Data Processing Addendum (Template)

This template supports enterprise legal review. It must be adapted by counsel before execution. It is not legal advice.

1. Parties and Scope

This DPA forms part of the commercial agreement between[Customer Legal Name]and[SkillGate Entity Name]for processing personal data in connection with the services.

2. Roles

Customer acts as Controller (or Business), and SkillGate acts as Processor (or Service Provider), unless otherwise stated in writing for specific workflows.

3. Processing Details (Annex I)

  • Categories of data subjects: end users, employees, contractors, admins.
  • Categories of personal data: account identifiers, support communications, billing metadata.
  • Purpose: service delivery, security operations, support, billing, legal compliance.
  • Duration: term of service plus defined retention periods.

4. Processor Obligations

  • Process personal data only on documented instructions.
  • Ensure confidentiality and role-based access controls.
  • Implement appropriate technical and organizational measures.
  • Assist with data subject rights requests where applicable.

5. Security Misuse Monitoring

Processor may process security telemetry required to detect and prevent unauthorized access, exploit attempts, safeguard circumvention, and abuse of the services, as part of legitimate security operations and legal compliance.

6. Subprocessors

Processor may engage subprocessors listed in[Subprocessor Schedule]. Material changes require prior notice per agreed notice period.

7. International Transfers

Where required, parties adopt Standard Contractual Clauses and supplementary measures for restricted transfers.

8. Security Incident Notification

Processor will notify Controller without undue delay after confirming a personal data breach affecting Customer data, including known scope, affected systems, and mitigation.

9. Audits and Evidence

Subject to confidentiality and security controls, Processor provides reasonable evidence of compliance and supports audits under mutually agreed scope and frequency limits.

10. Return or Deletion

On termination, Processor returns or deletes personal data per contract and legal retention requirements.