Data Processing Agreement (DPA)

Last Updated: [Insert Date]

This Data Processing Agreement ("DPA") forms part of the Terms of Service or other agreement for the provision of Services ("Agreement") between:

• NewNagaOffers, located at 1348 Eglinton Avenue, Toronto, Ontario M4P 1A6, Canada ("Data Processor" or "we", "us", "our"); and
• The Client using NewNagaOffers' services ("Data Controller" or "you", "your").

This DPA reflects the parties’ agreement with regard to the processing of Personal Data.

1. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Data Protection Laws" means all applicable laws relating to data protection and privacy, including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, as applicable.
• "Processing" means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• "Data Subject" means the identified or identifiable natural person to whom Personal Data relates.
• Other capitalized terms shall have the meanings set forth in the Agreement or applicable Data Protection Laws.

2. Processing of Personal Data

• Roles of the Parties: The parties acknowledge and agree that with regard to the Processing of Personal Data, the Client is the Data Controller and NewNagaOffers is the Data Processor.
• Subject Matter and Duration: The subject matter and duration of the Processing are set out in the Agreement and this DPA. Processing will continue until the termination of the Agreement.
• Purpose: The purpose of the Processing is the provision of the Services initiated by the Client from time to time, as detailed in the Agreement.
• Nature of the Processing: Collection, storage, retrieval, use, disclosure as necessary to provide the Services or as instructed by the Client.
• Type of Personal Data: Personal Data submitted to the Services by the Client, potentially including names, email addresses, contact information, financial information (if applicable), and other data provided by the Client or its users.
• Categories of Data Subjects: Data Subjects include the Client's employees, contractors, customers, prospects, or other individuals whose Personal Data is submitted to the Services by the Client.

3. Obligations of the Data Processor (NewNagaOffers)

NewNagaOffers agrees to:

• Process Personal Data only on documented instructions from the Client, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State or Canadian law to which NewNagaOffers is subject.
• Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
• Respect the conditions referred to in paragraphs 2 and 4 of GDPR Article 28 for engaging another processor (sub-processor). Where NewNagaOffers engages a sub-processor, it shall do so only with the Client’s prior specific or general written authorization. NewNagaOffers shall impose the same data protection obligations as set out in this DPA on any sub-processor.
• Assist the Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Client's obligation to respond to requests for exercising the Data Subject's rights laid down in Chapter III of the GDPR or other applicable Data Protection Laws.
• Assist the Client in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR or similar obligations under other Data Protection Laws, taking into account the nature of processing and the information available to NewNagaOffers.
• At the choice of the Client, delete or return all the Personal Data to the Client after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State or Canadian law requires storage of the Personal Data.
• Make available to the Client all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR or similar obligations under other Data Protection Laws and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client.

4. Obligations of the Data Controller (Client)

The Client agrees to:

• Comply with all applicable Data Protection Laws in its use of the Services and its own Processing of Personal Data.
• Ensure that it has obtained all necessary consents or has another valid legal basis for the Processing of Personal Data by NewNagaOffers pursuant to the Agreement and this DPA.
• Provide accurate and lawful instructions to NewNagaOffers regarding the Processing of Personal Data.
• Be responsible for the accuracy, quality, and legality of Personal Data and the means by which the Client acquired Personal Data.

5. Sub-processors

The Client provides general authorization for NewNagaOffers to engage sub-processors. NewNagaOffers shall maintain a list of sub-processors and shall inform the Client of any intended changes concerning the addition or replacement of other processors, thereby giving the Client the opportunity to object to such changes.

6. Data Transfers

Personal Data may be transferred and processed outside of the Client's jurisdiction. NewNagaOffers will ensure that such transfers are made in compliance with applicable Data Protection Laws, typically through mechanisms like Standard Contractual Clauses (SCCs) where required, or adequacy decisions.

7. Governing Law

This DPA shall be governed by the law specified in the Agreement, or if not specified, by the laws of the Province of Ontario, Canada.

8. Contact Information

For any questions regarding this DPA, please contact:

NewNagaOffers
1348 Eglinton Avenue, Toronto, Ontario M4P 1A6, Canada
Email: [email protected]
Phone: +1 416-414-2140