Data Processing Agreement
This Data Processing Agreement ("DPA") sets out the terms that apply to the processing of personal data by Nexbyt Technology on behalf of the Customer.
This Data Processing Agreement ("DPA") forms part of the Master Services Agreement or Terms of Service ("Principal Agreement") between Nexbyt Technology ("Processor") and the Customer ("Controller") (collectively, the "Parties").
This DPA reflects the parties' agreement with respect to the terms governing the processing and security of Customer Data under the Principal Agreement.
1. Definitions
2. Processing Details
2.1 Nature and Purpose of Processing
Nexbyt Technology will process Personal Data as necessary to perform the Services pursuant to the Principal Agreement, and as further instructed by Customer in its use of the Services.
2.2 Duration of Processing
Processing will continue until the termination of the Principal Agreement in accordance with its terms, unless otherwise agreed in writing.
2.3 Categories of Data Subjects
- Customer's employees, contractors, and agents
- Customer's end users and customers
- Other individuals whose Personal Data is provided to Nexbyt Technology
2.4 Types of Personal Data
| Category | Examples |
|---|---|
| Identification Data | Name, email address, user ID, IP address |
| Professional Data | Job title, company, department |
| Technical Data | Device information, log data, usage data |
| Content Data | Information stored or processed through Services |
3. Obligations of the Parties
3.1 Customer Obligations
Customer shall, in its use of the Services:
- Comply with its obligations as a Controller under Data Protection Laws
- Provide necessary notices to Data Subjects and obtain required consents
- Ensure the lawfulness of the processing instructions given to Nexbyt Technology
- Maintain an up-to-date record of processing activities
3.2 Nexbyt Technology Obligations
Nexbyt Technology shall:
- Process Personal Data only in accordance with documented instructions from Customer
- Ensure persons authorized to process Personal Data have committed to confidentiality
- Implement appropriate technical and organizational measures to ensure security
- Assist Customer in responding to Data Subject requests
- Notify Customer without undue delay of any data breach
- Provide necessary information to demonstrate compliance with this DPA
4. Security Measures
4.1 Technical and Organizational Measures
Nexbyt Technology shall implement and maintain appropriate technical and organizational measures designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
| Security Area | Measures Implemented |
|---|---|
| Access Control | Multi-factor authentication, role-based access, least privilege principle |
| Encryption | Transport Layer Security (TLS 1.3), AES-256 encryption at rest |
| Network Security | Firewalls, DDoS protection, intrusion detection systems |
| Physical Security | 24/7 monitoring, biometric access, environmental controls |
| Incident Response | Formal incident response plan, regular testing and updates |
5. Sub-processing
5.1 Authorized Sub-processors
Customer provides general authorization for Nexbyt Technology to engage Sub-processors. A current list of Sub-processors is maintained at https://nexbyt.com/subprocessors.
5.2 Sub-processor Obligations
Nexbyt Technology shall enter into a written agreement with each Sub-processor imposing data protection obligations no less protective than those in this DPA.
5.3 Objection to Sub-processors
Customer may reasonably object to new Sub-processors by notifying Nexbyt Technology in writing within 10 days of notification.
6. Data Subject Rights
6.1 Assistance with Requests
Nexbyt Technology shall, to the extent legally permitted, promptly notify Customer if it receives a request from a Data Subject to exercise their rights under Data Protection Laws.
6.2 Cooperation
Taking into account the nature of processing, Nexbyt Technology shall assist Customer by appropriate technical and organizational measures, insofar as possible, to fulfill Customer's obligation to respond to Data Subject requests.
7. Personal Data Breach
7.1 Notification Requirements
Upon becoming aware of a Personal Data breach, Nexbyt Technology shall notify Customer without undue delay and shall provide timely information relating to the breach as it becomes known or reasonably requested by Customer.
7.2 Breach Response
Nexbyt Technology shall take reasonable steps to contain, investigate, and mitigate any breach and assist Customer in meeting its breach notification obligations.
8. International Data Transfers
8.1 Transfer Mechanisms
Where Personal Data is transferred outside the European Economic Area, Nexbyt Technology shall implement appropriate safeguards as required by Data Protection Laws, including Standard Contractual Clauses where applicable.
8.2 Data Residency
Customer may specify the geographic region for data storage through the Services configuration. Default regions are provided based on Customer's location.
9. Duration and Termination
9.1 Term
This DPA shall remain in effect as long as Nexbyt Technology processes Personal Data on behalf of Customer under the Principal Agreement.
9.2 Return or Deletion of Data
Upon termination of the Services, Nexbyt Technology shall, at Customer's choice, delete or return all Customer Data, including existing copies, unless required to retain data by applicable law.
Important Notice
This document is provided for informational purposes. Customers should review this DPA with their legal counsel to ensure it meets their specific requirements. For questions or to execute this DPA, please contact our legal department.
Ready to Execute This Agreement?
Contact our team for customized agreements.