Complira makes available all information necessary to demonstrate compliance with the obligations set out in this DPA. The Client has the right to carry out audits and inspections, subject to reasonable notice of 30 days.
Complira will inform the Client without undue delay, and in any case within 48 hours, of any data breach involving personal data. The notification will include the nature of the breach, the categories of data concerned, the likely consequences, and the measures taken.
Personal data is primarily processed within the European Economic Area (EEA). For processing by sub-processors outside the EEA, appropriate safeguards are put in place, such as the European Commission's Standard Contractual Clauses (SCCs).
"Personal data" has the meaning defined in Article 4(1) of the GDPR. "Processing" has the meaning defined in Article 4(2) of the GDPR. "Sub-processor" means a third party engaged by Complira for the processing of personal data.
This data processing agreement is governed by Belgian law. Disputes shall be submitted to the competent courts of Brussels, Belgium.
This data processing agreement ("DPA") is established in accordance with Article 28 of the General Data Protection Regulation (GDPR). This agreement is an integral part of the service contract between the data controller ("Client") and the data processor ("Complira SRL").
The liability of the parties under this DPA is subject to the limitations set out in the general terms and conditions of the service contract.
Complira undertakes to: - Process personal data only on the basis of the Client's documented instructions - Ensure confidentiality for all employees with access to personal data - Implement appropriate technical and organizational security measures - Assist the Client in fulfilling their GDPR obligations - Delete or return personal data at the end of the contract
Complira processes personal data exclusively on behalf of and for the account of the Client, for the duration of the service contract. Processing includes the storage, organization, and provision of compliance-related data through the Complira platform.
Complira uses the following sub-processors: - Stripe Inc. (United States) — payment processing - Amazon Web Services (EU region) — hosting and storage The Client is informed in advance of any change of sub-processor and has the right to object.