This Data Processing Agreement (“DPA”) is entered into by and between Netskrt and the Customer (collectively referred to as the “Parties”).

Definitions

• “Data Controller” The controller determines the purposes and means of the processing and is accountable for processing done by the processor. As a controller, you need to ensure that the processor has implemented appropriate technical and organizational measures to ensure GDPR compliant data processing.
• “Data Processor” The processor processes personal data on behalf of the controller and is responsible for creating and implementing processes that enable the data controller to gather data, store the data, and transfer it if necessary.
• “Personal Data” refers to any information relating to an identified or identifiable natural person.
• “Processing” refers to any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Sub-processors

• The Data Processor utilizes sub-processors to aid in delivering the services, as detailed in Exhibit A.

​Data Processing Obligations

• Compliance with Laws: The Data Processor commits to processing Personal Data in accordance with all applicable data protection laws (such as GDPR), regulations, and industry standards.
• Confidentiality: The Data Processor ensures that any individual authorized to process Personal Data is committed to confidentiality.
• Security Measures: The Data Processor implements and maintains adequate technical and organizational measures to safeguard the Personal Data from unauthorized access, loss, disclosure, alteration, or destruction.
• Sub-processing: The Data Processor will maintain an up-to-date list of all sub-processors engaged in processing Personal Data and ensure we obtain contractual commitments from them to protect your Personal Data. Our Sub-processors are regularly reviewed and audited via our Vendor Management and Risk Management processes to protect any processed personal data. Netskrt also continually monitors the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent or exceeding to the one guaranteed by the GDPR.
• Data Subject Rights: Netskrt will assist in responding to data subject requests, including requests to access, correct, delete, or limit the processing of Personal Data.
• Data Breach Notification: In the event of a personal data breach, the Netskrt will promptly inform the impacted party about the breach and provide all necessary information to the impacted party.

Data Controller Responsibilities

• Lawful Basis: The Data Controller ensures that it has a lawful basis for the processing of Personal Data and that the necessary permissions or authorizations have been obtained, where applicable.
• Instructions: The Data Controller will provide written instructions to the Data Processor regarding the processing of Personal Data. The Data Processor will not process the Personal Data for any other purpose than as directed by the Data Controller.
• Data Subject Rights: The Data Controller is responsible for addressing data subject requests related to the exercise of their rights under applicable data protection laws.

Data Transfer

• Data transfers to third countries or international organizations may only occur with the prior written consent and in compliance with applicable data protection laws.

​Term and Termination

This DPA will remain in effect for the duration of the data processing activities or until terminated in accordance with the terms set forth herein or in the Terms of Service.

Exhibit A: List of Sub-Processors

The following sub-processors are engaged by the Data Processor for the processing of Personal Data: