ELA Data Processing Agreement (DPA)

This DPA supplements the Agreement when ELA processes personal data as a Processor on behalf of Customer.

Roles and Scope

• Customer is the Controller; ELA is the Processor. Processing shall be limited to the purposes of providing the Service.

Processor Obligations

• Process Personal Data only per Customer’s documented instructions.
• Ensure personnel are bound by confidentiality obligations.
• Maintain appropriate technical and organizational security measures.

Sub processors

• ELA may engage sub processors and will ensure they are contractually bound by obligations no less protective than this DPA. Customer may request a current subprocess or list.

International Transfers

• Where transfers are made outside of adequate jurisdictions, ELA shall implement appropriate transfer mechanisms (e.g., SCCs).

Assistance

• ELA will assist Customer in responding to data subject requests and fulfilling compliance obligations under GDPR, LGPD, and other laws.

Breach Notification

• ELA will notify Customer without undue delay of any confirmed Personal Data Breach.

Return or Deletion

• Upon termination of the Agreement, ELA will delete or return Personal Data within [30] days, unless law requires retention.

Audit Rights

• Customer may audit compliance once annually with reasonable prior notice. Audits must not disrupt normal operations and may be satisfied by independent third-party certifications.