This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer") and us ("Processor") and governs the processing of personal data.
1. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person
- Data Subject: The individual to whom Personal Data relates
- Processing: Any operation performed on Personal Data
- Controller: The entity that determines the purposes and means of Processing
- Processor: The entity that processes Personal Data on behalf of the Controller
- Sub-processor: A third party engaged by the Processor to process Personal Data
2. Scope and Roles
This DPA applies when we process Personal Data on your behalf as a Processor. You act as the Controller and determine the purposes and means of processing. We process Personal Data only according to your documented instructions.
3. Types of Personal Data Processed
We may process the following categories of Personal Data:
- Contact information (name, email address, phone number)
- Account credentials
- Usage data and analytics
- IP addresses and device information
- Any Personal Data included in status page content you create
4. Processing Instructions
We will process Personal Data only on your documented instructions, unless required by law. The Terms of Service and this DPA constitute your initial instructions. You may provide additional instructions that we will follow if they are reasonable and consistent with the services.
5. Confidentiality
We ensure that persons authorized to process Personal Data have committed to confidentiality or are under an appropriate statutory obligation of confidentiality.
6. Security Measures
We implement appropriate technical and organizational measures including:
- Encryption of Personal Data in transit and at rest
- Access controls and authentication
- Regular security assessments and penetration testing
- Employee security training
- Incident response procedures
- Business continuity and disaster recovery plans
7. Sub-processors
You authorize us to engage Sub-processors to process Personal Data. We maintain a list of current Sub-processors and will notify you of any changes. You may object to a new Sub-processor within 14 days of notification.
8. Data Subject Rights
We will assist you in responding to requests from Data Subjects to exercise their rights under applicable data protection laws, including rights to access, rectification, erasure, and portability.
9. Data Breach Notification
We will notify you without undue delay after becoming aware of a Personal Data breach. We will provide information about the breach and assist with any required notifications to supervisory authorities or Data Subjects.
10. International Transfers
We may transfer Personal Data to countries outside the European Economic Area. Such transfers are protected by Standard Contractual Clauses or other appropriate safeguards approved by relevant supervisory authorities.
11. Audit Rights
Upon reasonable notice, we will make available information necessary to demonstrate compliance with this DPA. We may engage a qualified third-party auditor to conduct audits.
12. Deletion and Return
Upon termination of services, we will delete or return all Personal Data as you instruct, unless retention is required by law. You may request data export within 30 days of termination.
13. Standard Contractual Clauses
Where required for international transfers, the EU Standard Contractual Clauses are incorporated by reference and form an integral part of this DPA.