Menu

Home
About UsContact
Get a Demo
Legal Document

Data Processing Addendum

Last updated: November 1, 2024

1

Definitions

This Data Processing Addendum ("DPA") forms part of the Master Services Agreement between Ice Web Solutions ("Processor") and you ("Controller") and governs the processing of Personal Data.

2

Scope and Applicability

This DPA applies to the processing of Personal Data by Ice Web Solutions on behalf of Controller in connection with the services provided.

  • Types of Personal Data: As specified in your service agreement
  • Categories of Data Subjects: End users, employees, customers
  • Purpose of Processing: Service delivery, support, and improvements
3

Processor Obligations

  • Process Personal Data only on documented instructions from Controller
  • Ensure confidentiality of personnel authorized to process Personal Data
  • Implement appropriate technical and organizational security measures
  • Assist Controller in responding to Data Subject requests
  • Notify Controller of any Personal Data breaches without undue delay
4

Sub-Processors

Processor may engage sub-processors to perform specific processing activities. A list of current sub-processors is available upon request. Controller will be notified of any changes to sub-processors.

5

Data Subject Rights

Processor will assist Controller in fulfilling Data Subject rights requests including access, rectification, erasure, restriction, portability, and objection to processing.

6

Security Measures

Technical and organizational security measures include:

  • Encryption of Personal Data at rest and in transit (TLS 1.3, AES-256)
  • Access controls and multi-factor authentication
  • Regular security audits and penetration testing
  • Incident response and breach notification procedures
  • Secure data deletion upon request
7

International Transfers

Personal Data may be transferred to and processed in countries outside the EEA. Such transfers are protected by Standard Contractual Clauses approved by the European Commission.

8

Audits

Controller may audit Processor's compliance with this DPA once per year upon reasonable notice. Processor maintains enterprise security certifications available for review.

9

Data Retention and Deletion

Upon termination of services, Processor will delete or return all Personal Data within 30 days, unless retention is required by law.

Questions About This DPA?

For questions about this Data Processing Addendum, contact our Data Protection Officer at privacy@icewebsolutions.com