Data Processing Agreements | Canadian Mail Master

Data Processing Agreement
Effective Date: March 25th, 2024

This Data Processing Agreement ("DPA") is a supplemental document to the Service Agreement as per the Terms and Conditions of Canadian Mail Master (referred to as the "Main Agreement"). This DPA becomes effective upon its incorporation into the Main Agreement, which may be detailed within the Main Agreement itself or through a separate amendment. Once incorporated, this DPA constitutes an integral part of the Main Agreement.

The duration of this DPA mirrors that of the Main Agreement. Any terms not explicitly defined herein are to be interpreted as defined in the Main Agreement.

##WHEREAS
- Your organization serves as the Data Controller ("Controller").
- Your organization desires to subcontract certain Services, which involve the processing of personal data, to Canadian Mail Master, serving as a data processor under GDPR and as a service provider under CCPA.
- The Parties are committed to establishing a data processing agreement in compliance with current legal standards governing data processing.
- The Parties aim to explicitly define their respective rights and duties.

##Definitions and Scope
- "Processor" refers to Canadian Mail Master.
- "Controller Personal Data" encompasses any Personal Data processed by a Contracted Processor on behalf of the Controller pursuant to the Main Agreement.
- "Contracted Processor" indicates a Subprocessor.
- "Data Protection Laws" include all applicable laws and regulations relevant to personal data processing under this DPA, such as GDPR, CCPA, and others as defined.

##Data Processing
- The Processor agrees to process Controller Personal Data solely based on the Controller's documented instructions, for the purpose of providing the Services and associated support, in compliance with applicable Data Protection Laws.

##Personnel
- The Processor guarantees that any personnel accessing Controller Personal Data are bound by appropriate confidentiality obligations and are instructed to process the data solely for delivering the contracted Services.

##Security Measures
- The Processor commits to implementing suitable technical and organizational measures to protect Controller Personal Data against unauthorized or unlawful processing, considering the latest technological standards and the cost of implementation.

##Subprocessing
- The Processor will not engage any Subprocessor nor disclose any Controller Personal Data to a Subprocessor without the Controller's explicit authorization.

##Data Subject Rights
- The Processor will assist the Controller in fulfilling its obligations to respond to data subject rights requests under Data Protection Laws.

##Data Breach Notification
- In the event of a Personal Data Breach, the Processor shall promptly inform the Controller and assist in mitigating any potential impact.

##Impact Assessment and Consultation
- The Processor agrees to provide reasonable support to the Controller in conducting data protection impact assessments and consulting with supervisory authorities when required.

##Data Return and Deletion
- Upon termination of the Services, the Processor shall, at the Controller's choice, return or delete all Controller Personal Data, except where retention is legally mandated.

##International Data Transfers
- The Processor may transfer data to countries outside of the EU, ensuring an adequate level of data protection, preferably through mechanisms like EU Standard Contractual Clauses.

##Confidentiality
- Both parties agree to maintain the confidentiality of any information exchanged under this DPA, except as required by law or if the information is already publicly available.

##Notices
- All notifications under this DPA shall be made in writing, primarily via email, to addresses designated by each party.

CONTACT US

Terms and Conditions

Privacy Policy

GDPR

DPA