Data Processing Agreement

Last updated: January 1, 2024

1. Definitions

“Data Controller” means the entity that determines the purposes and means of processing personal data. “Data Processor” means Burbuxa, which processes personal data on behalf of the Data Controller.

2. Processing of Personal Data

The Processor shall process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization.

3. Security of Processing

The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

4. Subprocessing

The Processor shall not engage another processor without prior specific or general written authorization of the Controller.

5. Data Subject Rights

The Processor shall assist the Controller by appropriate technical and organizational measures for the fulfillment of the Controller's obligation to respond to requests for exercising data subject rights.

6. Personal Data Breach

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach.

7. Deletion and Return of Personal Data

The Processor shall, at the choice of the Controller, delete or return all Personal Data after the end of the provision of services.

8. Audit and Inspection

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Agreement.

9. Contact Information

For questions about this Data Processing Agreement, contact us at dpa@burbuxa.com.