1. Introduction
This Data Processing Addendum ("DPA") forms part of the agreement between you ("Customer") and Admirate AS ("Processor") for the use of GetPlatform ("the Service").
This DPA applies where we process personal data on your behalf as a data processor under GDPR and other applicable data protection laws.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person
- Processing: Any operation performed on personal data
- Controller: The entity that determines the purposes and means of processing
- Processor: The entity that processes personal data on behalf of the controller
- Subprocessor: Any third party engaged by the processor to process personal data
3. Scope of Processing
The Processor shall:
- Process personal data only on documented instructions from the Customer
- Ensure that persons processing data are subject to confidentiality obligations
- Implement appropriate technical and organizational security measures
- Assist the Customer in responding to data subject requests
- Delete or return all personal data upon termination of services
4. Subprocessors
The Customer authorizes the Processor to engage subprocessors as listed in the Subprocessors List.
5. Security Measures
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Access controls and authentication
- Regular security assessments and penetration testing
- Incident response procedures
- Employee security training
6. Data Breach Notification
In the event of a personal data breach, the Processor shall notify the Customer without undue delay (and in any event within 72 hours) after becoming aware of the breach.
7. International Transfers
When personal data is transferred outside the EEA, the Processor ensures appropriate safeguards are in place, including Standard Contractual Clauses where required.
8. Contact
For questions about this DPA:
Admirate AS
Email: [email protected]