This is the Summary and Table of Content of our Data Processing Agreement.
- Agree: You may order our Consent Service Under the Cloud Service Agreement (“CSA”). We process Personal Data on your behalf under Signatu AS Data Processing Agreement ("DPA").
- Personal data: We process Consent Event Data on your behalf.
- Lawful processing: You are responsible for why and how we process Consent Event Data on your behalf.
- Data deletion You decide when we shall delete the Consent Event Data. We delete or return the Consent Event Data shortly after your term expiry.
- Data Security: We secure the Consent Event Data with appropriate technical or organisational measures.
- Confidentiality: We do not disclose the Consent Event Data to third parties.
- Audits: We allow you to audit us.
- Processing Records: We maintain a record of processing activities that we carry out on your behalf.
- Assistance: We assist you to respond to end users' request to exercise their Data Subject Rights with regard Consent Event Data.
- Data Breach: In case of a data breach we will notify you without undue delay, mitigate effects and minimise any damage.
- DPIA and Consultation: We will assist you with Data Protection Impact Assessment and Prior Consultation with Data Protection Authorities.
- Cloud host: We use AWS in Ireland to host our Consent Service.
- Limited liability: We have limited liability in relation to you and third parties.
- Friendly problem solving: If we ever end up in a dispute, we will try to solve issues in a friendly way.
- Disputes in Norway: Any dispute will be resolved in Norway only, and under Norwegian law only.
- Communication with you: To communicate with you, we will use your sign up Email Address.
- Communication with us: To communicate with us, you will use our Email Address: firstname.lastname@example.org
- English communication: Together, we and you communicate in English only.
1 Parties and Scope
2 Meaning of terms in DPA
3 Customer instructions and responsibilities with regard to Processing
3.1 Role of Customer
3.2 Role of Signatu
3.3 Scope of Permission
3.4 Customer’s acknowledgment
4 Lawful processing
4.1 Customer’s Warranties for Lawful Processing
4.2 Customer’s Responsibility for Lawful Processing
4.3 Customer’s Responsibility for Customer’s Instruction
4.4 Processing in conflict with DPA
5 Data Deletion or Return
5.1 Power to delete
5.2 Deletion during Term
5.3 Deletion in accordance with GDPR Art 17.1 and 19
5.4 Deletion on Term Expiry
5.5 Omitted Deletion Instruction
6 Data Security
6.1 Signatu’s Security Measures
6.2 Customer’s Security Responsibility
7.1 Signatu’s Confidentiality Obligation
7.2 Signatu’s redirection of Authorities to Customer
7.3 Signatu’s Notice to Customer
7.4 Customer’s Notice to Signatu
7.5 Customer’s Responsibility
8 Confidentiality obligations of Signatu personnel
9.1 Customer’s Audit Rights
9.4 Date, scope and duration
9.5 Confidential Information
9.6 Responsibility for Auditor’s Fees
9.7 Responsibility for Signatu’s costs
9.8 Supervisory Authority Audits
10 Processing Records
10.1 Processing Record Obligation
10.2 Customer Record Information Obligation
11 Assistance to Customer
11.1 Data Subject Rights
11.1.1 Customer’s Responsibility to Respond to Data Subject Requests
11.1.2 Signatu’s Assistance
11.2 Notification of a Personal Data Breach
11.2.1 Signatu’s Notification
11.2.2 Signatu’s Assistance
11.2.3 Customer’s Responsibility
11.3 Data Protection Impact Assessment and Prior Consultation
11.3.1 Signatu’s Assistance
12 Payment for Assistance
13.1 Customer Authorization to engage Sub-processors
13.2 Obligations for replacement or addition of Sub-processor
14 Liability, penalties and fines
14.1 Separate Responsibility for Damage
14.2 Customer’s Sole Responsibility
14.3.1 Liability Cap
14.3.2 Liability Cap Exclusions
16 Communication between Parties
16.1 Obligation to use Notification Email Address
16.2 Customer’s Responsibility
17 Entire DPA
18 Customer’s independent conclusion of Signatu GDPR compliance
19 Customer Warranties
20 Acceptance of DPA
21 Entry into force and duration of DPA
22 Dispute Resolution, Applicable Law and Jurisdiction
Annex 1 to Data Processing Agreement
Personal Data Processing
Annex 2 to Data Processing Agreement
Data Security Measures