Menu

Customer Data Processing Agreement

Customer Data Processing Agreement

Last updated: September 28, 2024

BETWEEN:

Elara Aerospace
Lothstraße 21
80335 Munich (Germany)
team@elara-aerospace.com
(“Data Controller”)

AND

3rd-party providers (such as Google, Hubspot, Meta & OpenStreetMap)
(“Data Processor”)

1. Introduction

1.1 This Data Processing Agreement (“DPA”) outlines the obligations and rights related to the processing of Personal Data by the Data Processor on behalf of the Data Controller in accordance with applicable data protection laws.

1.2 This DPA is an appendix to the main service agreement between the parties (“the Agreement”). In case of any conflict between this DPA and the Agreement, this DPA shall prevail.

2. Purpose and Scope

2.1 The Data Processor shall process Personal Data solely for the purpose of fulfilling its obligations under the Agreement and in compliance with the instructions provided by the Data Controller.

2.2 The Data Controller remains the sole owner of all Personal Data and retains control over its processing.

3. Definitions

3.1 Personal Data: Any information relating to an identified or identifiable natural person.

3.2 Processing: Any operation or set of operations performed on Personal Data, including collection, storage, use, and deletion.

3.3 Data Subject: An individual whose Personal Data is processed under this DPA.

4. Obligations of the Data Processor

4.1 The Data Processor agrees to:

4.2 The Data Processor shall assist the Data Controller in ensuring compliance with its obligations under applicable data protection laws, including responding to requests from Data Subjects.

5. Rights and Responsibilities of the Data Controller

5.1 The Data Controller is responsible for ensuring that it has a lawful basis for processing Personal Data and that it provides clear instructions to the Data Processor regarding such processing.

5.2 The Data Controller must inform the Data Processor promptly if it becomes aware of any breach of Personal Data or if it receives a request from a Data Subject regarding their rights.

6. Subprocessing

6.1 The Data Processor may engage subprocessors to assist in processing Personal Data, provided that:

7. Termination and Deletion of Personal Data

7.1 Upon termination of this DPA, the Data Processor shall delete or return all Personal Data to the Data Controller, unless otherwise required by law.

8. Governing Law

8.1 This DPA shall be governed by and construed in accordance with EU-GDPR regulations.

Loading website...