Refocusly - Logo Icon
Demo

Data Processing Agreement (DPA)
VERSION MARCH 2024

This Data Processing Agreement and its Annexes A, B, C, and D (“DPA”) is concluded between:

NO PARADE (Refocusly)
Marvin Eckert
Ankerberg 5
76344 Eggenstein-Leopoldshafen
– hereinafter referred to as “Processor” –

and

[Customer Name]
[Street, Number]
[Postal Code, City]
– hereinafter referred to as “Controller” –

Preamble:
This DPA regulates the data protection obligations of the parties in connection with the processing of personal data of the Controller by the Processor within the scope of using the Refocusly platform.

## 1. Definitions

a) GDPR refers to Regulation (EU) 2016/679 (General Data Protection Regulation).

b) CCPA refers to the California Civil Code Sec. 1798.100 et seq. as amended (California Consumer Privacy Act 2018).

c) Personal Data, Processing, Controller, Processor, and Data Subject have the meaning assigned to them in the GDPR.

d) Customer Data means all personal data that the Controller provides to the Processor for processing.

e) Data Protection Laws means all applicable laws protecting personal data, including GDPR, CCPA, and other national data protection laws.

## 2. Subject Matter of Processing

2.1 The Processor processes personal data on behalf of the Controller within the scope of using the Refocusly platform.

2.2 The nature and purpose of processing, types of personal data, and categories of data subjects are specified in Annex A.

## 3. Rights and Obligations of the Controller

3.1 The Controller is responsible for compliance with data protection regulations.

3.2 The Controller has the right to issue instructions regarding the nature, scope, and procedures of data processing.

3.3 The Controller ensures that all necessary consents and approvals for data processing are in place.

## 4. Obligations of the Processor

The Processor commits to:

4.1 Process personal data only on documented instructions from the Controller.

4.2 Implement the technical and organizational measures described in Annex B.

4.3 Assist the Controller in fulfilling data subject rights.

4.4 Delete or return all personal data after the end of processing, at the Controller’s choice.

4.5 Provide the Controller with all information necessary to demonstrate compliance with the GDPR.

## 5. Sub-processing

5.1 The Controller grants general authorization for the engagement of sub-processors.

5.2 The Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors.

5.3 The currently engaged sub-processors are:

a) HighLevel Inc.
– Address: 400 N. Saint Paul St. Suite 920, Dallas, Texas 75202, USA
– Purpose: Provision of technical platform infrastructure

b) Additional technical service providers:
– Google LLC/Google Cloud Services
– Amazon Web Services, Inc.

Details about these sub-processors are listed in Annex C.

## 6. International Data Transfers

6.1 For data transfers to third countries, the required guarantees according to Chapter V of the GDPR are ensured.

6.2 The EU Commission’s Standard Contractual Clauses for the transfer of personal data to third countries apply.

## 7. Data Breaches

7.1 The Processor shall inform the Controller without undue delay about personal data breaches.

7.2 The Processor shall assist the Controller in fulfilling its notification obligations to supervisory authorities.

## 8. Term and Termination

8.1 This DPA applies for the duration of the processing of personal data by the Processor.

8.2 Termination of the main contract for using the Refocusly platform automatically terminates this DPA.

## 9. Final Provisions

9.1 Changes and amendments to this DPA must be made in writing.

9.2 Should individual provisions of this DPA be invalid, the validity of the remaining provisions shall remain unaffected.

9.3 This agreement is governed by German law.

[Place, Date]

_______________________
Signature Controller

_______________________
Signature Processor

# Annex A – Details of Processing

1. Purpose of Processing:
– Marketing automation
– Customer communication
– CRM functions
– Email marketing
– Campaign management
– Customer analysis
– Automated onboarding processes

2. Types of Personal Data:
– Contact information (name, email, phone, address)
– Communication history
– Customer interaction data
– Marketing-related data
– Analytics data
– Tracking data
– Appointment scheduling data

3. Categories of Data Subjects:
– Controller’s customers
– Prospects
– Newsletter subscribers
– Website visitors
– Business partners

# Annex B – Technical and Organizational Measures

1. Encryption
– Encryption of data at rest (AES 256 CBC)
– TLS V1.2+ for data transmission
– SSL certificates for all connections

2. Access Control
– Two-factor authentication
– Role-based access rights
– Password policies
– Session timeout
– Logging of all access

3. Availability
– Automatic backups (5-minute intervals)
– Geo-redundant data storage
– 24/7 system monitoring
– Disaster recovery plan

4. Data Security
– Endpoint protection for APIs
– Regular security audits
– Incident response plan
– Automatic security updates

5. Data Separation
– Logical tenant separation
– Separate development and production environments
– Authorization concept

# Annex C – Sub-processors

1. HighLevel Inc.
– Address: 400 N. Saint Paul St. Suite 920, Dallas, Texas 75202, USA
– Service: Provision of technical platform infrastructure
– Data protection standard: EU Standard Contractual Clauses

2. Google LLC/Google Cloud Services
– Address: 1600 Amphitheatre Parkway, Mountain View, California 94043, USA
– Service: Cloud infrastructure
– Data protection standard: EU Standard Contractual Clauses

3. Amazon Web Services, Inc.
– Address: 410 Terry Avenue North, Seattle, WA 98109-5210, USA
– Service: Cloud infrastructure
– Data protection standard: EU Standard Contractual Clauses

# Annex D – International Data Transfers

1. Legal Bases:
– EU Standard Contractual Clauses (Decision 2021/914)
– UK International Data Transfer Addendum
– Swiss Standard Contractual Clauses

2. Additional Safeguards:
– Encryption of all data
– Access controls
– Regular audits
– Documented processes
– Incident response plan

3. Data Exporter:
– Name: NO PARADE (Refocusly)
– Role: Controller
– Contact: Ankerberg 5, 76344 Eggenstein-Leopoldshafen

4. Data Importers:
HighLevel Inc. Google LLC/Google Cloud Services Amazon Web Services, Inc.

We help you Refocus

Stay in the loop with our tips, tricks and deals. Join our newsletter.

Software

Company

Terms

Refocusly is an all-in-one software solution to save time for your business and optimize your marketing, customer, and employee management processes with the help of automation and AI.

  • Secure Payment

© NoParade.com | Refocusly.com 2024 All Rights Reserved.

Instagram Facebook Youtube