Data Processing Agreement

Last updated: [[DATE]]

1. Introduction

This Data Processing Agreement (“DPA”) forms part of the agreement between DEEPNS and the customer (“Customer”) governing the use of the DEEPNS service.

This DPA applies where DEEPNS processes personal data on behalf of the Customer in the course of providing the Service.

This DPA is intended to comply with the UK GDPR, EU GDPR, and other applicable data protection laws.

2. Definitions

Terms such as “personal data”, “processing”, “controller”, and “processor” shall have the meanings given to them in the UK GDPR and EU GDPR.

Service” means the DEEPNS analytics platform, including Essentials and Insights features.

3. Roles of the Parties

  • The Customer acts as the data controller with respect to personal data relating to its end users.
  • DEEPNS acts as the data processor and processes personal data only on documented instructions from the Customer.

4. Scope of Processing

4.1 Subject Matter

The processing of analytics and usage data for the purpose of providing traffic, conversion, and performance insights.

4.2 Duration

Processing continues for the duration of the Customer’s use of the Service, unless otherwise agreed.

4.3 Categories of Data Subjects

  • Website visitors
  • Application users
  • End users of the Customer’s digital services

4.4 Categories of Personal Data

Depending on the features enabled by the Customer (in particular the Insights tier), personal data may include:

  • Pseudonymous identifiers
  • Event and interaction data
  • Session and timestamp data
  • Technical data such as device or browser information

5. Customer Obligations

The Customer represents and warrants that it:

  • Has a valid lawful basis for processing personal data
  • Provides appropriate notices to end users
  • Obtains valid consent where required (notably for cookies or tracking)
  • Complies with all applicable data protection laws

6. DEEPNS Obligations

DEEPNS shall:

  • Process personal data only on documented instructions from the Customer
  • Ensure personnel are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Not use personal data for its own purposes

7. Security Measures

DEEPNS implements reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

8. Subprocessors

The Customer authorizes DEEPNS to engage subprocessors for the provision of the Service (e.g. hosting, infrastructure, monitoring).

DEEPNS shall ensure that subprocessors are subject to data protection obligations equivalent to those set out in this DPA.

9. International Data Transfers

Where personal data is transferred outside the UK or European Economic Area, DEEPNS shall ensure appropriate safeguards are in place, including standard contractual clauses where required.

10. Data Subject Requests

DEEPNS shall, to the extent legally permitted, assist the Customer in responding to requests from data subjects to exercise their rights under data protection law.

Requests received directly by DEEPNS shall be forwarded to the Customer without undue delay.

11. Personal Data Breach

DEEPNS shall notify the Customer without undue delay upon becoming aware of a personal data breach affecting Customer data.

DEEPNS shall provide reasonable assistance to enable the Customer to comply with its legal obligations.

12. Deletion or Return of Data

Upon termination of the Service, DEEPNS shall delete personal data in accordance with the Customer’s instructions, unless retention is required by law.

13. Audits

Upon reasonable written request, DEEPNS shall make available information necessary to demonstrate compliance with this DPA.

Audits shall be limited in scope and frequency and subject to confidentiality obligations.

14. Liability

Liability arising from this DPA shall be subject to the limitations of liability set out in the Terms of Service.

15. Governing Law

This DPA shall be governed by the laws of England and Wales, without prejudice to mandatory data protection laws.

16. Contact

For data protection inquiries, contact:

Email: privacy@deepns.com
Company: [Legal Entity Name]