Data Processing Agreement (DPA)
GDPR Article 28 Compliance Document
Дата вступления в силу: August 29, 2025
Parties to this Agreement
Controller
Entity: Proofdel.com
Email: info@proofdel.com
Адрес: [Company Address]
Processor
Entity: [Partner Company Name]
Email: [Partner Email]
Адрес: [Partner Address]
1. Subject Matter
This Data Processing Agreement governs the processing of personal data in accordance with Article 28 of the General Data Protection Regulation (GDPR).
2. Purpose of Processing
Processor shall process personal data solely for the purposes of providing hosting, logistics, analytics, or other specified services as described in the Main Agreement.
3. Data Categories
Personal Data Types:
- Name, email, phone number
- Company name, code, VAT number
- CMR and related shipment documents
- Cargo operation records
4. Obligations of the Processor
Process personal data only under documented instructions from the Controller
Implement appropriate technical and organizational security measures
Ensure confidentiality by authorized personnel
Assist the Controller in complying with data subject rights
Delete or return all personal data at the end of the engagement
Maintain appropriate records of processing activities
5. Sub-processors
Approved Sub-processors:
| Provider | Service | Location |
|---|---|---|
| AWS | Hosting | EU (Литва) |
| Google Cloud | Analytics | EU |
11. Права аудита
The Controller has the right to audit the Processor's data processing activities once per year with 30 days notice. The Processor will cooperate fully with any such audits.
12. Уведомление о утечке данных
The Processor shall notify the Controller without undue delay and no later than 48 hours after becoming aware of a personal data breach.
6. Передача данных
Any data transfer outside the EEA shall be governed by Standard Contractual Clauses or an equivalent safeguard approved by the European Commission.
7. Security Measures
Technical Safeguards
- Encryption in transit and at rest
- Access control systems
- Regular vulnerability scanning
Organizational Measures
- Logging of access and actions
- Staff training and authorization
- Regular security audits
8. Liability
Each party shall be liable for damages caused by its own breach of this Agreement or applicable data protection law.
9. Term and Termination
This Agreement remains valid for the duration of the data processing relationship. Upon termination, all personal data must be returned or securely deleted unless otherwise required by law.
10. Agreement Execution
This agreement is executed electronically and becomes effective upon both parties' acceptance of the terms.
Controller Acceptance: August 29, 2025
Digital Signature: info@proofdel.com