Effective date: [Insert date]
Data Processing Addendum (Template)
Use when we are Processor and customer is Controller of end‑user personal data.
Scope & Roles
This DPA is part of the agreement between [Customer] (Controller) and E‑Porichoy (Processor) and applies to Personal Data handled on Controller's behalf.
Processor obligations
Process only on documented instructions; confidentiality; appropriate technical/organizational measures; assist with data subject requests/security; delete/return data at end; maintain records where required.
Sub‑processors
Authorized for hosting, analytics, email, payments, support; impose terms at least as protective; keep an up‑to‑date list on request; Controller may object on reasonable grounds.
International transfers
Use appropriate safeguards (e.g., EU/UK SCCs).
Security
Access controls, encryption in transit, backup/recovery, logging/monitoring, vulnerability management, employee training.
Breach notification
Notify without undue delay with sufficient detail for regulatory/user notices.
Audits
Provide relevant information and allow audits once per year with notice, subject to confidentiality/safety.
Duration
Effective for the agreement term until data is deleted/returned.
Privacy contact: info@eporichoy.com