Customer Agreement Template (Privacy Elements)

This document describes the elements that must be included in a contract in terms of data protection so that the Cyberdise DPA becomes an integral part of the contract.

Checklist - Elements to Define in the Agreement related to Data Privacy and Security: 

1. Parties to the Agreement
   • Define Customer (Data Controller) and Cyberdise (Data Processor).
2. Scope of Services
   • The nature of the services provided by Cyberdise to the Customer.
   • Detail how these services involve the processing of Personal Data.
3. Processing Purpose and Instructions
   • Define the specific purposes for which the Data Processor (Cyberdise) will process Personal Data.
   • Include any permissible processing activities and restrictions.
4. Duration of Data Processing
   • Specify the duration of the agreement and the timeline for processing Personal Data.
5. Categories of Data Subjects
   • Outline the types of individuals whose Personal Data will be processed (e.g., employees, end users, customers).
6. Types of Personal Data
   • List the specific categories of data to be processed (e.g., name, email address, IP address, profile data).
7. Data Processing Purpose
   • Define the purpose for processing Personal Data under Data Protection Law.
8. Deviating Security Measures
   • Security measures deviating from the policies in place at the company.
   • Detail the obligations of the Data Processor to implement security measures appropriate to the data’s sensitivity and risks.
9. Data Transfers, if applicable
   • Specify any cross-border data transfer requirements, including:
   • Approved Jurisdictions.
   • Use of Standard Contractual Clauses or other safeguards.
10. Sub-Processor Usage, if applicable
    • Define the process for appointing and managing Sub-Processors.
    • Include requirements for prior notice, approval, and conditions for objections.
11. Data Breach Notification
    • Include a process for notifying the Data Controller in the event of a Personal Data Breach.
    • Define timelines and responsibilities for mitigation.
12. Audits and Compliance Assessments
    • Outline the Customer’s right to request audits or compliance assessments.
    • Define the procedures for these audits, including notice periods, scope, and costs.
13. Retention and Deletion of Data
    • Specify how long Personal Data will be retained and the process for returning or deleting data at the end of the Agreement.
14. Jurisdiction and Governing Law
    • Specify the governing law and jurisdiction that applies to the Agreement and the DPA.
15. Appendices
    • Define if any additional documents, are to be part of the agreement such as:
    • Data Processing Details (APPENDIX 1 - Data Importer) for the Data Importer.
    • Technical and Organizational Security Measures (APPENDIX 2 - TOS applicable by Importer) for the Importer.