Data Processing Agreement (DPA)

# Data Processing Agreement **Effective Date:** ___________ This Data Processing Agreement ("DPA") is entered into by and between: **Data Controller:** ___________ ("Controller") **Data Processor:** ___________ ("Processor") This DPA supplements and forms part of the underlying service agreement between the Parties (the "Principal Agreement") and governs the processing of Personal Data by the Processor on behalf of the Controller. ## 1. Definitions **"Personal Data"** means any information relating to an identified or identifiable natural person, as defined under applicable Data Protection Laws. **"Data Protection Laws"** means all applicable laws and regulations relating to data protection and privacy, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and any successor legislation. **"Processing"** means any operation performed on Personal Data, including collection, storage, use, transmission, and deletion. **"Data Subject"** means the individual to whom the Personal Data relates. **"Sub-processor"** means any third party engaged by the Processor to process Personal Data on behalf of the Controller. ## 2. Scope and Purpose **Categories of Data Subjects:** ___________ **Types of Personal Data:** ___________ **Purpose of Processing:** ___________ **Duration of Processing:** Processing shall continue for the duration of the Principal Agreement unless otherwise specified. ## 3. Processor Obligations The Processor shall: (a) process Personal Data only on documented instructions from the Controller, unless required by law;