gogetmeit_logo-Colour-1
Menu
Book a Demo

Data Processing Agreement (DPA)

 

This DPA is incorporated into and forms an integral part of the main agreement for services between the Controller and the Processor (the “Main Agreement”).

1. Definitions

  • “Applicable Data Protection Law” means all laws and regulations applicable to the processing of Personal Data under the Main Agreement, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK Data Protection Act 2018.

  • “Personal Data” means any information relating to an identified or identifiable natural person.

  • “Processing”, “Data Subject”, “Personal Data Breach” shall have the meanings ascribed to them in the Applicable Data Protection Law.

2. Subject Matter, Duration, Nature, and Purpose of Processing

  • Subject Matter: The processing of Personal Data by the Processor on behalf of the Controller in connection with the services provided under the Main Agreement.

  • Duration: The term of the Main Agreement.

  • Nature and Purpose: [Describe the services provided by GGM360, e.g., “to provide digital marketing services, including analytics, advertising, and customer relationship management, as further specified in the Main Agreement.”]

  • Categories of Data Subjects: [e.g., “Customers, potential customers, and employees of the Controller.”]

  • Types of Personal Data: [e.g., “Contact details (name, email, phone number), professional information (job title, company), online identifiers (IP address, cookie data), and any other Personal Data provided by the Controller.”]

3. Obligations of the Processor

The Processor agrees to:

  • Process Personal Data only on documented instructions from the Controller.

  • Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.

  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

  • Assist the Controller in responding to Data Subject requests to exercise their rights.

  • Notify the Controller without undue delay after becoming aware of a Personal Data Breach.

  • Upon termination of the Main Agreement, at the Controller’s choice, delete or return all Personal Data.

  • Make available to the Controller all information necessary to demonstrate compliance with this DPA.

4. Sub-processors

The Processor shall not engage another processor (“Sub-processor”) without prior specific or general written authorization from the Controller. A list of current Sub-processors is attached as Annex A.

5. International Transfers

The Processor shall not transfer Personal Data to a country outside the European Economic Area (EEA) or the UK without ensuring appropriate safeguards are in place as required by Applicable Data Protection Law.

6. Governing Law and Jurisdiction

This DPA shall be governed by the laws of [England and Wales]. The Parties submit to the exclusive jurisdiction of the courts of [England and Wales] for any dispute arising out of this DPA.

DPA

For Businesses

Landlords
Contractors
Suppliers
Contractor Code of Conduct

Resources

Help Center
API
Careers

Company

About Us
Partners
Contact

By signing up you agree to our Terms and Conditions and Privacy Policy. To make a complaint, please refer to our Complaints Policy.
GGM360 is a LTD s registered company in England and Wales (Company No. 15831175)

sa
logo n 3
logo n 4
logo n 5

© 2025 GGM360. All rights reserved.