Data Processing Addendum (DPA)

  • Home
  • Data Processing Addendum (DPA)

Data Processing Addendum (DPA)

Effective Date: June 25, 2025
Incentrex, Inc.
103 Shady Nook Ln
St George, VT 05495

1. Purpose

This Data Processing Addendum (“DPA”) forms part of the agreement between [Your Company Name] (“Controller”) and the customer (“Processor”) regarding the processing of personal data under applicable data protection laws, including the Vermont Data Privacy Act (VDPA), General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA).

2. Roles and Responsibilities

[Your Company Name] acts as the Controller of personal data, and the customer acts as the Processor who processes data on behalf of the Controller.

3. Processing Details

  • Subject Matter: Personal data related to users/customers of the Service.
  • Duration: For the duration of the contractual relationship, unless otherwise agreed.
  • Purpose: To provide the agreed-upon services as described in the main agreement.
  • Categories of Data: Names, contact information, usage data, payment information, and any other data necessary to provide the service.
  • Data Subjects: End users, customers, employees, or contacts of the Controller.

4. Processor Obligations

  • Process personal data only on documented instructions from the Controller.
  • Implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
  • Ensure confidentiality of personnel with access to personal data.
  • Assist the Controller with data subject rights requests, such as access, correction, or deletion.
  • Notify the Controller without undue delay in case of a personal data breach.
  • Delete or return all personal data at the end of the agreement, unless retention is required by law.

5. Subprocessing

The Processor shall not engage sub-processors without prior written consent from the Controller. If consent is granted, the Processor ensures that sub-processors adhere to the same data protection obligations as outlined in this DPA.

6. International Data Transfers

Any transfer of personal data outside of the United States or other jurisdictions will be subject to appropriate safeguards, including Standard Contractual Clauses or other mechanisms permitted under applicable laws.

7. Data Subject Rights

The Processor shall promptly assist the Controller in responding to data subject requests concerning their personal data, including access, rectification, deletion, portability, restriction, or objection.

8. Audits and Inspections

The Controller has the right to conduct audits or inspections, including requesting documentation and performing on-site visits, to verify compliance with this DPA. The Processor agrees to cooperate fully with such audits.

9. Liability

Each party is liable for its own compliance with applicable data protection laws. The Processor’s liability is limited to damages caused by its breach of this DPA, subject to the terms of the main agreement.

10. Governing Law and Jurisdiction

This DPA is governed by the laws of the State of Vermont, United States. Disputes arising under this DPA will be resolved in state or federal courts located in Chittenden County, Vermont.

11. Contact Information

For any questions or concerns regarding data processing:

Incentrex, Inc.
Toll Free: (800) 123-4567
103 Shady Nook Ln
St George, VT 05495
Email: Email Us