Last updated: —
[Placeholder] This Data Processing Agreement ("DPA") governs the processing of personal data carried out by LinkSilo (the "Processor") on behalf of the customer (the "Controller") in connection with the provision of the service.
[Placeholder] The DPA applies for the duration of the underlying service agreement and for any period during which the Processor continues to process personal data on the Controller's behalf.
[Placeholder] The Processor processes personal data only as necessary to provide and support the service, and in accordance with the Controller's documented instructions, including those set out in this DPA and the service agreement.
[Placeholder] The nature and purpose of the processing are described in Annex A. The Processor will not process personal data for any purpose other than as instructed, except where required by law.
[Placeholder] The categories of data subjects and the types of personal data processed under this DPA are described in Annex A.
[Placeholder] The Controller is responsible for ensuring that it is permitted to transfer the personal data to the Processor for processing in accordance with this DPA.
[Placeholder] As between the parties, the Controller determines the purposes and means of processing personal data, and the Processor processes that data on the Controller's behalf.
[Placeholder] Each party is responsible for complying with its respective obligations under applicable data-protection law. This section will describe the allocation of responsibilities in more detail once finalized.
[Placeholder] The Processor ensures that personnel authorized to process personal data are bound by appropriate obligations of confidentiality and are made aware of the confidential nature of the data.
[Placeholder] Access to personal data is limited to personnel who require it to perform their role in providing the service.
[Placeholder] The Processor implements appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
[Placeholder] These measures include, but are not limited to, encryption in transit and at rest where appropriate, role-restricted access controls, documented incident-response procedures, and periodic security review. They are described further in Annex B.
[Placeholder] The Controller authorizes the Processor to engage sub-processors to support the provision of the service. Sub-processors are engaged under written terms imposing data-protection obligations consistent with this DPA.
[Placeholder] The categories of sub-processors are described in Annex A and may be updated with reasonable advance notice, giving the Controller the opportunity to object on reasonable data-protection grounds.
[Placeholder] Taking into account the nature of the processing, the Processor assists the Controller by appropriate technical and organizational measures, insofar as possible, in responding to requests from data subjects to exercise their rights.
[Placeholder] Where the Processor receives a request directly from a data subject, it will, where permitted, direct the request to the Controller rather than responding to it itself.
[Placeholder] The Processor notifies the Controller without undue delay after becoming aware of a personal-data breach affecting personal data processed under this DPA.
[Placeholder] The notification will include the information reasonably available to the Processor to assist the Controller in meeting its own breach obligations under applicable law.
[Placeholder] The Processor provides reasonable assistance to the Controller with data protection impact assessments and any prior consultation with supervisory authorities, taking into account the nature of the processing and the information available to the Processor.
[Placeholder] Where processing under this DPA involves the transfer of personal data across borders, the parties rely on an appropriate transfer mechanism recognized under applicable data-protection law.
[Placeholder] The applicable transfer mechanisms and the regions involved will be described here when this DPA is finalized.
[Placeholder] The Processor makes available to the Controller information reasonably necessary to demonstrate compliance with this DPA, and allows for and contributes to audits conducted by the Controller or an auditor it mandates, subject to reasonable confidentiality and scheduling conditions.
[Placeholder] Audits are conducted in a manner that minimizes disruption to the Processor's operations and respects the confidentiality of other customers' data.
[Placeholder] On termination of the service, the Processor, at the Controller's choice, deletes or returns the personal data processed on the Controller's behalf, and deletes existing copies unless retention is required by law.
[Placeholder] This section will describe the timeframe and method for return or deletion once finalized.
[Placeholder] Liability arising under or in connection with this DPA is subject to the limitations and exclusions set out in the underlying service agreement, to the extent permitted by applicable law.
[Placeholder] Nothing in this DPA limits liability that cannot be limited under applicable data-protection law.
[Placeholder] This DPA takes effect alongside the underlying service agreement and terminates automatically when that agreement ends and the Processor has ceased all processing of personal data on the Controller's behalf.
[Placeholder] This DPA is governed by the same law and subject to the same jurisdiction as the underlying service agreement, except where mandatory data-protection law requires otherwise.
[Placeholder] The specific governing law and competent jurisdiction will be stated here when this DPA is finalized.
[Placeholder] This annex describes the processing carried out under this DPA. The entries below are placeholders to be completed during legal review.
Subject matter. [Placeholder] Provision of the LinkSilo service to the Controller.
Duration. [Placeholder] For the term of the service agreement and any wind-down period.
Nature and purpose. [Placeholder] Hosting, storage, processing, and display of content as required to operate the service.
Types of personal data. [Placeholder] Account identifiers and contact details, and content the Controller chooses to process through the service.
Categories of data subjects. [Placeholder] The Controller's account holders and the visitors who interact with published pages.
Sub-processor categories. [Placeholder] Hosting, payment processing, and transactional email providers.
Retention. [Placeholder] For the duration of the active account plus a limited grace period, subject to legal-retention requirements.
[Placeholder] This annex describes the measures the Processor maintains to protect personal data. The entries below are placeholders to be completed during legal review.
Encryption. [Placeholder] Encryption of data in transit and at rest where appropriate, including client-side encryption for designated content.
Access control. [Placeholder] Role-restricted access on a need-to-know basis, with authentication controls for personnel.
Resilience. [Placeholder] Measures intended to maintain availability and to restore access to personal data following an incident.
Incident response. [Placeholder] Documented procedures for detecting, reporting, and responding to security incidents.
Vendor due diligence. [Placeholder] Assessment of sub-processors against data-protection and security expectations before engagement.
Review. [Placeholder] Periodic review and testing of the effectiveness of these measures.