
.7Liability: Our liability is limited to the amount paid by you in the preceding 12 months.
.8Data Retention: We may retain data as required by law, even after termination.

Mutual Obligations:

.1Cooperation: Both parties agree to cooperate on data protection matters.
.2Compliance: Both parties commit to complying with applicable data protection laws.
.3Amendments: Changes to the DPA must be made in writing and agreed by both parties.
.4Confidentiality: Both parties agree to maintain the confidentiality of the agreement.

Full DPA