Templates
>
DPA (Data Processing Agreement)

DPA (Data Processing Agreement)

Template
Conditional logic
e-Signatures
Smart fields
Data tables

Core variables in this template

Agreement
Controller
Processor
Annex A
GDPR
Personal Data

Document preview

Data Processing Agreement

Definitions

In this Data Processing Agreement, the capitalized terms have the meanings assigned to them in this article. Where a definition in this article is provided in the singular, it also includes the plural and vice versa, unless expressly stated otherwise or evident from the context. If a capitalized term is not included in this article, the meaning assigned to that term in Article 4 GDPR applies.

1.1 GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.2 Annex: an annex to this Data Processing Agreement, which forms an integral part of this Data Processing Agreement.

1.3 Service: the service(s) to be provided by the Processor to the Controller under the Agreement.

1.4 DPIA: the data protection impact assessment conducted prior to the Processing regarding the impact of the intended processing activities on the protection of Personal Data, as referred to in Article 35 GDPR.

1.5 Employee: the employees and other persons engaged by the Processor, not being Sub-processors, whose activities fall under its responsibility and who are engaged by the Processor for the execution of the Agreement.

1.6 Agreement: the agreement concluded between the Controller and the Processor, under which the Processor processes Personal Data on behalf of the Controller for the execution of this agreement.

1.7 Written/In Writing: set down in writing or by electronic means, as referred to in Article 6:227a of the Dutch Civil Code.

1.8 Sub-processor: another processor, including but not limited to group companies, sister companies, subsidiaries, and auxiliary suppliers, engaged by the Processor to support the execution of the Agreement.

1.9 Data Processing Agreement: this agreement, including Annexes, as referred to in Article 28(3) GDPR.

Article 2 – Subject Matter of the Data Processing Agreement

2.1 The Data Processing Agreement supplements the Agreement and replaces any previously made agreements between the Parties regarding the Processing of Personal Data. In case of conflict between the provisions of the Data Processing Agreement and the Agreement, the provisions of the Data Processing Agreement shall prevail.

2.2 The provisions of the Data Processing Agreement apply to all Processing activities carried out in execution of the Agreement. The Processor shall promptly inform the Controller if the Processor has reason to believe that it can no longer comply with the Data Processing Agreement.

2.3 The Controller instructs and authorizes the Processor to process the Personal Data on behalf of the Controller.

2.3.1 The instructions of the Controller are further detailed in the Data Processing Agreement and the Agreement. The Controller may reasonably provide additional or deviating instructions in writing.

2.3.2 The Parties shall specify in Annex A which Processing activities the Processor carries out on behalf of the Controller. The Processor is only authorized to perform the Processing activities specified in Annex A.

2.3.3 Notwithstanding Articles 8 and 9, the Processor shall process the Personal Data solely on behalf of the Controller and based on the instructions of the Controller as referred to in Article 2.3.1. The Processor shall process the Personal Data only to the extent necessary for the execution of the Agreement, never for its own benefit, for the benefit of third parties, and/or for advertising purposes or other purposes, unless Union or Member State law applicable to the Processor requires the Processor to process. In that case, the Processor shall inform the Controller of that legal requirement prior to the Processing, unless that law prohibits such information on important grounds of public interest.

2.4 The Processor and the Controller shall comply with the GDPR and other applicable laws and regulations concerning the Processing of Personal Data. The Processor shall immediately inform the Controller if, in its opinion, an instruction of the Controller infringes the GDPR and/or other applicable laws and regulations concerning the Processing of Personal Data.

2.5 If the Processor determines the purpose and means of the Processing of Personal Data in violation of the Data Processing Agreement and/or the GDPR and/or other applicable laws and regulations concerning the Processing of Personal Data, the Processor shall be considered the Controller for those Processing activities.

<See the full template in the free Docfield trial>

Show more template
Disclaimer: This template does not constitute any form of legal advice, and the User is at all times encouraged to request external specific legal advice in respect of the execution of legal documents.

DPA (Data Processing Agreement)

Data protection regulations can be complex. Ensure you’re securely handling personal data.

Smart & compliant

Smart fields

Version controlled

E-sign ready

Use this template - free trial

Ready to save time with our templates?

Streamline your whole contract lifecycle from drafting to renewal with Docfield.
Start free trial
Heb je nog vragen?
Neem contact met ons op
use cases
Proposals
Contracts
Policy documents
EER
Document generation
sectors
Education
SMB & startups
Enterprises
Teams
Legal
Sales
Procurement
HR
IT
resources
Free trial
About us
Customers
Templates
Blog
Contact us
Product updates
FAQ
Glossary
API
Careers
Helpdesk
Singel 542
1017AZ Amsterdam
Netherlands
KVK: 74293087
Privacy policy
Terms & Conditions
Security
Status
© 2025 Docfield. Better documents in less time.