BRAWT Company
DATA PROCESSING AGREEMENT (DPA)

Effective Date: 1 January 2024

 

This Data Processing Agreement (“Agreement”) is entered into by and between BRAWT Company (“we,” “us,” or “our”) and the customer (“you” or “your”) (each a “Party” and together the “Parties”).

 

1. Definitions

  • “Controller” means the entity that determines the purposes and means of the processing of Personal Data.
  • “Processor” means the entity that processes Personal Data on behalf of the Controller.
  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation or set of operations performed on Personal Data.
  • “Data Subject” means the individual to whom Personal Data relates.

2. Scope and Roles

  • Scope: This Agreement applies to the processing of Personal Data subject to the General Data Protection Regulation (GDPR).
  • Roles: You are the Controller and we are the Processor with respect to the Personal Data.

3. Processing of Personal Data

  • Purpose: We will process Personal Data only as necessary to provide our services to you, in accordance with your documented instructions, and as specified in this Agreement.
  • Instructions: You instruct us to process Personal Data in accordance with this Agreement, your orders, and any applicable terms in our agreements.
  • Compliance: Each Party will comply with the GDPR and other applicable data protection laws in relation to the processing of Personal Data.

4. Obligations of the Processor

  • Confidentiality: We will ensure that all personnel authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Security: We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
  • Sub-Processors: We will engage sub-processors only with your prior written consent. We will ensure that any sub-processor we engage will comply with the same data protection obligations as set out in this Agreement.
  • Assistance: We will assist you in ensuring compliance with your obligations under the GDPR, including assisting you with data subject requests, data protection impact assessments, and breach notifications.
  • Data Transfers: We will not transfer Personal Data outside the European Economic Area (EEA) without ensuring that appropriate safeguards are in place.
  • Deletion or Return of Data: Upon termination of the Agreement, we will, at your choice, delete or return all Personal Data to you, and delete existing copies unless EU or Member State law requires storage of the Personal Data.

5. Obligations of the Controller

  • Lawful Basis: You will ensure that you have a lawful basis for processing Personal Data and that you have obtained all necessary consents and provided all necessary notices to Data Subjects for the processing of their Personal Data by us.
  • Instructions: You will ensure that your instructions to us regarding the processing of Personal Data comply with applicable data protection laws.
  • Data Subject Rights: You will be responsible for responding to data subject requests under GDPR. We will assist you with these requests as necessary.

6. Data Subject Rights

  • Requests: We will promptly notify you if we receive a request from a Data Subject to exercise their rights under GDPR, including access, rectification, erasure, restriction, data portability, and objection.
  • Assistance: We will assist you in responding to data subject requests, to the extent that it is possible for us to do so.

7. Security Incidents

  • Notification: We will notify you without undue delay after becoming aware of a personal data breach.
  • Cooperation: We will cooperate with you to mitigate the effects of the breach and to provide all necessary information for you to comply with your legal obligations.

8. Audits

  • Right to Audit: You have the right to audit our compliance with this Agreement, upon giving reasonable notice and during regular business hours.
  • Cooperation: We will provide you with all necessary information to demonstrate compliance with this Agreement and will cooperate with audits requested by you.

9. Liability

  • Liability Cap: Each Party’s liability arising out of or related to this Agreement, whether in contract, tort, or under any other theory of liability, is subject to the limitations and exclusions of liability set out in the main agreement between the Parties.
  • Indemnity: You will indemnify us against any claims, losses, or damages arising from our processing of Personal Data under your instructions.

10. Duration and Termination

  • Duration: This Agreement will remain in effect for as long as we process Personal Data on behalf of you.
  • Termination: Either Party may terminate this Agreement with immediate effect upon written notice if the other Party is in material breach of this Agreement.

12. General Provisions

  • Governing Law: This Agreement is governed by the laws of Australia.
  • Amendments: Any amendments to this Agreement must be in writing and signed by both Parties.
  • Severability: If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect.
  • Entire Agreement: This Agreement constitutes the entire agreement between the Parties with respect to the processing of Personal Data and supersedes all prior agreements and understandings.

12. Contact Information

For any questions or concerns regarding this Agreement, please contact us using the form below.

Contact Us

If you have any questions or concerns about our policies, please don’t hesitate to reach out. Fill out the form, and we will respond within 24 hours (excluding weekends).