Legal

Data Processing Agreement

Last updated: January 2025

Need a signed copy?

Contact our legal team to receive a countersigned DPA for your records.

1. Definitions

"Personal Data," "Processing," "Data Controller," "Data Processor," and "Data Subject" have the meanings given in the GDPR. "Customer Data" means any Personal Data that Daarvian processes on behalf of the Customer.

2. Scope and Roles

This DPA applies to the Processing of Customer Data by Daarvian as a Data Processor on behalf of the Customer (Data Controller) in connection with the Services.

3. Data Processing

Daarvian will:

  • Process Customer Data only on documented instructions from the Customer
  • Ensure persons authorized to process data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Assist the Customer with data subject requests
  • Delete or return Customer Data at the end of the service

4. Security Measures

Daarvian implements security measures including:

  • Encryption of data at rest (AES-256) and in transit (TLS 1.3)
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Incident response and breach notification procedures
  • Employee security training and background checks

5. Sub-processors

Daarvian may engage sub-processors to process Customer Data. A current list of sub-processors is available upon request. Daarvian will notify Customer of any intended changes to sub-processors, providing Customer the opportunity to object.

6. International Transfers

Customer Data may be transferred outside the EEA. Such transfers will be subject to appropriate safeguards including Standard Contractual Clauses approved by the European Commission.

7. Data Subject Rights

Daarvian will assist Customer in responding to requests from Data Subjects exercising their rights under applicable data protection laws, including rights of access, rectification, erasure, and portability.

8. Breach Notification

Daarvian will notify Customer without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data breach affecting Customer Data.

9. Audits

Daarvian will make available to Customer information necessary to demonstrate compliance with this DPA. Customer may conduct audits, subject to reasonable notice and confidentiality obligations.

10. Contact

For questions about this DPA or to request a countersigned copy, contact dpa@daarvian.com.